Why your meeting recorder shouldn't upload your audio
2026-05-13
Most meeting recorders work the same way. A bot joins your call, your audio travels to a server somewhere in the United States, a transcription engine processes it, and a summary lands in your inbox a few minutes later. The whole thing feels frictionless. That is partly the point.
What happens between the recording and the summary is worth understanding before you trust it with a client call, a legal discussion, or a strategic conversation.
Where your audio actually goes
Cloud-based tools like Otter.ai, Fireflies.ai, and Granola all route your meeting data through remote servers for processing. The details vary, but the structure is the same: audio or transcript leaves your device, travels to infrastructure controlled by a third party, and gets processed there.
For EU users, this creates an immediate GDPR issue. Processing personal data on US servers requires specific legal safeguards under the Schrems II framework: Standard Contractual Clauses, adequacy decisions, or explicit consent from every participant. Most meeting recorder deployments satisfy none of these, particularly for participants who never signed up for the service.
The European Data Protection Board selected transparency and information obligations as the focus of its 2026 Coordinated Enforcement Framework, with 25 Data Protection Authorities participating across Europe. Meeting recordings are exactly the kind of processing they are looking at.
The consent problem with bots
When a bot joins your call, it records everyone in the room. The person who set up the tool agreed to the terms of service. Everyone else did not.
This structural issue is now being tested in court. In August 2025, Justin Brewer filed a class action against Otter.ai in the Northern District of California. Brewer had never signed up for Otter. He joined a Zoom call where another participant had OtterPilot running. His conversation was recorded, transcribed, and according to the complaint, used to train Otter's machine learning models. Three more cases followed within weeks and were consolidated before Judge Eumi K. Lee, with a motion-to-dismiss hearing scheduled for May 20, 2026.
Fireflies.ai faces its own litigation. In December 2025, Illinois resident Katelin Cruz filed a class action alleging that Fireflies' speaker recognition feature generated a voiceprint from her voice without her knowledge or consent, violating the Illinois Biometric Information Privacy Act. A second case followed in March 2026. Cruz was not a Fireflies user and had never agreed to its terms.
Both companies responded by pointing to their terms of service, which place the responsibility for obtaining participant consent on the account holder. Courts will decide whether that holds. For now, deploying a bot-based recorder in a state requiring all-party consent (California, Illinois, Florida, and nine others) puts legal exposure on the person who enabled it.
The LLM prompt problem
There is a second, less visible data flow that most users miss. When an AI meeting tool generates a summary, the transcript gets sent to a language model via API. If the vendor is using a standard commercial tier, that payload can be retained for up to 30 days and potentially used for model improvement.
Granola, for instance, keeps audio on your device but sends transcript text to cloud AI for processing. Even tools marketed as "privacy-first" often draw a distinction between audio (kept local) and text (sent to the cloud). That distinction matters less than vendors suggest: a transcript of a sensitive conversation is the sensitive conversation.
What on-device processing actually means
An alternative architecture keeps everything on the device that recorded it. Transcription runs locally. Speaker detection runs locally. AI summarization runs locally. Nothing leaves unless you explicitly choose to send it somewhere.
This is not a new idea in computing. It is how your phone handles Face ID. The principle is the same: sensitive processing happens on hardware you control, under conditions you can verify.
For meeting notes, this means audio never crosses a network boundary. There is no server to breach, no data transfer to document for GDPR compliance, and no third party that can be subpoenaed for your recordings.
Here is what that looks like in practice. Wi-Fi is turned off before the recording starts. Transcription, speaker diarization, and AI summarization all complete normally:
A note on BYOK
Some tools offer "bring your own key" cloud AI as an option alongside local models. When implemented correctly, the transcript goes directly from your device to the AI provider using your own credentials. The meeting recorder never sees the data. This is meaningfully different from a vendor routing your transcripts through their own infrastructure before forwarding to a model.
The distinction matters: your data is governed by your agreement with the AI provider, not by a third party's terms of service.
Here is what that looks like with Proxyman filtering traffic to Thoth only. One connection appears when a BYOK summary is triggered: api.anthropic.com. No Thoth domain, no intermediate server:
Thoth is a meeting recorder for Mac that transcribes, diarizes, and summarizes entirely on your device. Audio never leaves your machine. Five local AI models are included. No account required. Download on the Mac App Store.