Compare · AI Tools

AI Note-Takers and Privacy: What Happens to Your Client Calls

A solo operator framework for choosing a note-taking tool based on consent, retention, model-training policy, and call risk — not just summary quality.

Affiliate disclosure: SoloClientStack may earn a commission on links on this page. Full disclosure →


AI note-takers solve a real problem for solo operators: manual notes are slow, incomplete, and a distraction from the actual conversation. But they also convert every client call into a stored data asset — audio, transcript, summary, action items, speaker labels, searchable archive, and sometimes an input to AI model improvement. The operational gain is real. So is the trust surface.

For most solo operators, Granola is the best default for trust-sensitive advisory calls when no bot join is preferred and calls do not involve PHI or regulated data. Fathom is the strongest free-to-paid option for client-call capture with CRM workflows. Fireflies Enterprise is the most defensible path when compliance controls, HIPAA/BAA support, private storage, or SSO are required. Otter can work for high-volume transcription but needs deliberate configuration before any client use. And for legal, medical, HR, M&A, or any call your client contract restricts — skip AI note-taking entirely.

This article is not legal advice. Recording consent laws vary by jurisdiction. Vendor privacy policies, pricing, and security controls change frequently. Verify current terms before choosing any tool. Pricing checked July 6, 2026.

Best trust-first default for solo advisors

Granola — No bot joins the call. Notes are private by default. Audio is temporarily cached for transcription then deleted. SOC 2 Type II. Works best when you disclose AI note-taking clearly and your calls do not involve PHI or regulated data. Business at $14/user/month, Enterprise at $35/user/month (verify current terms).

Fathom — Strong free plan with solid CRM workflows. HIPAA and SOC 2 Type II claims. Stores data in the U.S. Uses de-identified data to improve proprietary models unless you opt out. Best for sales and advisory operators who want practical automation at low cost.

Best for compliance or high-volume use

Fireflies Enterprise — Published no-training position for meeting content. HIPAA/BAA support, private storage, SSO/SCIM, custom retention, and audit logs at the Enterprise tier. Best when the meeting archive is part of an approved business system, not an informal personal recorder. Enterprise at $39/user/month annually (verify current terms).

Otter — Mature transcription, speaker ID, and search. Requires careful setup before client use: configure feedback/training sharing, auto-join, retention, speaker learning, and sharing defaults. Enterprise adds SSO, SCIM, domain capture, and a HIPAA add-on. Best for high-volume transcription when you treat setup as a privacy project first.

What actually happens when an AI note-taker joins a client call

Most operators think of AI note-taking as "it just makes a summary." The actual workflow is longer and each step creates a data exposure point:

  1. Capture: A bot joins as a visible meeting participant (Fathom, Fireflies, Otter) or the app records locally from your device without adding a participant (Granola).
  2. Transcription: Audio is streamed or uploaded to a transcription service — often a third-party subprocessor like OpenAI, Deepgram, or AssemblyAI.
  3. Summarization: An AI model generates summaries, action items, topic labels, and CRM-ready fields from the transcript.
  4. Storage: Transcript, summary, and metadata are stored in the vendor workspace, often indefinitely unless you configure retention or delete manually.
  5. Sharing: Notes may be shared by link, synced to Slack, pushed to HubSpot or Salesforce, exported to Notion, or attached to calendar events.
  6. Integrations: CRM sync, Zapier/Make automation, and API access can spread meeting data into additional systems beyond the note-taker itself.
  7. Deletion: Deleting the note or even the account does not always remove every shared copy, synced record, or exported version.
What most note-taker comparisons get wrong: They compare transcription accuracy and price, then bury privacy in a footnote. They treat SOC 2 as a complete answer. They ignore model-training defaults, data retention, link-sharing, CRM sync, and calendar auto-join. And they assume bot-free means privacy-safe — it only means the capture mechanism is less visible to your client.

