Compare · AI Tools
AI Note-Takers and Privacy: What Happens to Your Client Calls
A solo operator framework for choosing a note-taking tool based on consent, retention, model-training policy, and call risk — not just summary quality.
Affiliate disclosure: SoloClientStack may earn a commission on links on this page. Full disclosure →
AI note-takers solve a real problem for solo operators: manual notes are slow, incomplete, and a distraction from the actual conversation. But they also convert every client call into a stored data asset — audio, transcript, summary, action items, speaker labels, searchable archive, and sometimes an input to AI model improvement. The operational gain is real. So is the trust surface.
For most solo operators, Granola is the best default for trust-sensitive advisory calls when no bot join is preferred and calls do not involve PHI or regulated data. Fathom is the strongest free-to-paid option for client-call capture with CRM workflows. Fireflies Enterprise is the most defensible path when compliance controls, HIPAA/BAA support, private storage, or SSO are required. Otter can work for high-volume transcription but needs deliberate configuration before any client use. And for legal, medical, HR, M&A, or any call your client contract restricts — skip AI note-taking entirely.
This article is not legal advice. Recording consent laws vary by jurisdiction. Vendor privacy policies, pricing, and security controls change frequently. Verify current terms before choosing any tool. Pricing checked July 6, 2026.
Granola — No bot joins the call. Notes are private by default. Audio is temporarily cached for transcription then deleted. SOC 2 Type II. Works best when you disclose AI note-taking clearly and your calls do not involve PHI or regulated data. Business at $14/user/month, Enterprise at $35/user/month (verify current terms).
Fathom — Strong free plan with solid CRM workflows. HIPAA and SOC 2 Type II claims. Stores data in the U.S. Uses de-identified data to improve proprietary models unless you opt out. Best for sales and advisory operators who want practical automation at low cost.
Fireflies Enterprise — Published no-training position for meeting content. HIPAA/BAA support, private storage, SSO/SCIM, custom retention, and audit logs at the Enterprise tier. Best when the meeting archive is part of an approved business system, not an informal personal recorder. Enterprise at $39/user/month annually (verify current terms).
Otter — Mature transcription, speaker ID, and search. Requires careful setup before client use: configure feedback/training sharing, auto-join, retention, speaker learning, and sharing defaults. Enterprise adds SSO, SCIM, domain capture, and a HIPAA add-on. Best for high-volume transcription when you treat setup as a privacy project first.
What actually happens when an AI note-taker joins a client call
Most operators think of AI note-taking as "it just makes a summary." The actual workflow is longer and each step creates a data exposure point:
- Capture: A bot joins as a visible meeting participant (Fathom, Fireflies, Otter) or the app records locally from your device without adding a participant (Granola).
- Transcription: Audio is streamed or uploaded to a transcription service — often a third-party subprocessor like OpenAI, Deepgram, or AssemblyAI.
- Summarization: An AI model generates summaries, action items, topic labels, and CRM-ready fields from the transcript.
- Storage: Transcript, summary, and metadata are stored in the vendor workspace, often indefinitely unless you configure retention or delete manually.
- Sharing: Notes may be shared by link, synced to Slack, pushed to HubSpot or Salesforce, exported to Notion, or attached to calendar events.
- Integrations: CRM sync, Zapier/Make automation, and API access can spread meeting data into additional systems beyond the note-taker itself.
- Deletion: Deleting the note or even the account does not always remove every shared copy, synced record, or exported version.
The five privacy questions that matter more than transcription accuracy
Before comparing summary quality or price, every solo operator should be able to answer these five questions for the tool they are considering:
- Consent: Does your client know a tool is capturing and processing the call? Is that disclosed before the call starts, in writing?
- Retention: How long are audio recordings and transcripts stored? Is retention configurable on the plan you can actually buy, or is it an Enterprise-only control?
- Model training: Is your meeting content used to train or improve AI models — by the vendor or by subprocessors? Is the default opt-in or opt-out?
- Access: Who inside the tool's workspace can search or view your notes? What are the sharing defaults — private, link-accessible, or workspace-visible?
- Integrations: Does the tool automatically sync to CRM, docs, or messaging tools? Can you control what goes where, or is it all-or-nothing?
