Privacy

Are AI Meeting Tools Training on Your Conversations? What the ToS Actually Says

March 2026 · 7 min read

Most people click "I agree" on Terms of Service without reading a word. And for most software, that's probably fine. But when the software is sitting in on every meeting you have, listening to client calls, board discussions, salary conversations, acquisition talks. The fine print starts to matter a lot.

The AI meeting tool space has exploded. Otter.ai, Fireflies.ai, Zoom AI Companion, Fathom, Avoma, tl;dv. There are dozens of them now. They all promise to save you time by transcribing your meetings and surfacing action items. What they don't advertise prominently is what they do with that audio and transcript data after the meeting ends.

So we read the terms. Here's what we found.

Otter.ai

Otter.ai is probably the most widely used AI meeting transcription tool. Their privacy policy states that they collect "Content," which includes your recordings, transcripts, and notes, and may use it "to provide, maintain, and improve our Services."

The phrase "improve our Services" is the one to watch. In the world of machine learning, improving a service almost always means training models on data. Otter.ai has acknowledged using aggregated data to improve their AI, though they say individual user content is handled with privacy protections.

The key detail: unless you're on an enterprise plan with a specific Data Processing Agreement, you're on the standard consumer terms. As of our March 2026 review, standard accounts' transcripts remain on Otter's servers until you manually delete them, and the terms allow using anonymized or aggregated data to improve their models. Verify the current terms directly with Otter before relying on this.

From Otter.ai's Terms of Service (reviewed March 2026):

"By uploading, submitting, storing, sending or receiving content to or through our Services, you give Otter a worldwide license to use, host, store, reproduce, modify, create derivative works... and to publish such content."

That's a broad license. Otter uses it primarily to provide the service: syncing across your devices, generating summaries, and so on. But "create derivative works" is language that covers a lot of ground in an AI context.

Fireflies.ai

Fireflies' current policy (reviewed March 2026) is more explicit than most. They state: "We do not use personal information for AI model training and we contractually prohibit our vendors from using this information for their own model training." They also impose a Zero Data Retention policy for meeting content, covering audio, video, transcripts, and summaries. Verify current terms directly at fireflies.ai/privacy.

That said, Fireflies is still a cloud service. Your audio and transcripts leave your machine and are processed on their servers. Their security controls and retention commitments depend on the company honoring them over time, across any future acquisition, leadership change, or business pivot. The Zero Data Retention policy is a strong commitment today. Whether it survives the company's next decade is a different question.

Fireflies provides cloud storage for your transcripts so you can access them (800 minutes on the free plan). Their Zero Data Retention policy applies to backend processing, not to your stored content. If you stop paying, ask directly what happens to your stored transcripts before adopting the tool for sensitive meetings.

Zoom AI Companion

Zoom had a rough 2023. After updating their ToS to explicitly allow using customer data to train AI models, the backlash was fast and loud. They reversed course within days. Their current terms (reviewed April 2026) state an absolute prohibition: "Zoom does not use any of your audio, video, chat, screen sharing, attachments or other communications-like Customer Content to train Zoom or third-party artificial intelligence models." No consent qualifier. Verify at zoom.com/en/trust/terms.

That reversal matters, but it also reveals something: this is the default posture these companies reach for. The fact that they tried it, saw the reaction, and backed off doesn't mean the instinct went away. It means they know users will push back if they're explicit about it.

Even with the updated language, Zoom AI Companion still sends your meeting audio and transcripts to their servers for processing. The data leaves your machine. Zoom has access to it. Their privacy policy allows them to use aggregated, de-identified data derived from meetings. The training concern may be addressed, but the cloud access concern is not.

Fathom (the exception worth noting)

Fathom stands out in this space. As of our March 2026 review, their privacy documentation is unusually clear and direct. They commit to not selling your data, not using meeting content to train AI models, and not sharing it with third parties beyond what's needed to run the service. Verify this directly with Fathom, as terms can change.

That said, Fathom is still a cloud service. Your meeting data still leaves your machine. It still lives on their servers. You're still trusting a company, their infrastructure, their employees, and their future business decisions, including any acquisition that might bring new owners with different priorities.

This is the fundamental problem with cloud meeting tools: even the trustworthy ones require trust.

Why "De-identified" Doesn't Mean Safe

Several of these tools claim that any data used for model training or research is de-identified first. It's worth understanding why that claim deserves skepticism.

A meeting transcript from your company contains a lot of signal. Project names. Client names. Internal terminology. Pricing discussed with a prospect. The name of the competitor you're worried about. Even if the transcript is stripped of your name and email address, a determined actor with access to the corpus could reconstruct a lot about who it came from.

This isn't a paranoid hypothetical. Research on de-identification consistently shows that meeting transcripts, medical records, and similar "rich" datasets resist true anonymization far better than simple tabular data. A 2019 study found that 99.98% of Americans could be re-identified from just 15 demographic attributes. Transcripts have far more signal than that.

The Business Model Problem

There's a structural issue here that goes beyond any individual company's stated policy. Most of these tools are venture-backed startups. They're spending far more than they're making, with the expectation of a future exit, either through an IPO or acquisition.

When that acquisition happens, the buyer gets access to the data. The new owner may have very different ideas about what "improving our services" means. Privacy policies change. Terms of service change. The company that promised to protect your data in 2024 may be owned by someone else entirely by 2027, and your data, years of meeting transcripts, comes along with the deal.

This isn't speculation. It's how software acquisitions work.

What "Local-Only" Actually Means

The alternative is software that never sends your data anywhere in the first place. No cloud processing. No servers. No ToS that a future buyer can reinterpret.

MeetingVault works entirely on your Mac. The transcription runs on-device using Apple Silicon. The transcript stays on your machine. The audio is processed locally and then discarded. It's never stored, not even on your device. No one at MeetingVault can read your meetings because we never receive them.

There's no ToS clause to worry about because there's no data to govern. The legal question "can they use this to train their AI?" doesn't apply when your data never leaves your hardware.

This approach involves a tradeoff. You don't get cross-device sync from a cloud service. You don't get browser extensions or integrations that require a server. What you get is a hard guarantee that your meeting conversations stay yours, not because a company promises they will, but because they can't access them at all.

Questions Worth Asking Before You Choose a Tool

Before you enable AI transcription for your next meeting, a few things worth knowing:

  • Does the tool process audio locally or send it to a server? If the product description doesn't answer this clearly, assume it's cloud-processed.
  • Does the free plan give the company broader data rights than the paid plan? Often yes.
  • What happens to your data if you delete your account? "A reasonable retention period" is not a clear answer.
  • Has this company changed its ToS in the past two years? Zoom did. Others have too.
  • Who owns this company now, and who might own it two years from now?

None of these questions have clean answers for cloud meeting tools. That's not an indictment of any particular company. It's just the reality of what cloud software is.

The Bottom Line

Most AI meeting tools handle your data responsibly, most of the time, under their current ownership, according to their current ToS. That's a lot of qualifiers.

If you discuss anything in meetings that you'd be uncomfortable seeing in a court subpoena, a competitor's hands, or a future acquirer's data lake, you should understand what you actually agreed to when you clicked "I agree."

The fine print is available. Most people just never read it.

MeetingVault never sees your meetings.

Transcription runs entirely on your Mac. No cloud, no server, no ToS to read. Your meetings stay yours, by design and not by promise.

Join the Waitlist
← All articles

TOS and policy claims in this post are based on our review of publicly available privacy policies and terms of service, last reviewed March 22, 2026. Policies may have changed since then. Always verify directly with the vendor before making purchasing or compliance decisions.