The five privacy questions that matter more than transcription accuracy

Before comparing summary quality or price, every solo operator should be able to answer these five questions for the tool they are considering:

  1. Consent: Does your client know a tool is capturing and processing the call? Is that disclosed before the call starts, in writing?
  2. Retention: How long are audio recordings and transcripts stored? Is retention configurable on the plan you can actually buy, or is it an Enterprise-only control?
  3. Model training: Is your meeting content used to train or improve AI models — by the vendor or by subprocessors? Is the default opt-in or opt-out?
  4. Access: Who inside the tool's workspace can search or view your notes? What are the sharing defaults — private, link-accessible, or workspace-visible?
  5. Integrations: Does the tool automatically sync to CRM, docs, or messaging tools? Can you control what goes where, or is it all-or-nothing?

SCS Client Call Privacy Scorecard

We reviewed public vendor documentation as of July 6, 2026 and scored these tools for a solo operator running confidential client calls. This is a workflow-risk screen, not a legal compliance rating. We did not review private SOC 2 reports or enterprise DPAs behind trust-center access. Vendor policies change; verify current terms before making a decision.

ToolCapture styleAudio retained?Transcript retentionModel-training policySharing defaultsAdmin/enterprise controlsBest-fit operatorAvoid if
GranolaBot-free / local device captureTemporarily cached, then deleted per vendor docsIndefinite unless manually deleted or retention configuredAnonymized data may be used for Granola model improvements by default on Free/Business; user opt-out available; Enterprise has org-wide opt-outPrivate by defaultOrg-wide retention, auto-deletion, and model opt-out on Enterprise onlySolo advisors, consultants, fractional operators wanting bot-free callsPHI, HIPAA workflows, BAA required, FERPA, or EU/UK data residency needed
FathomBot-based (Zoom/Meet/Teams); bot-free beta availableNot explicitly retained as raw audio per published docsRemoved on account deletion; backups cleared within 7 additional daysDe-identified data used to improve proprietary AI models; opt-out available; no third-party subprocessor model trainingConfigurable; defaults should be verifiedHIPAA, SOC 2 Type II, GDPR claims; retention and admin controls are plan-gatedSales/advisory operators needing fast summaries and CRM workflows at low costNon-U.S. data residency required, or proprietary model-improvement use is unacceptable
FirefliesBot-based (Zoom/Meet/Teams/other)Retained in workspace unless deleted or governed by retention rulesConfigurable; custom retention on Business/EnterpriseVendor states meeting content not used for internal or external AI training; zero data retention by third-party vendors after processing per privacy policyWorkspace-visible by default unless configured; link sharing possibleSOC 2 Type II, GDPR, HIPAA/BAA (Enterprise), SSO/SCIM, private storage, audit logs, rules engineOperators needing enterprise controls, integrations, HIPAA/BAA path, or searchable meeting intelligenceSolo operators who want quiet personal notes or have clients uncomfortable with visible bots
OtterBot-based (OtterPilot); also accepts importsAudio recordings collected and stored per privacy policyConfigurable on Enterprise; defaults should be verified on lower plansFeedback/training sharing allows Otter and third-party providers to access conversations for training and product improvement including possible human review if enabled; user can control this settingWorkspace-visible; link sharing possible; defaults should be reviewed carefullyEnterprise: SSO, SCIM, domain capture, retention, speaker-learning controls, pre-meeting notifications, HIPAA add-onHigh-volume transcription, research, interviews, creators, educatorsSensitive client calls unless all settings are deliberately configured and client consents explicitly

Bot-based vs bot-free note-takers: what changes and what does not

The most common misconception in this category is that removing the bot removes the privacy concern. It does not.

What bot-free changes: No extra participant joins the meeting, so clients do not see a "Notetaker" in the participant list. This reduces friction in calls where a visible bot creates discomfort or distrust. Granola operates this way — it captures audio from your device locally without joining as a participant.

What bot-free does not change: Audio is still captured and transcribed. Transcripts and summaries are still stored on vendor servers. Model-training defaults still apply. Retention policies still govern how long your notes live. And critically — you still have a disclosure obligation. In many U.S. states and in most international jurisdictions, recording a conversation without the knowledge of all parties is regulated by wiretap, electronic surveillance, or privacy statutes. "Bot-free" is not a legal workaround. It just makes the disclosure your responsibility rather than the tool's.

