Attorney-Client Privilege and AI Meeting Recorders: What Every Lawyer Needs to Know

Your client tells you something in confidence. You pull up Otter.ai to transcribe the call. The audio gets routed through Otter's cloud servers, processed by third-party AI, stored on their infrastructure. You get a clean transcript. Your client never knew any of that happened.

That scenario plays out in law offices every day. And it creates a privilege problem that most lawyers haven't thought through.

What attorney-client privilege actually requires

Attorney-client privilege protects confidential communications between a lawyer and client made for the purpose of seeking legal advice. The word "confidential" is doing a lot of work there.

For a communication to stay privileged, both parties must intend it to be confidential, and the attorney must take reasonable steps to maintain that confidentiality. This is not a passive requirement. Courts have found that voluntarily sharing privileged information with third parties can waive the privilege, even when the attorney didn't intend that result.

Cloud meeting recorders introduce a third party into every conversation you transcribe with them. That's the core problem.

What the bar has said about cloud storage

The ABA addressed lawyer use of cloud services in Formal Opinion 477R (2017). The short version: lawyers may use cloud services, but they must take reasonable precautions to ensure the provider maintains adequate security, understand the service's terms regarding data access and disclosure, and be aware of what happens to the data when stored.

Most state bars have issued similar guidance. The Florida Bar, New York State Bar, and North Carolina State Bar have all weighed in on cloud storage with the same framework: use is permitted, but you own the due diligence.

Here's what that looks like in practice. You need to read the terms of service for any cloud tool that touches client communications. You need to understand where the data is stored, who can access it, and under what circumstances the provider might disclose it. You need to assess whether the provider's security practices meet the standard you'd apply to any other sensitive client document.

Most lawyers using Otter.ai or Fireflies to transcribe client calls have done none of this.

What Otter.ai, Fireflies, and Zoom AI actually do with your data

When you use a cloud-based meeting recorder, your audio leaves your device. It travels to the provider's servers, where it's processed, transcribed, and stored. The provider retains the transcript and in many cases the audio itself.

Otter.ai's terms allow the company to use meeting content to improve their services. Fireflies stores recordings and transcripts on their servers and offers them to account administrators, not just the individual user who created them. Zoom AI Companion routes transcription through Zoom's cloud infrastructure, and their data practices are governed by whatever enterprise agreement you have in place, which most small firms have never negotiated.

None of these providers are positioned as legal document custodians. They do not have attorney-client privilege. They are not subject to attorney-client privilege. If they receive a valid subpoena for their stored data, they comply.

The inadvertent waiver risk

Inadvertent waiver is one of the messier areas of privilege law. Courts have generally moved toward a "reasonable precautions" standard under FRE 502, asking whether the holder of the privilege took reasonable steps to prevent the disclosure and to rectify it once discovered.

The problem with cloud meeting recorders is that disclosure is not inadvertent in the traditional sense. You chose to use the tool. You intentionally uploaded the client's conversation to a third-party server. Whether a court would treat this as a waiver depends on the jurisdiction and the specific facts, but the argument is there. Opposing counsel can make it. A disgruntled client can raise it. A bar complaint can follow.

The risk is not theoretical. In 2022, a litigation firm in New York faced a bar inquiry after a cloud storage vendor's data breach exposed client documents the firm had stored on the vendor's servers. The question of whether reasonable precautions were taken became the center of the investigation.

The meetings that carry the most risk

Not every call has the same exposure. Some legal conversations are more sensitive than others.

Client intake calls are high risk. These conversations often include the most sensitive facts in the representation, facts the client is sharing before they have even signed a retainer. The privilege attaches even before formal engagement, but the client's expectation of confidentiality is at its highest, and you haven't even signed them yet.

Deposition preparation is extremely high risk. Work product doctrine protects your strategy, your witness coaching, your theory of the case. Sending deposition prep recordings to a cloud AI service creates exposure that work product protection was designed to prevent.

Settlement negotiations involving specific numbers, authority limits, or client instructions are the kind of communications that become decisive exhibits if privilege is later disputed.

Expert witness preparation is increasingly scrutinized in discovery. Courts have divided on what portions of attorney-expert communications are protected. Adding a third-party cloud service to that picture makes it worse.

What local transcription actually fixes

The privilege problem created by cloud meeting recorders has a structural solution: transcription that never leaves your machine.

Local AI transcription actually works now. Apple Silicon chips run speech recognition models fast enough to transcribe in real time or near-real time. The accuracy from local Whisper-based models now matches cloud APIs for standard legal conversations. You don't need to route your client's words through a data center in another state to get a usable transcript.

When transcription happens locally, there is no third party. No data in transit. No external server storing your client's words. The communication stays between you and your client, which is where privilege law expects it to be.

The bar's "reasonable precautions" standard is also much easier to satisfy. You are not relying on a vendor's security practices, their terms of service, their breach response procedures, or their compliance with a subpoena they receive two years from now. You control the data. You can delete it. You can encrypt it. You can apply whatever document management practices your firm already uses for privileged materials.

What a clean setup looks like

A defensible AI meeting setup for legal work has a few requirements.

Transcription must happen on-device. No cloud processing. No audio upload. The tool should have no ability to phone home with your content.

Audio should be discarded after transcription. The transcript is the useful artifact. The raw audio recording of a client conversation is a liability. A good tool transcribes locally and deletes the source audio.

The transcript should stay on your device or move only to storage you control. That means your firm's document management system, your encrypted local storage, not a SaaS vendor's cloud.

You should be able to explain the entire data path to a client who asks. "It runs on my Mac, nothing leaves my computer, the recording is deleted after it's transcribed" is a clear and defensible answer. "It goes through Otter.ai's servers and they process it using AI" is not.

The disclosure conversation most lawyers skip

Even with a clean local setup, there is a practice question worth considering: should you tell your clients you use AI transcription tools at all?

The emerging consensus among ethics scholars is yes, at least when AI plays a real role in how you handle the case. A growing number of state bars are moving toward requiring disclosure of AI use in legal work. Getting ahead of that with a standard disclosure in your engagement letter costs nothing and demonstrates competence.

The disclosure is also far easier to have when the tool is local-only. You can say "I use an AI tool that runs on my computer to help me take accurate notes. Your conversation never leaves my device and the recording is deleted." That's a sentence clients can understand and accept.

Where MeetingVault fits

MeetingVault is a Mac app that transcribes meetings locally using Apple Silicon. Audio is processed on your device and discarded when the session ends. The transcript stays on your machine. Nothing is sent to the cloud.

For lawyers who want accurate meeting notes without routing client conversations through a third-party service, that's the architecture that fits what the bar's ethics opinions describe.

MeetingVault is currently in pre-launch. You can join the waitlist at getmeetingvault.com.