Surge

Try Surge Free

Surge

Pricing

Features

Try Surge Free

Privacy Policy

Privacy Policy

Privacy Policy

Last updated: July 03, 2025

Our Privacy Philosophy

Privacy isn’t just another feature. It’s our foundational principle.

From your team’s everyday communications to critical business information, Surge respects your privacy by design—protecting your data rigorously and transparently. This Privacy Policy explains exactly how we achieve that.

By using Surge, you’re entrusting us with your valuable data. We recognize and honor that trust. Below, we detail:

  • What data we collect, why we collect it, and how we use it.


  • How we secure your information.


  • How our optional AI features handle your data.


  • Your rights, controls, and our regulatory alignment.

  • What data we collect, why we collect it, and how we use it.

  • How we secure your information.

  • How our optional AI features handle your data.

  • Your rights, controls, and our regulatory alignment.

1. What Data We Collect

We limit our data collection strictly to what’s necessary for Surge to function effectively.

Information We Collect:

  • Account information: Name, email address, profile details, workspace preferences.


  • Usage and collaboration data: Messages, meetings, tasks, calendar events, files uploaded, and similar workspace interactions.


  • Technical metadata: Browser type, IP address, operating system, session duration, and other performance analytics to ensure quality of service.

  • Account information: Name, email address, profile details, workspace preferences.

  • Usage and collaboration data: Messages, meetings, tasks, calendar events, files uploaded, and similar workspace interactions.

    Technical metadata: Browser type, IP address, operating system, session duration, and other performance analytics to ensure quality of service.

  • Account information: Name, email address, profile details, workspace preferences.

  • Usage and collaboration data: Messages, meetings, tasks, calendar events, files uploaded, and similar workspace interactions.

  • Technical metadata: Browser type, IP address, operating system, session duration, and other performance analytics to ensure quality of service.

Information We Do NOT Collect Unless Explicitly Authorized:

  • We do not monitor or store audio, video, or textual data from your communications, except where explicitly authorized by you for AI-related processing (transcriptions, summaries).

2. How Your Data Is Protected

Surge leverages robust, industry-leading infrastructure and adheres to rigorous privacy practices and standards to ensure your information remains protected.

Encryption and Secure Communication

  • Data Encryption: All communication and data transfers are encrypted using strong TLS 1.2+ protocols in transit and AES-256 encryption standards at rest.

  • End-to-End Security: Real-time voice, video, and messaging sessions are secured end-to-end via enterprise-grade encryption mechanisms to prevent unauthorized interception.

Infrastructure Security

Surge is hosted and built on cloud infrastructure platforms independently audited against stringent industry standards, ensuring comprehensive security for your data. Our underlying cloud environments are regularly assessed through:

  • SOC 1, SOC 2 Type II, SOC 3 audits covering security, availability, processing integrity, confidentiality, and privacy.

  • ISO certifications (27001, 27017, 27018) covering general information security, cloud-specific controls, and PII protections.

  • PCI DSS compliance for secure handling of sensitive data, including payment information.

  • FedRAMP moderate/high-grade readiness to meet high standards required by governmental agencies.

  • HIPAA-ready infrastructure available through explicit arrangements to securely handle Protected Health Information (PHI) under Business Associate Agreements (BAAs).

  • GDPR alignment with robust Data Processing Agreements (DPAs), Standard Contractual Clauses, and EU-compliant data residency controls.

  • FIPS 140-3 validated endpoints ensure cryptographic security for regulated workloads.

Operational Security Practices

  • Annual penetration testing and regular vulnerability assessments.


  • Continuous monitoring, robust audit logging, and detailed incident response plans.


  • Strict personnel policies including employee background checks, annual security training, confidentiality agreements, and least-privilege access control.

  • Annual penetration testing and regular vulnerability assessments.

  • Continuous monitoring, robust audit logging, and detailed incident response plans.

  • Strict personnel policies including employee background checks, annual security training, confidentiality agreements, and least-privilege access control.

3. AI Features and Data Privacy

Surge provides optional AI-based features (e.g., transcription, summaries, smart meeting notes) designed to enhance productivity. Your data is only processed by these AI features when you explicitly opt-in.

AI Data Handling Practices

  • Opt-In Only: AI features are activated strictly by your explicit consent within the product interface.

  • Limited Data Retention: Data shared with AI systems is transient and used solely for the requested processing purpose. It is never persistently stored beyond the immediate processing needs.

  • No Model Training: The data you provide is never used to train or improve AI models.

  • Secure AI Infrastructure: AI processing occurs on platforms independently certified under SOC 2 Type II, ISO 27001, GDPR, and HIPAA-aligned controls.

  • Prompt and Response Confidentiality: User inputs and AI-generated outputs remain confidential and isolated from other user interactions.