Disclosure is always your job, regardless of capture method. Add a sentence to your calendar invite, a line in your client agreement, and a verbal check-in at the start of every recorded call. Do not rely on the tool to handle consent on your behalf.

Tool-by-tool privacy review

Granola

Best for: Solo advisors, consultants, fractional operators, product interviewers, and coaches who want bot-free, human-feeling calls where client comfort with visible bots is a concern.

Not best for: Calls involving PHI, HIPAA workflows, situations requiring a BAA, FERPA-covered education records, or operators needing EU/UK data residency. Granola states it is not currently HIPAA compliant, cannot sign BAAs, and should not be used to store or process PHI.

Key strengths: No bot joins the call. Notes are private by default. Audio is temporarily cached for transcription then deleted per vendor docs. SOC 2 Type II certified. Strong note quality that enhances your own rough notes rather than replacing human judgment. Business plan at $14/user/month and Enterprise at $35/user/month as of July 6, 2026 (verify current terms).

Key limitations: Free and Business plans may use anonymized data for Granola's own model improvements by default unless you opt out. Transcript and note retention is indefinite unless you configure it or delete manually. Org-wide opt-out and auto-deletion controls are Enterprise features. Not suitable for regulated data types.

Privacy setting to check first: Model-improvement opt-out in account settings. Retention controls in workspace settings. Sharing defaults for any notes you create.

Try Granola if you want bot-free meeting notes and are willing to disclose AI note-taking clearly (affiliate link — disclosure)

Fathom

Best for: Solo consultants and advisory operators who want practical client-call capture, fast summaries, action items, and CRM-friendly workflows — especially on Zoom, Google Meet, or Microsoft Teams.

Not best for: Operators requiring non-U.S. data residency, or those for whom proprietary model-improvement use of de-identified data is unacceptable even with an opt-out available.

Key strengths: Strong free plan makes it accessible. Bot and bot-free beta options. HIPAA, SOC 2 Type II, and GDPR compliance claims. States it does not use customer data with third-party AI subprocessors for model training. Account deletion removes recording data and metadata, with backups cleared within an additional 7 days. Free plan available; Premium at $16/month annually, Team at $15/user/month annually (2-user minimum), Business at $25/user/month annually, Enterprise by sales as of July 6, 2026 (verify current terms).

Key limitations: All data stored in the U.S. Uses de-identified customer data to improve proprietary AI models unless you opt out — this is distinct from third-party model training but still worth configuring. Retention controls are plan-gated. Verify exactly which privacy controls are available on the plan you purchase.

Privacy setting to check first: Proprietary model-improvement opt-out. Sharing defaults for recordings and summaries. Auto-join settings for calendar events.

Use Fathom when you want a practical client-call recorder with strong free/paid value (affiliate link — disclosure)

Fireflies

Best for: Operators working with larger clients that expect vendor controls, teams needing SSO, SCIM, custom data retention, private storage, audit logs, or a HIPAA/BAA path, and operators who need broad integrations and searchable meeting intelligence across their business.

Not best for: Solo operators who want quiet personal notes without a visible bot, or clients uncomfortable with meeting bots.

Key strengths: Published position that meeting content is not used for internal or external AI training, with zero data retention by third-party vendors after processing. SOC 2 Type II, GDPR, and HIPAA/BAA support (Enterprise). Broad integrations, conversation intelligence, and rules engine. Enterprise-tier controls include private storage, custom retention, SSO/SCIM, and audit logs. Free, Pro at $10/user/month annually, Business at $19/user/month annually, Enterprise at $39/user/month annually as of July 6, 2026 (verify current terms).

Key limitations: Many privacy-critical controls — HIPAA/BAA, private storage, custom retention, SSO/SCIM, audit logs — are Business or Enterprise features. Visible bot may create friction. Conversation intelligence can encourage over-capture beyond what any one call actually needs.

Privacy setting to check first: Data retention policy on your plan. Workspace visibility and link-sharing defaults. Integration sync settings to control what flows to CRM or Slack.

