Privacy & Security

The AI Project Manageris powered by GPT-4 API. Just like a real Project Manager, Spinach is most effective when you give us access to your meetings, messaging tools, and product management tools. However, we understand that these platforms house some of your most sensitive and confidential information. That's why our top priority is ensuring your data remains protected, never making its way into Large Language Models (LLMs) or into the hands of bad actors.

Spinach is a fast-growing early stage startup. As we grow, we are committed to full transparency regarding the usage of your information as we evolve.

SOC 2 compliance

Our data management practices have been independently audited by EY in compliance with the AICPA is proud to be SOC 2 Type 1 and Type 2 compliant. This means we have met the stringent criteria set forth by the American Institute of CPAs (AICPA) for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality, and privacy—which ensures we have the controls and procedures in place to securely manage and protect your data at all times. Our SOC 2 compliance, which is independently audited by EY, reaffirms our commitment to adhere to the highest standards of data security and provides you with peace of mind knowing your data is safe and secure with us.

SOC2 Badge

GDPR compliance

Our data management practices comply with EU GDPR regulations.

Our data management practices are in compliance with the General Data Protection Regulation (GDPR). is proud to be GDPR compliant. This means we have met the stringent criteria set forth by the European Union for managing customer data based on key principles—lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability—which ensures we have the controls and procedures in place to securely manage and protect your data at all times. Our GDPR compliance reaffirms our commitment to adhere to the highest standards of data security and provides you with peace of mind knowing your data is safe and secure with us.

Use of AI & GPT-4

Your information will not contribute to the training of Large Language Models (LLMs)

When using the GPT-4 API, it is important to know that the information you provide as input does not contribute to the training of Large Language Models (LLMs). Microsoft, the organization behind hosting OpenAI GPT-4 instance for us, has implemented strict data handling policies to ensure that user data remains private and secure.

While GPT-4 is trained on vast amounts of data from various sources, the GPT-4 API operates separately from the training process. In addition, we have implemented a zero data retention policy with Azure who provides us with GPT4 access. This means that once we process the data with the API, they immediately delete the information from their systems.

By keeping the API and training data separate, Microsoft and OpenAI aims to maintain user privacy and prevent sensitive or confidential information from inadvertently becoming part of the model's knowledge base. This commitment to data privacy and security ensures that you can use the GPT-4 API with confidence, knowing that your information will not be integrated into the LLM.

Security Practices

Product Security

Our product security practices include encrypted communication between Spinach and managed devices using TLS 1.2, and data encryption with AES 256 for stored and backed-up data. We also use standard communication encryption for MDM-capable computers via Apple Push Notification service. Our product integrates with various meeting tools, project management tools, messaging platforms, and knowledge bases. We offer OTP based multi-factor authentication for account protection and support SSO login mechanism for easy deployments with our Enterprise plan. Additionally, we provide SAML-based SSO to improve identity management and enhance user experience, access management, and auditability.

Find out more details here.

Data security

Our data security practices include access monitoring through automated tools and periodic reviews to ensure least privilege permissions. We enable backups of customer accounts and configurations for recovery in case of catastrophic failures, but do not use traditional backup media. Data erasure can be requested at any time by contacting us. We employ AES 256 encryption for data at rest and TLS 1.2 or higher for data in transit. Physical security is maintained at our data centers managed by Amazon Web Services, with measures such as biometric access controls, 24/7 armed guards, and video surveillance.

Find out more details here.

App security

Our security practices include rigorous code analysis involving static code analysis, code coverage checks, and both unit and integration testing before deployment. We ensure all users are adequately trained in secure development according to their roles. Our software development lifecycle follows an Agile methodology, incorporating cross-functional teams from various departments. Regular scans are conducted on our infrastructure for vulnerabilities, which are then triaged for remediation based on internal standards.

Find out more details here.

Data Privacy

Our data privacy practices include the use of cookies, for which we have a specific policy available at We ensure that customers are responsible for the data they enter into our system via our web application and integrations. In case of any data breaches, we provide notifications. We have a formally appointed Data Protection Officer (DPO) to handle privacy-related concerns, who can be reached at Additionally, all our employees undergo Security & Privacy Awareness training annually, covering topics like device security, physical security, phishing, insider threats, privacy, and GDPR.

Find out more details here.

Access Security

Our access security practices include granting data access to employees based on the principle of least privilege. We utilize multiple tools for logging events in our infrastructure to monitor important security incidents. Furthermore, we enforce strong password security and require employees to use multi-factor authentication for their accounts whenever possible.

Find out more details here.

Infrastructure Security

Spinach utilizes Amazon Web Services (AWS) for its cloud infrastructure, ensuring a secure and stable environment with regular patching. We have a robust disaster recovery plan in place to maintain service continuity during major outages. Our infrastructure security is based on a role-based access control model, with specific access granted depending on functional roles. This includes advanced firewall protection and well-defined network segmentation within isolated virtual private cloud environments. Additionally, we maintain a separate staging environment for testing, distinct from our production environment.

Find out more details here.

