We started with privacy, then built from there.

Autumn is built on the framework, Privacy by Design, developed by the renowned Dr. Ann Cavoukian to address issues of privacy in a digital age. Privacy by Design is seen as a global best practice, and forms a foundation for the General Data Protection Regulation (GDPR).

What does this mean practically?

It means we put employee privacy first. Employee identity is always kept anonymous, and all personally identifying information is redacted from any and all data used in Autumn's analysis — protecting individual and company privacy.

How do we keep our privacy-first promise?

The following three practices help form our approach to protecting your individual privacy:

  • 1

    Double Opt-In

    All users must actively opt into the use of our features; we never assume data can be shared. Users can opt-in to:

    1. Providing Autumn's Slack Bot with access to some of their Slack data, which is necessary for passive analysis. If a user wishes to use Autumn without providing access to their Slack or other data, they can — as an alternative to passive analysis simple check-in questions are regularly sent to the user in Slack once a week.

    2. Allowing their information to be included in a team aggregate dashboard. If a user chooses not to have their information included in a team aggregate, then they will not be able to access the 'Team page' or otherwise view the data of any team they are invited to.

  • 2

    Data Aggregation

    Autumn aggregates all user data before providing aggregate-level insights to managers or People teams. Data is never dis-aggregated past the level of a team, and all teams must have 4 or more members opted-in, to ensure individual anonymity. If a team has fewer than 4 members, the team features can be made available if each user individually consents, with an understanding that de-identification risk also increases.

  • 3

    Data De-Identification & Anonymization

    Autumn goes to great lengths to remove all direct identifiers (names, SSNs, etc.) and quasi-identifiers (ages, religion, race, ethnicity, zodiac signs, etc.) from data prior to its use in analysis, which ensures the privacy & security of both employees and organizations and reduces the possible risk of bias or skewed results.

    This means all data is anonymized before it is ever processed.

    For example, a message like "Hey Quinn, wanna go to In-n-Out for lunch tomorrow?" is scrubbed into: "Hey [NAME_1], wanna go to [LOCATION_1] for lunch tomorrow?"

    In addition, any data stored is then encrypted and under the strictest safety protocols.

Privacy FAQ

  • No personally identifying data is ever stored. Only de-identified text data and meta-data (like timestamps, etc.) are stored under encryption and strict data access protocols.

Autumn was built for you. If you leave your company, you can keep your data and continue to use Autumn for yourself for free. Just email us at info@getautumn.com and we'll make that happen.