Choose Fireflies when the meeting archive is part of an approved business system, not an informal personal recorder (affiliate link — disclosure)

Otter

Best for: High-volume transcription users, educators, researchers, creators, media operators, and anyone who needs imports, speaker identification, search, and AI chat across a large archive of conversations.

Not best for: Sensitive client calls unless you deliberately configure every relevant privacy setting and have explicit client consent. Treat Otter setup as a privacy project before recording any client.

Key strengths: Mature transcription with strong speaker ID and search. Free/Pro/Business/Enterprise tiers. Enterprise adds SSO, SCIM, domain capture, retention controls, pre-meeting notifications, speaker-learning management, and a HIPAA add-on. Basic free, Pro at $8.33/user/month annually, Business at $19.99/user/month annually, Enterprise by demo as of July 6, 2026 (verify current terms).

Key limitations: Privacy policy includes meeting and uploaded audio recordings, OtterPilot screenshots, and speaker identification information. Feedback and training sharing — which can allow Otter and third-party providers to access conversations for training and product improvement including possible human review — is user-controlled but requires you to actively find and configure it. Many enterprise-grade controls require the Enterprise plan.

Privacy settings to configure before any client call: Feedback and training sharing toggle. Auto-join settings for calendar. Workspace sharing and link defaults. Speaker-learning settings. Retention on Enterprise if applicable.

Which AI note-taker should you use by call type?

Call typeExampleRisk levelRecommended approachTool fitConsent requirement
General advisory / consultingStrategy session, quarterly reviewLow–MediumDisclose tool, configure sharing and retentionGranola or FathomVerbal + calendar invite language
Sales / discovery callNew client intro, scope discussionLowBot or bot-free with disclosureFathom or FirefliesVerbal at call start
High-volume interviews / researchUser research, media interviews, lecturesLow–MediumDisclose, configure speaker learning and training settingsOtter or FirefliesWritten + verbal
Fractional executive / board-adjacentBoard prep, CEO advisory, M&AHighSkip AI note-taker or use only with explicit client approval and enterprise controlsFireflies Enterprise at best; manual notes preferredWritten client approval required
Coaching (general business)Accountability coaching, leadership coachingMediumDisclose clearly; review sharing and retention before useGranola or FathomVerbal + written in coaching agreement
Healthcare-adjacent / PHIHealth coaching with sensitive data, therapy, clinicalVery HighSkip unless vendor supports HIPAA/BAA at your plan levelFireflies Enterprise (BAA available) or skip entirelyHIPAA-compliant authorization may be required; consult a professional
Legal / litigation / HR investigationEmployment complaint, legal advice, employee relationsVery HighSkip AI note-taker entirelyNoneProfessional guidance required
Client contract with AI/recording restrictionsEnterprise client with vendor approval processVery HighSkip AI note-taker until client approves specific tools and termsNone until approvedWritten client approval and potentially DPA/BAA

When to skip AI note-taking on a client call entirely

No summary quality improvement is worth the trust or liability cost in certain situations. Skip AI note-takers entirely when any of the following applies:

If you are unsure whether a call type is appropriate for AI note-taking, err on the side of manual notes. The productivity gain from AI summarization is real but modest. The trust cost of a client learning their sensitive conversation was processed by a third-party AI tool without their knowledge can be severe. This article does not constitute legal or professional advice; consult qualified counsel for regulated work.

Setup checklist before your first recorded client call

Run through this checklist once per tool, then verify that settings have not changed after any plan upgrade or vendor policy update.