SCS Client Call Privacy Scorecard
We reviewed public vendor documentation as of July 6, 2026 and scored these tools for a solo operator running confidential client calls. This is a workflow-risk screen, not a legal compliance rating. We did not review private SOC 2 reports or enterprise DPAs behind trust-center access. Vendor policies change; verify current terms before making a decision.
| Tool | Capture style | Audio retained? | Transcript retention | Model-training policy | Sharing defaults | Admin/enterprise controls | Best-fit operator | Avoid if |
|---|---|---|---|---|---|---|---|---|
| Granola | Bot-free / local device capture | Temporarily cached, then deleted per vendor docs | Indefinite unless manually deleted or retention configured | Anonymized data may be used for Granola model improvements by default on Free/Business; user opt-out available; Enterprise has org-wide opt-out | Private by default | Org-wide retention, auto-deletion, and model opt-out on Enterprise only | Solo advisors, consultants, fractional operators wanting bot-free calls | PHI, HIPAA workflows, BAA required, FERPA, or EU/UK data residency needed |
| Fathom | Bot-based (Zoom/Meet/Teams); bot-free beta available | Not explicitly retained as raw audio per published docs | Removed on account deletion; backups cleared within 7 additional days | De-identified data used to improve proprietary AI models; opt-out available; no third-party subprocessor model training | Configurable; defaults should be verified | HIPAA, SOC 2 Type II, GDPR claims; retention and admin controls are plan-gated | Sales/advisory operators needing fast summaries and CRM workflows at low cost | Non-U.S. data residency required, or proprietary model-improvement use is unacceptable |
| Fireflies | Bot-based (Zoom/Meet/Teams/other) | Retained in workspace unless deleted or governed by retention rules | Configurable; custom retention on Business/Enterprise | Vendor states meeting content not used for internal or external AI training; zero data retention by third-party vendors after processing per privacy policy | Workspace-visible by default unless configured; link sharing possible | SOC 2 Type II, GDPR, HIPAA/BAA (Enterprise), SSO/SCIM, private storage, audit logs, rules engine | Operators needing enterprise controls, integrations, HIPAA/BAA path, or searchable meeting intelligence | Solo operators who want quiet personal notes or have clients uncomfortable with visible bots |
| Otter | Bot-based (OtterPilot); also accepts imports | Audio recordings collected and stored per privacy policy | Configurable on Enterprise; defaults should be verified on lower plans | Feedback/training sharing allows Otter and third-party providers to access conversations for training and product improvement including possible human review if enabled; user can control this setting | Workspace-visible; link sharing possible; defaults should be reviewed carefully | Enterprise: SSO, SCIM, domain capture, retention, speaker-learning controls, pre-meeting notifications, HIPAA add-on | High-volume transcription, research, interviews, creators, educators | Sensitive client calls unless all settings are deliberately configured and client consents explicitly |
Bot-based vs bot-free note-takers: what changes and what does not
The most common misconception in this category is that removing the bot removes the privacy concern. It does not.
What bot-free changes: No extra participant joins the meeting, so clients do not see a "Notetaker" in the participant list. This reduces friction in calls where a visible bot creates discomfort or distrust. Granola operates this way — it captures audio from your device locally without joining as a participant.
What bot-free does not change: Audio is still captured and transcribed. Transcripts and summaries are still stored on vendor servers. Model-training defaults still apply. Retention policies still govern how long your notes live. And critically — you still have a disclosure obligation. In many U.S. states and in most international jurisdictions, recording a conversation without the knowledge of all parties is regulated by wiretap, electronic surveillance, or privacy statutes. "Bot-free" is not a legal workaround. It just makes the disclosure your responsibility rather than the tool's.
Tool-by-tool privacy review
Granola
Best for: Solo advisors, consultants, fractional operators, product interviewers, and coaches who want bot-free, human-feeling calls where client comfort with visible bots is a concern.
Not best for: Calls involving PHI, HIPAA workflows, situations requiring a BAA, FERPA-covered education records, or operators needing EU/UK data residency. Granola states it is not currently HIPAA compliant, cannot sign BAAs, and should not be used to store or process PHI.