4. Third-Party Integrations and Privacy

Surge securely integrates with third-party productivity applications (e.g., calendars, authentication providers) following industry-leading privacy practices, including:

  • SOC 2, SOC 3, ISO-certified integrations.

  • Encrypted OAuth protocols, strict scope management, and secure authentication standards.

  • Robust access control, identity verification, and logging.

  • SOC 2, SOC 3, ISO-certified integrations.


  • Encrypted OAuth protocols, strict scope management, and secure authentication standards.

  • Robust access control, identity verification, and logging.

5. Your Rights and Controls

We uphold your data rights rigorously:

  • Transparency: Full visibility of your data collection and usage within Surge.


  • Data Deletion & Portability: You may download or delete your data anytime.


  • Opt-Out Options: Easily disable AI functionality and restrict data processing settings directly from your workspace settings.

  • Transparency: Full visibility of your data collection and usage within Surge.

  • Data Deletion & Portability: You may download or delete your data anytime.

  • Opt-Out Options: Easily disable AI functionality and restrict data processing settings directly from your workspace settings.

  • Transparency: Full visibility of your data collection and usage within Surge.

  • Data Deletion & Portability: You may download or delete your data anytime.

  • Opt-Out Options: Easily disable AI functionality and restrict data processing settings directly from your workspace settings.

6. Regulatory Alignment and Compliance

Surge aligns operationally with major global regulatory standards:

  • GDPR Compliance: We adhere to EU privacy standards, including full data subject rights and robust Data Processing Agreements.


  • CCPA Compliance: Surge explicitly does not sell your data, fully respecting California privacy rights.


  • HIPAA-Aligned Operations: Infrastructure and workflows designed to enable compliance with HIPAA when explicitly requested via Business Associate Agreements.

  • PCI-DSS and FIPS validated systems for secure payment and sensitive data handling.

  • GDPR Compliance: We adhere to EU privacy standards, including full data subject rights and robust Data Processing Agreements.

  • CCPA Compliance: Surge explicitly does not sell your data, fully respecting California privacy rights.

  • HIPAA-Aligned Operations: Infrastructure and workflows designed to enable compliance with HIPAA when explicitly requested via Business Associate Agreements.

  • PCI-DSS and FIPS validated systems for secure payment and sensitive data handling.

  • GDPR Compliance: We adhere to EU privacy standards, including full data subject rights and robust Data Processing Agreements.

  • CCPA Compliance: Surge explicitly does not sell your data, fully respecting California privacy rights.

  • HIPAA-Aligned Operations: Infrastructure and workflows designed to enable compliance with HIPAA when explicitly requested via Business Associate Agreements.

  • PCI-DSS and FIPS validated systems for secure payment and sensitive data handling.

7. What We Will Never Do

We explicitly assure you that we:

  • Never sell your data.

  • Never use your information to train AI models.

  • Never share your data without your explicit consent.

  • Never display third-party advertisements.

8. Incident Response & Notification

Should a security incident occur, Surge commits to:

  • Immediate assessment, containment, and remediation.

  • Transparent and timely communication to affected parties.

  • Cooperation with regulatory authorities as required.

9. Our Commitment to Continuous Improvement

Privacy and security practices evolve. Surge is dedicated to:

  • Regularly updating policies and practices to reflect current standards.

  • Ongoing investment in security and compliance education for our staff.

  • Continuous platform improvement aligned with industry best practices and standards.

  • Regularly updating policies and practices to reflect current standards.

  • Ongoing investment in security and compliance education for our staff.

  • Continuous platform improvement aligned with industry best practices and standards.

10. Contact Us

Questions, concerns, or requests regarding your privacy or our policy?

Reach out directly to us at:

hello@trysurge.ai

Summary of Your Protection at Surge

Measure

Level of Protection & Compliance

Encryption

Level of Protection & Compliance

AI Feature Privacy

Opt-in only, ephemeral data use, no training use

Third-Party Integrations

Strict SOC 2, ISO, OAuth best-practice compliance

Final Word

At Surge, trust is not just something we value—it’s the bedrock of our company. Your data’s privacy and security are integral to our mission, carefully integrated into every step we take, every feature we design, and every service we deliver.

Thank you for placing your trust in Surge.

Surge

Get Free Access

Features

The Chatspace

Calendar

Conference Room

Surge Mobile

Support

Cancellation

Shipping

Contact Us

© 2024 Surge

Privacy Policy

Terms of Service

Surge

Get Free Access

Features

The Chatspace

Calendar

Conference Room

Surge Mobile

Support

Cancellation

Shipping

Contact Us

© 2024 Surge

Privacy Policy

Terms of Service

Surge

Get Free Access

Features

The Chatspace

Calendar

Conference Room

Surge Mobile

Support

Cancellation

Shipping

Contact Us

Privacy Policy

Terms of Service