StepWhat to doWhy it mattersWhere to configure
1. Disclose in calendar inviteAdd a line: "I use an AI note-taking tool to help me focus on our conversation. You can ask me to turn it off at any time."Consent before the call starts; reduces surpriseYour calendar template or booking page
2. Verbal check-in at call startConfirm verbally: "Just to mention, I have an AI note-taker running — is that okay with you?"Catches clients who missed the invite language; builds trustYour call-opening script
3. Disable auto-join for sensitive calendarsReview auto-join rules and exclude specific clients, calendars, or meeting typesPrevents unintended recording of accidental or sensitive callsTool settings: auto-join or calendar filter section
4. Set sharing defaults to privateConfirm notes default to private, not link-accessible or workspace-visiblePrevents inadvertent exposure of client summariesTool workspace or sharing settings
5. Configure model-training opt-outFind and enable the feedback/training opt-out or model-improvement opt-outControls whether your calls contribute to vendor or subprocessor model trainingAccount or privacy settings in each tool
6. Set retention expectationsDecide how long you will keep transcripts; delete raw materials after review if not needed long-termMinimizes the data surface over time; reduces breach exposureTool retention settings if available; manual deletion otherwise
7. Limit CRM sync scopeSync only action items and decisions, not full transcripts, unless there is a clear needReduces sensitive data spread across additional systemsIntegration settings in the note-taker and CRM
8. Review AI summary before sharingRead every AI-generated summary before sending it to a client or copying it to a project systemAI summaries can misattribute statements, invent action items, or omit nuanceYour post-call workflow
9. Test deletion before you need itDelete a test note and confirm it is gone; check whether shared copies persistConfirms your understanding of what "delete" actually covers in that toolNote or account deletion flow
10. Document your practice in one paragraphWrite a one-paragraph internal note on which tool you use, which calls it covers, and what your retention rule isCreates a consistent practice; useful if a client ever asks about your data handlingYour internal ops doc or Notion workspace

Pricing and plan traps that affect privacy

The free plan is not always the lowest-risk plan. In this category, free plans often lack the admin controls that matter most for client work.

Privacy featureWhy it mattersUsually available onPlan-gated in these tools
Custom data retention / auto-deletionLimits how long sensitive transcripts live on vendor serversBusiness or EnterpriseGranola (Enterprise), Fireflies (Business/Enterprise), Otter (Enterprise)
Org-wide model-training opt-outPrevents individual users from accidentally leaving training enabledEnterpriseGranola (Enterprise), Otter (Enterprise)
HIPAA / BAA supportRequired for certain regulated healthcare-adjacent workflowsEnterprise onlyFireflies (Enterprise), Otter (Enterprise add-on); Granola: not available at any tier as of July 6, 2026
SSO / SCIM provisioningControls access when team members join or leaveBusiness or EnterpriseFireflies (Business/Enterprise), Otter (Enterprise), Granola (Enterprise)
Audit logsShows who accessed or exported meeting dataEnterpriseFireflies (Enterprise); verify for others
Private / regional storageControls where data physically livesEnterprise or add-onFireflies (Enterprise); Fathom stores all data in U.S. on all plans
Workspace sharing controlsDetermines who inside a shared workspace can see your client notesAll plans, but defaults varyReview carefully on all tools before adding team members

The practical implication: if you are running sensitive client work and want meaningful privacy controls, the free or lowest-paid tier may not be sufficient. Budget for the plan tier that actually includes the controls you need, not the plan tier that has the best summary quality.

Privacy-safe client-call workflow for solo operators

The goal is the smallest defensible capture system for the call risk — not the most powerful meeting archive you can assemble.

Before the call: Add disclosure language to the calendar invite or booking page. Confirm the tool is set to private sharing. Confirm auto-join is scoped correctly and will not fire on confidential calls. Have a verbal check-in ready.

During the call: Confirm consent verbally at the start. If the client declines, turn off the tool — no negotiation. If a sensitive topic comes up unexpectedly, you can pause or stop recording. Focus on the conversation; the tool handles capture.

After the call: Review the AI summary before doing anything with it. Fix misattributions, remove sensitive asides, and verify action items. Store only decisions, commitments, and relevant context in your CRM. Delete the raw transcript if you do not have a business reason to keep it long-term. Send a sanitized recap to the client — not the raw transcript — unless they specifically request it.

What to store where: CRM gets decisions, next steps, and non-sensitive context. Project system gets approved action items. Archive (if kept) gets the full notes with restricted access. Raw transcripts should have a defined shelf life and a deletion trigger.

Final recommendation: choose the smallest defensible capture system

AI note-taking done well makes you a better operator — you are more present in the conversation, your follow-ups are faster, and your client records are more consistent. Done carelessly, it quietly expands your clients' data exposure without their knowledge or yours.