Key strengths: No bot joins the call. Notes are private by default. Audio is temporarily cached for transcription then deleted per vendor docs. SOC 2 Type II certified. Strong note quality that enhances your own rough notes rather than replacing human judgment. Business plan at $14/user/month and Enterprise at $35/user/month as of July 6, 2026 (verify current terms).
Key limitations: Free and Business plans may use anonymized data for Granola's own model improvements by default unless you opt out. Transcript and note retention is indefinite unless you configure it or delete manually. Org-wide opt-out and auto-deletion controls are Enterprise features. Not suitable for regulated data types.
Privacy setting to check first: Model-improvement opt-out in account settings. Retention controls in workspace settings. Sharing defaults for any notes you create.
Try Granola if you want bot-free meeting notes and are willing to disclose AI note-taking clearly (affiliate link — disclosure)Fathom
Best for: Solo consultants and advisory operators who want practical client-call capture, fast summaries, action items, and CRM-friendly workflows — especially on Zoom, Google Meet, or Microsoft Teams.
Not best for: Operators requiring non-U.S. data residency, or those for whom proprietary model-improvement use of de-identified data is unacceptable even with an opt-out available.
Key strengths: Strong free plan makes it accessible. Bot and bot-free beta options. HIPAA, SOC 2 Type II, and GDPR compliance claims. States it does not use customer data with third-party AI subprocessors for model training. Account deletion removes recording data and metadata, with backups cleared within an additional 7 days. Free plan available; Premium at $16/month annually, Team at $15/user/month annually (2-user minimum), Business at $25/user/month annually, Enterprise by sales as of July 6, 2026 (verify current terms).
Key limitations: All data stored in the U.S. Uses de-identified customer data to improve proprietary AI models unless you opt out — this is distinct from third-party model training but still worth configuring. Retention controls are plan-gated. Verify exactly which privacy controls are available on the plan you purchase.
Privacy setting to check first: Proprietary model-improvement opt-out. Sharing defaults for recordings and summaries. Auto-join settings for calendar events.
Use Fathom when you want a practical client-call recorder with strong free/paid value (affiliate link — disclosure)Fireflies
Best for: Operators working with larger clients that expect vendor controls, teams needing SSO, SCIM, custom data retention, private storage, audit logs, or a HIPAA/BAA path, and operators who need broad integrations and searchable meeting intelligence across their business.
Not best for: Solo operators who want quiet personal notes without a visible bot, or clients uncomfortable with meeting bots.
Key strengths: Published position that meeting content is not used for internal or external AI training, with zero data retention by third-party vendors after processing. SOC 2 Type II, GDPR, and HIPAA/BAA support (Enterprise). Broad integrations, conversation intelligence, and rules engine. Enterprise-tier controls include private storage, custom retention, SSO/SCIM, and audit logs. Free, Pro at $10/user/month annually, Business at $19/user/month annually, Enterprise at $39/user/month annually as of July 6, 2026 (verify current terms).
Key limitations: Many privacy-critical controls — HIPAA/BAA, private storage, custom retention, SSO/SCIM, audit logs — are Business or Enterprise features. Visible bot may create friction. Conversation intelligence can encourage over-capture beyond what any one call actually needs.
Privacy setting to check first: Data retention policy on your plan. Workspace visibility and link-sharing defaults. Integration sync settings to control what flows to CRM or Slack.
Choose Fireflies when the meeting archive is part of an approved business system, not an informal personal recorder (affiliate link — disclosure)Otter
Best for: High-volume transcription users, educators, researchers, creators, media operators, and anyone who needs imports, speaker identification, search, and AI chat across a large archive of conversations.
Not best for: Sensitive client calls unless you deliberately configure every relevant privacy setting and have explicit client consent. Treat Otter setup as a privacy project before recording any client.
Key strengths: Mature transcription with strong speaker ID and search. Free/Pro/Business/Enterprise tiers. Enterprise adds SSO, SCIM, domain capture, retention controls, pre-meeting notifications, speaker-learning management, and a HIPAA add-on. Basic free, Pro at $8.33/user/month annually, Business at $19.99/user/month annually, Enterprise by demo as of July 6, 2026 (verify current terms).
