FeaturesAsk airaPrivacyBlogDownload
← Back to blog

Is recording meetings with AI legal? A practical guide

·4 min read

The short answer

Yes, recording meetings with AI is legal — but the details matter. Consent requirements vary by jurisdiction, data handling practices create compliance exposure, and the tool you choose affects your legal risk more than most people realize.

This isn't legal advice. But it is a practical overview of what you should think about before hitting record.

Consent: the foundation

Recording laws come down to one question: how many parties need to agree?

  • One-party consent means any participant in the conversation can record it. Most US states follow this standard at the federal level.
  • All-party consent means everyone in the conversation must agree to be recorded. States like California, Florida, Illinois, and several others require this.

When participants are in different states or countries, the strictest standard generally applies. For international calls, the rules get even more complex — the EU's GDPR, for example, treats voice recordings as personal data that requires explicit consent.

The practical rule: Always get consent from everyone. Mention recording in your meeting invite, and confirm verbally when the meeting starts. This covers you regardless of jurisdiction.

Where your data goes matters more than you think

Most AI meeting tools work by sending your audio to cloud servers for processing. Your conversation gets uploaded, transcribed by remote servers, and stored in a database you don't control. This creates several legal considerations:

  • Third-party access. Once your data is on someone else's server, it's subject to their security practices, their employees' access, and their legal obligations. Some vendors use meeting data to train their AI models — meaning your private conversations become training data.
  • Cross-border transfers. If the server is in a different country, your data may cross jurisdictions with different privacy laws. GDPR has strict rules about data leaving the EU.
  • Discoverability. In legal proceedings, data stored on third-party servers can be subpoenaed. AI-generated transcripts may not carry the same privilege protections as attorney notes.

These aren't theoretical risks. They're the kind of issues that keep compliance teams up at night — especially in healthcare, legal, and financial services.

Industry-specific considerations

Healthcare (HIPAA)

If patient information might come up in a meeting, HIPAA applies. Any AI tool processing protected health information needs a Business Associate Agreement, end-to-end encryption, and audit trails. Cloud-based meeting tools add complexity because the data leaves your control.

Legal (attorney-client privilege)

Attorney-client privilege can be waived if a third party has access to the conversation. Sending audio to a cloud service for transcription may constitute sharing with a third party — potentially compromising privilege.

Finance (SOX, FINRA)

Financial services have strict record-keeping requirements. Meeting recordings may need to be retained for specific periods while remaining protected from unauthorized access.

How on-device processing changes the picture

Most compliance challenges with AI meeting tools stem from one thing: data leaving your device. When audio gets uploaded to a cloud server, you inherit every legal complexity that comes with third-party data processing.

On-device processing eliminates this entire category of risk. When the AI runs on your phone and the data never leaves your device:

  • There's no third-party data processor to evaluate
  • No cross-border data transfer concerns
  • No risk of your conversations being used to train someone else's AI
  • No server-side breach exposure
  • Attorney-client and doctor-patient privilege remain intact

aira processes everything on your iPhone. The audio, transcription, and summary never leave the device. There's no server to subpoena, no database to breach, no third-party data processing agreement to negotiate. Your compliance surface shrinks to your own device.

A practical compliance checklist

  • Get consent from all participants before recording — mention it in the invite and confirm at the start
  • Know your jurisdiction — when in doubt, assume all-party consent is required
  • Understand your tool's data practices — where is audio sent? Is it stored? Is it used for training?
  • Choose tools that minimize data exposure — on-device processing avoids most third-party data handling risks
  • Implement retention policies — decide how long recordings are kept and delete them when they're no longer needed
  • Review regularly — privacy regulations change frequently, so revisit your practices periodically

Frequently asked questions

Do I need to tell people I'm recording?

Yes. Even in one-party consent jurisdictions, transparency builds trust and avoids uncomfortable situations. Best practice: mention recording in the meeting invite and confirm at the start.

Can my employer require me to use an AI meeting tool?

Generally yes, but employers should provide clear policies about what's recorded, how data is handled, and what consent is needed. Employees in regulated industries should ensure the chosen tool meets their specific compliance requirements.

Is on-device recording safer from a legal perspective?

It significantly simplifies compliance because data never leaves your device. There's no third-party data processing, no cross-border transfers, and no server-side storage to worry about. This doesn't eliminate the need for consent, but it removes most of the data handling complications.

What about recording in-person meetings?

The same consent rules apply. In-person meetings in all-party consent states require everyone's agreement. The advantage of on-device tools like aira is that they work without internet — so you can record in any location without worrying about data being uploaded.

Find out why on-device AI is the privacy-first approach to meeting notes and personal knowledge management.

← Back to blog