Endpoint Security

Our endpoint security practices include full-disk encryption on all company-provided laptops, protection through an anti-malware solution for endpoint detection and response, and threat detection. We also use SimpleMDM for inventory management on all workstations, which enforces full-disk encryption, screen lock, and other security features as part of our mobile device management strategy.

Find out more details here.

Corporate Security

Spinach employs comprehensive security measures including Mobile Device Management for device control, regular employee training on security practices, and stringent HR processes. We have robust incident response policies and risk management procedures in place. Significant product changes undergo code review and only select employees have access to production servers. We also conduct annual independent penetration testing, using the findings to prioritize mitigation and remediation efforts.

Find out more details here.

Ready to try the AI Project Manager?


Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique.

My meeting is over. Why didn't I get a summary?

Spinach Pro and Spinach Enterprise users should receive a meeting summary within 5 minutes. If you do not, the most common reason is that someone from your meeting forgot to leave the video call. If everyone has left the call, contact us using the support button on the bottom right corner if neither of those works and we'd be happy to investigate.

Spinach gives priority processing to our Pro and Enterprise users, followed by Free users. If you are a Free user and do not receive your summary within 1 hour, please contact us here using the support button on the bottom right corner.

What integrations does Spinach have?

Spinach can join Zoom, Google Meet and Microsoft Teams meetings.

Spinach can send your meeting summaries to Slack and email.

Spinach can save your meeting summaries in Notion, Confluence or Google Docs.

Spinach integrates with Jira, Trello, Asana, ClickUp, and Linear allowing you turn any action item into a ticket in one click.

How can I get my meeting summaries in Slack?

To get meeting summaries in Slack, you need to connect your Spinach account to your Slack account.
1. Go to to login.
2. Click the Integrations tab
3. Click Connect Slack

Follow the steps to connect to Slack. You can set a Default Slack channel for all your meetings or specify a unique Slack channel for each meeting.

Who will receive the meeting summary from Spinach?

Spinach Pro and Spinach Enterprise users can control who gets the meeting summary from each meeting. You can send the summary to just yourself, to everyone in the meeting, or add additional recipients who were not in the meeting. You can also share the meeting notes to Slack, Notion, Confluence, Google Docs or Confluence. Spinach Free users have access to the Slack integration, but are not able to customize distribution or share notes to their knowledge base.

How long does it take to receive my meeting summary from Spinach?

Spinach Pro and Spinach Enterprise users will receive your meeting summary from Spinach within 5 minutes of the meeting session ending. Spinach processes all Pro and Enterprise summaries before processing Free user summaries.

If you are a Spinach Pro or Spinach Enterprise user and you do not receive your summary within 5 minutes of leaving your meeting, make sure no one from your team forgot to close the video meeting. And check your spam folder. Contact us using the support button on the bottom right corner if neither of those works and we'd be happy to investigate.

What languages does Spinach support?

Spinach supports multiple languages.

We currently support Afrikaans, Arabic, Armenian, Azerbaijani, Belarusian, Bosnian, Bulgarian, Catalan, Chinese, Croatian, Czech, Danish, Dutch, English, Estonian, Finnish, French, Galician, German, Greek, Hebrew, Hindi, Hungarian, Icelandic, Indonesian, Italian, Japanese, Kannada, Kazakh, Korean, Latvian, Lithuanian, Macedonian, Malay, Marathi, Maori, Nepali, Norwegian, Persian, Polish, Portuguese, Romanian, Russian, Serbian, Slovak, Slovenian, Spanish, Swahili, Swedish, Tagalog, Tamil, Thai, Turkish, Ukrainian, Urdu, Vietnamese, and Welsh.

When exactly does Spinach join the meeting?

Spinach joins your meeting 1-2 minutes prior to the scheduled start time. If you add Spinach to a meeting already in progress, it takes 1-2 minutes for Spinach to join.

My meeting already started. Can I still invite Spinach?

Yes! If you forget to invite Spinach before the meeting begins, you can open the invite, add and we will join within 1-2 minutes.

💡 Note: If you're connected to Slack for summary outputs, the summary will go to your default Slack channel when adding Spinach after the meeting starts.

Why hasn't Spinach joined my meeting?

Here's a few troubleshooting steps for you to try.
1. Are you sure Spinach is on the meeting invite?
2. Did you join the meeting link on your meeting invite?
3. Is Spinach stuck in the waiting room of your meeting?
4. Did someone on your meeting kick Spinach out?
5. Did you start more than 5 minutes late? If no one joins in the first 5 minutes, Spinach leaves.

How do I add Spinach to a meeting?

There are 2 ways to add Spinach to a meeting. 1.  Login with Google or Microsoft, connect your calendar, and select all the meetings you'd like Spinach to join. 2. Open the meeting invite (or meeting series) and add as a guest.

Does Spinach have a free plan?

Yes. Anyone can try Spinach Pro free for 30 days. If you choose not to upgrade after 30 days you can continue to stay on the Spinach Starter plan. But you will lose access to Pro features like Priority Processing, Transcripts, Video, Knowledge Base Integrations and Notes Editing.