Key limitations: Privacy policy includes meeting and uploaded audio recordings, OtterPilot screenshots, and speaker identification information. Feedback and training sharing — which can allow Otter and third-party providers to access conversations for training and product improvement including possible human review — is user-controlled but requires you to actively find and configure it. Many enterprise-grade controls require the Enterprise plan.
Privacy settings to configure before any client call: Feedback and training sharing toggle. Auto-join settings for calendar. Workspace sharing and link defaults. Speaker-learning settings. Retention on Enterprise if applicable.
Which AI note-taker should you use by call type?
| Call type | Example | Risk level | Recommended approach | Tool fit | Consent requirement |
|---|---|---|---|---|---|
| General advisory / consulting | Strategy session, quarterly review | Low–Medium | Disclose tool, configure sharing and retention | Granola or Fathom | Verbal + calendar invite language |
| Sales / discovery call | New client intro, scope discussion | Low | Bot or bot-free with disclosure | Fathom or Fireflies | Verbal at call start |
| High-volume interviews / research | User research, media interviews, lectures | Low–Medium | Disclose, configure speaker learning and training settings | Otter or Fireflies | Written + verbal |
| Fractional executive / board-adjacent | Board prep, CEO advisory, M&A | High | Skip AI note-taker or use only with explicit client approval and enterprise controls | Fireflies Enterprise at best; manual notes preferred | Written client approval required |
| Coaching (general business) | Accountability coaching, leadership coaching | Medium | Disclose clearly; review sharing and retention before use | Granola or Fathom | Verbal + written in coaching agreement |
| Healthcare-adjacent / PHI | Health coaching with sensitive data, therapy, clinical | Very High | Skip unless vendor supports HIPAA/BAA at your plan level | Fireflies Enterprise (BAA available) or skip entirely | HIPAA-compliant authorization may be required; consult a professional |
| Legal / litigation / HR investigation | Employment complaint, legal advice, employee relations | Very High | Skip AI note-taker entirely | None | Professional guidance required |
| Client contract with AI/recording restrictions | Enterprise client with vendor approval process | Very High | Skip AI note-taker until client approves specific tools and terms | None until approved | Written client approval and potentially DPA/BAA |
When to skip AI note-taking on a client call entirely
No summary quality improvement is worth the trust or liability cost in certain situations. Skip AI note-takers entirely when any of the following applies:
- The call involves protected health information, clinical details, therapy, or health coaching with sensitive personal health data.
- The call involves legal advice, active litigation, employee investigations, layoffs, or workplace complaints.
- The call involves M&A, fundraising, board strategy, financial diligence, or competitive intelligence.
- The client's contract includes language restricting recording, transcription, AI processing, or use of third-party tools.
- The client is in a two-party consent jurisdiction and has not explicitly consented to recording.
- Your professional license, code of ethics, or engagement agreement creates confidentiality obligations that AI note-taking would complicate.
- You would be uncomfortable saying out loud to the client: "I use an AI tool that will transcribe, summarize, and store this conversation."
Setup checklist before your first recorded client call
Run through this checklist once per tool, then verify that settings have not changed after any plan upgrade or vendor policy update.