The SoloClientStack recommendation is to match your tool to your call risk, not to your feature wishlist. Granola for trust-sensitive solo advisory work where no bot is preferred and no PHI is involved. Fathom for practical low-cost client-call capture with CRM workflows after configuring opt-outs. Fireflies Enterprise when compliance controls, HIPAA/BAA, or enterprise features are genuinely required. Otter when transcription volume is the primary need and you treat initial setup as a privacy project.

And for legal, medical, M&A, HR, or any call type where you cannot comfortably disclose the tool to your client in plain language — skip AI note-taking and take manual notes. The leverage is not worth the trust cost.

All pricing and privacy policies verified against public vendor documentation on July 6, 2026. Verify current terms before purchasing any plan. This article is editorial and does not constitute legal, compliance, or professional advice.

FAQ

Are AI note-takers safe for client calls?

Sometimes, but only when the call type, client consent, vendor terms, retention settings, and sharing controls match the risk level of the conversation. There is no universal answer. A general advisory call with a disclosed recorder is different from a therapy session, a legal consultation, or an M&A discussion.

Do AI note-takers use my client calls to train AI models?

It depends on the vendor and your settings. Granola says anonymized data may be used for its own model improvements by default on Free and Business plans unless opted out. Fathom says it uses de-identified customer data to improve proprietary models with an opt-out available. Fireflies states meeting content is not used for internal or external AI training and requires zero data retention by third-party vendors after processing. Otter lets users control feedback and training sharing. Verify the current policy for any tool before using it for client work.

Is a bot-free note-taker more private?

It may feel less intrusive because no extra participant joins the call, but bot-free capture still records and processes meeting audio and produces transcripts stored on vendor servers. Disclosure and retention still matter regardless of capture method. "Bot-free" is not a consent substitute.

Does SOC 2 certification mean an AI note-taker is compliant for my use case?

No. SOC 2 is useful security evidence, but it does not answer whether you obtained client consent, whether your client contract allows recording, or whether the tool is appropriate for regulated data types like PHI or protected legal communications.

Can I use an AI note-taker for coaching calls?

For general business coaching, possibly yes if you disclose the tool and configure sharing and retention settings appropriately. For health, therapy-adjacent, trauma, medical, or deeply personal topics, use extreme caution and consult a professional before recording any session.

Can I use an AI note-taker for healthcare calls or calls involving PHI?

Only with a vendor and plan that explicitly supports HIPAA obligations, including a Business Associate Agreement where required. Granola states it is not currently HIPAA compliant and should not be used for PHI. Fireflies publishes HIPAA and BAA support for Enterprise plans. Otter lists HIPAA as an Enterprise add-on. Verify current terms with each vendor directly before any healthcare-adjacent use.

What should I say to a client before recording a call?

Use plain language at the start of the call: "I use an AI note-taking tool to transcribe and summarize our conversation so I can stay focused on you. Are you comfortable with that? I can turn it off if you prefer." Get a clear yes before proceeding. Add similar language to your calendar invites and client agreement.

Should I send clients the raw AI transcript after a call?

Usually no. Send a sanitized summary, key decisions, and action items. Raw transcripts contain filler, off-the-cuff remarks, and sensitive context that is better curated before sharing. Only send the full transcript if the client specifically requests it and you have reviewed the content first.

Should I store AI call notes in my CRM?

Store only what you need: decisions, next steps, commitments, and relevant non-sensitive context. Avoid syncing raw transcripts to your CRM unless there is a clear business reason and the client has approved it. More data in more systems creates a larger exposure surface.

What is the safest AI note-taking workflow for solo operators?

Disclose before recording, record only appropriate call types, use the smallest capture system needed, disable auto-join for sensitive meetings, limit sharing to direct recipients, review AI summaries before sending anything to clients, delete raw materials when no longer needed, and document your retention practice in a simple internal note.


Get the Solo Consultant OS Blueprint

Map your acquisition, onboarding, delivery, and automation stack. Free for subscribers.

  • CRM setup and pipeline configuration
  • Client onboarding automation walkthrough
  • Proposal system with AI prompts
  • Make scenario templates

Free for subscribers

No spam. Unsubscribe any time.