AI transcription and note-taking products are exploding in popularity. At this point, who hasn't…

• cringed reading back that auto-generated Teams transcript (I use that many "ummmmms" on purpose to make me more relatable)?
• wondered why an Otter is joining your Zoom meeting (hint: it's the software type, sadly not a cute new animal friend)?
• thought twice about the physician's assistant pressing record when they ask what brings you in for that day's visit (answer: a visit to the trampoline park with my toddler)?

If you haven’t yet been beset by one of these indignities… you will be soon! And to be perfectly honest, for good reason. Among the many AI tools flooding the market, transcription and note-taking apps are among the most useful. They work pretty well and they can be deployed right now, often within the apps your team already uses (Zoom, Teams, Webex, etc.).

For those unfamiliar, they work like this: set some configurations, hit “Record,” and—voila!—a few minutes after the meeting wraps, you get a summary with key points or a rough transcript (sometimes both). Efficiency improves, confusion diminishes, and meaningful tasks get more focus.

But using these tools isn’t risk-free. Far from it. Here are some simple suggestions for taking advantage of these tools while also reducing your risks:

Set enterprise-wide “default-off” settings. Many apps, such as Teams, allow you to enable an “always-on” setting, so that every meeting you set up will be recorded and transcribed. We suggest the opposite. Set the default to “off,” so that your employees have to actively select—preferably after thinking a bit—to record a meeting.

Define and enforce “no-go” zones. AI note-taking and transcription apps are best for low-stakes meetings where precision isn’t key. Want a good 5-item summary of the to-do list coming out of a planning meeting for the company picnic? These tools are right for you! How about from a board meeting? Critical strategic-planning session? Discussion of trade secrets? Tough HR decisions? Meeting with the lawyers? Not so much! There are a few reasons why:

1. If you’re using a third-party app, particularly if it’s not an enterprise version with a closed company instance, it might be collecting or training on your data. That could make it way more difficult to argue that your trade secrets are, in fact, trade secrets or that your attorney-client communications are attorney-client privileged.
2. These apps are good but not perfect. So, relying on them—particularly if you don’t closely review the outputs or have a human taking separate “control” notes—might expose you to significant risks. The board’s discussion or strategic-planning session might eventually become relevant in litigation or a regulatory investigation. And, at that point, you’d hate for the transcript to read “We definitely should collude with our competitors to set the prices on these consumer goods.” It wouldn’t be fun to be on the witness stand trying to explain that there was a “not” in between “should” and “collude.”
3. Context is key, but tough for a bot to pick up. A team member’s purposeful vagueness or sarcasm might get picked up by a note-taker as literal. Board member John’s tongue-in-cheek quip, “Oh, I definitely read all 1,000 pages of that report! Seems like a great idea.” might become the note-taker app’s “Point 3: Board member John confirmed he read the full report and supports the conclusions of: ‘Nuclear Waste Dump Sites: A Case for Elementary Schools’.”

Update your policies and disclosures. Using these tools for run-of-the-mill internal meetings should not, in most cases, present significant concerns regarding privacy and consent. Just make sure you’ve covered the topic in your policies, assessed them against applicable regulations (an increasing number!) and, where necessary, cleared the technologies with works councils and unions.

Consider consent for external deployments. It’s different, however, when your use of the tools is external-facing (e.g., analyzing customer-service calls with consumers or summarizing a patient’s concerns during a doctor visit). This scenario poses several different problems:

• You might not have a preexisting relationship, contractual or otherwise, under which you could have obtained the customer’s or patient’s consent. This has already been the focus of some “wiretapping” litigation where the conversation was being processed, stored, and possibly used in training by the note-taking app’s developer—arguably a third-party “tapping” the conversation. (See Lisota v. Heartland Dental, LLC (N.D. Ill. 2025); Galanter v. Cresta Intelligence, Inc. (N.D. Cal. 2025)). 
• Even if you get consent generally, you still risk having narrower consent gaps—especially if you’re not familiar with the technology in use. Plaintiffs’ attorneys continue to develop novel theories of liability, and undisclosed uses or other “gaps” are one. Under this type of theory, even if you disclose that you’re using a note-taker app, you might hear from a plaintiff that you nonetheless failed to disclose that the app is not just producing a summary of the call for your business’s use, but also that the app developer is using the recording to train its models.
• Consumer rights and sensitive data are hot right now—not just among plaintiffs’ attorneys, but with regulators too, so any type of consumer-facing deployment should be closely scrutinized before deployment. Given AI’s novelty and vendors’ many approaches to privacy and security, it’s also not hard to accidentally run afoul of regulations that require you to ensure your vendors are providing adequate levels of protection, such as HIPAA.

Before any external deployment, first seek to understand the tool’s functionality and the terms your business agreed to when purchasing it. After that, get consent that fits the tool: before the recording starts, disclose in clear and conspicuous terms what tools you are using, their purpose, and how the collected data will be used, then obtain, document, and retain the consumer’s affirmative consent.

Dive into details during diligence. Before the purchase is the best time to develop your understanding of an AI tool (note-taking or otherwise) and the contractual terms that come with it. This basic diligence, which can be integrated into your existing vendor management program, can help you spot problems and avoid unnecessary risks, either via commercial contract negotiation or simply walking away from an unworthy vendor. Most critically, in your commercial agreements and DPAs covering these tools, make sure you: prohibit training/reuse; set location/retention limits; require deletion on demand; and confirm that the terms align to the product’s specifications and privacy materials.

Turn off risky features. Some tools offer capabilities like “sentiment analysis” or “coaching” tools. Unless your business finds these tools genuinely useful and accurate, turn them off. They often skirt or cross the line of what developing AI regulations (like the EU AI Act) restrict or prohibit.

Prevent BYO-bot. Even if your business takes every precaution, your business partners might not. Your vendors and clients might show up to meetings, especially virtual meetings, with their own note-taking app as a separate attendee. Where possible, try to screen these virtual attendees out in a waiting room. If you’re calling into their platform, ask whether they’re planning to use one of these apps and, if so, evaluate its use against these criteria.

***

We can help

Godfrey & Kahn’s Artificial Intelligence and Data Privacy, Cybersecurity & Technology teams advise on AI governance, consent frameworks, vendor contracts/DPAs, and privilege-preserving workflows. If you’re piloting—or already using—AI note-takers, contact us to review your tools, settings, and client-facing disclosures before the next meeting.