| Step | What to do | Why it matters | Where to configure |
|---|---|---|---|
| 1. Disclose in calendar invite | Add a line: "I use an AI note-taking tool to help me focus on our conversation. You can ask me to turn it off at any time." | Consent before the call starts; reduces surprise | Your calendar template or booking page |
| 2. Verbal check-in at call start | Confirm verbally: "Just to mention, I have an AI note-taker running — is that okay with you?" | Catches clients who missed the invite language; builds trust | Your call-opening script |
| 3. Disable auto-join for sensitive calendars | Review auto-join rules and exclude specific clients, calendars, or meeting types | Prevents unintended recording of accidental or sensitive calls | Tool settings: auto-join or calendar filter section |
| 4. Set sharing defaults to private | Confirm notes default to private, not link-accessible or workspace-visible | Prevents inadvertent exposure of client summaries | Tool workspace or sharing settings |
| 5. Configure model-training opt-out | Find and enable the feedback/training opt-out or model-improvement opt-out | Controls whether your calls contribute to vendor or subprocessor model training | Account or privacy settings in each tool |
| 6. Set retention expectations | Decide how long you will keep transcripts; delete raw materials after review if not needed long-term | Minimizes the data surface over time; reduces breach exposure | Tool retention settings if available; manual deletion otherwise |
| 7. Limit CRM sync scope | Sync only action items and decisions, not full transcripts, unless there is a clear need | Reduces sensitive data spread across additional systems | Integration settings in the note-taker and CRM |
| 8. Review AI summary before sharing | Read every AI-generated summary before sending it to a client or copying it to a project system | AI summaries can misattribute statements, invent action items, or omit nuance | Your post-call workflow |
| 9. Test deletion before you need it | Delete a test note and confirm it is gone; check whether shared copies persist | Confirms your understanding of what "delete" actually covers in that tool | Note or account deletion flow |
| 10. Document your practice in one paragraph | Write a one-paragraph internal note on which tool you use, which calls it covers, and what your retention rule is | Creates a consistent practice; useful if a client ever asks about your data handling | Your internal ops doc or Notion workspace |
Pricing and plan traps that affect privacy
The free plan is not always the lowest-risk plan. In this category, free plans often lack the admin controls that matter most for client work.
| Privacy feature | Why it matters | Usually available on | Plan-gated in these tools |
|---|---|---|---|
| Custom data retention / auto-deletion | Limits how long sensitive transcripts live on vendor servers | Business or Enterprise | Granola (Enterprise), Fireflies (Business/Enterprise), Otter (Enterprise) |
| Org-wide model-training opt-out | Prevents individual users from accidentally leaving training enabled | Enterprise | Granola (Enterprise), Otter (Enterprise) |
| HIPAA / BAA support | Required for certain regulated healthcare-adjacent workflows | Enterprise only | Fireflies (Enterprise), Otter (Enterprise add-on); Granola: not available at any tier as of July 6, 2026 |
| SSO / SCIM provisioning | Controls access when team members join or leave | Business or Enterprise | Fireflies (Business/Enterprise), Otter (Enterprise), Granola (Enterprise) |
| Audit logs | Shows who accessed or exported meeting data | Enterprise | Fireflies (Enterprise); verify for others |
| Private / regional storage | Controls where data physically lives | Enterprise or add-on | Fireflies (Enterprise); Fathom stores all data in U.S. on all plans |
| Workspace sharing controls | Determines who inside a shared workspace can see your client notes | All plans, but defaults vary | Review carefully on all tools before adding team members |
The practical implication: if you are running sensitive client work and want meaningful privacy controls, the free or lowest-paid tier may not be sufficient. Budget for the plan tier that actually includes the controls you need, not the plan tier that has the best summary quality.
Privacy-safe client-call workflow for solo operators
The goal is the smallest defensible capture system for the call risk — not the most powerful meeting archive you can assemble.
Before the call: Add disclosure language to the calendar invite or booking page. Confirm the tool is set to private sharing. Confirm auto-join is scoped correctly and will not fire on confidential calls. Have a verbal check-in ready.
During the call: Confirm consent verbally at the start. If the client declines, turn off the tool — no negotiation. If a sensitive topic comes up unexpectedly, you can pause or stop recording. Focus on the conversation; the tool handles capture.
After the call: Review the AI summary before doing anything with it. Fix misattributions, remove sensitive asides, and verify action items. Store only decisions, commitments, and relevant context in your CRM. Delete the raw transcript if you do not have a business reason to keep it long-term. Send a sanitized recap to the client — not the raw transcript — unless they specifically request it.
What to store where: CRM gets decisions, next steps, and non-sensitive context. Project system gets approved action items. Archive (if kept) gets the full notes with restricted access. Raw transcripts should have a defined shelf life and a deletion trigger.
Final recommendation: choose the smallest defensible capture system
AI note-taking done well makes you a better operator — you are more present in the conversation, your follow-ups are faster, and your client records are more consistent. Done carelessly, it quietly expands your clients' data exposure without their knowledge or yours.
The SoloClientStack recommendation is to match your tool to your call risk, not to your feature wishlist. Granola for trust-sensitive solo advisory work where no bot is preferred and no PHI is involved. Fathom for practical low-cost client-call capture with CRM workflows after configuring opt-outs. Fireflies Enterprise when compliance controls, HIPAA/BAA, or enterprise features are genuinely required. Otter when transcription volume is the primary need and you treat initial setup as a privacy project.
And for legal, medical, M&A, HR, or any call type where you cannot comfortably disclose the tool to your client in plain language — skip AI note-taking and take manual notes. The leverage is not worth the trust cost.
All pricing and privacy policies verified against public vendor documentation on July 6, 2026. Verify current terms before purchasing any plan. This article is editorial and does not constitute legal, compliance, or professional advice.
FAQ
Are AI note-takers safe for client calls?
Sometimes, but only when the call type, client consent, vendor terms, retention settings, and sharing controls match the risk level of the conversation. There is no universal answer. A general advisory call with a disclosed recorder is different from a therapy session, a legal consultation, or an M&A discussion.
Do AI note-takers use my client calls to train AI models?
It depends on the vendor and your settings. Granola says anonymized data may be used for its own model improvements by default on Free and Business plans unless opted out. Fathom says it uses de-identified customer data to improve proprietary models with an opt-out available. Fireflies states meeting content is not used for internal or external AI training and requires zero data retention by third-party vendors after processing. Otter lets users control feedback and training sharing. Verify the current policy for any tool before using it for client work.
Is a bot-free note-taker more private?
It may feel less intrusive because no extra participant joins the call, but bot-free capture still records and processes meeting audio and produces transcripts stored on vendor servers. Disclosure and retention still matter regardless of capture method. "Bot-free" is not a consent substitute.
Does SOC 2 certification mean an AI note-taker is compliant for my use case?
No. SOC 2 is useful security evidence, but it does not answer whether you obtained client consent, whether your client contract allows recording, or whether the tool is appropriate for regulated data types like PHI or protected legal communications.
Can I use an AI note-taker for coaching calls?
For general business coaching, possibly yes if you disclose the tool and configure sharing and retention settings appropriately. For health, therapy-adjacent, trauma, medical, or deeply personal topics, use extreme caution and consult a professional before recording any session.
Can I use an AI note-taker for healthcare calls or calls involving PHI?
Only with a vendor and plan that explicitly supports HIPAA obligations, including a Business Associate Agreement where required. Granola states it is not currently HIPAA compliant and should not be used for PHI. Fireflies publishes HIPAA and BAA support for Enterprise plans. Otter lists HIPAA as an Enterprise add-on. Verify current terms with each vendor directly before any healthcare-adjacent use.
What should I say to a client before recording a call?
Use plain language at the start of the call: "I use an AI note-taking tool to transcribe and summarize our conversation so I can stay focused on you. Are you comfortable with that? I can turn it off if you prefer." Get a clear yes before proceeding. Add similar language to your calendar invites and client agreement.
Should I send clients the raw AI transcript after a call?
Usually no. Send a sanitized summary, key decisions, and action items. Raw transcripts contain filler, off-the-cuff remarks, and sensitive context that is better curated before sharing. Only send the full transcript if the client specifically requests it and you have reviewed the content first.
Should I store AI call notes in my CRM?
Store only what you need: decisions, next steps, commitments, and relevant non-sensitive context. Avoid syncing raw transcripts to your CRM unless there is a clear business reason and the client has approved it. More data in more systems creates a larger exposure surface.
What is the safest AI note-taking workflow for solo operators?
Disclose before recording, record only appropriate call types, use the smallest capture system needed, disable auto-join for sensitive meetings, limit sharing to direct recipients, review AI summaries before sending anything to clients, delete raw materials when no longer needed, and document your retention practice in a simple internal note.
Get the Solo Consultant OS Blueprint
Map your acquisition, onboarding, delivery, and automation stack. Free for subscribers.
- CRM setup and pipeline configuration
- Client onboarding automation walkthrough
- Proposal system with AI prompts
- Make scenario templates
Free for subscribers
No spam. Unsubscribe any time.
Related resources