Is Otter.ai Safe for Freelance Client Calls? A Plain-English Review

Most freelancers I know discovered Otter.ai the same way: a client said “we use Otter for notes,” joined the call as a participant, and suddenly an AI bot was transcribing the meeting before anyone clicked accept. The convenience is real. The transcripts are good. But after a New York Times piece in early May 2026 noted that AI note takers are making law firms visibly anxious about confidentiality, it is worth asking the plain question solo workers should have been asking all along: what does Otter.ai actually do with a meeting that contains a client’s name, contract terms, or business numbers? This review walks through the privacy policy as written, the freelancer-specific risks, and what to do if you keep using it. Verdict preview: use with caution, and never on raw recordings of paid client calls without explicit setup work.

What Otter.ai does with your data

Otter.ai positions itself as a meeting assistant, and the company describes its handling of personal information in a single privacy document that was last updated in mid-May 2026 (per Otter.ai’s privacy policy, retrieved 2026-05-22). The structure is fairly typical for a US-headquartered AI vendor, but a few specifics matter for solo workers.

Otter identifies itself as the data controller under applicable privacy law and lists its registered address in Mountain View, California. When you sign up, the company collects what you would expect: account details, billing information, audio recordings you upload or capture, transcripts derived from those recordings, and the usual usage telemetry (device model, IP, browser, approximate location).

The training-data clause is the part freelancers should read twice. The policy says Otter.ai trains its proprietary AI on what it calls de-identified audio recordings, and also trains on transcriptions to improve service accuracy, and that those transcriptions can themselves contain personal information. Separately, the document says manual human review of specific audio clips for further model refinement requires explicit permission, typically captured when a user rates a transcript and checks a box giving permission for that recording to be accessed for training and product improvement. So there is a baseline level of training on de-identified material that you do not separately opt into, plus a layer of human review that is gated by an explicit consent action — those are two different things, and the policy is clearer about the second than the first.

On sharing: Otter routes data to Google Analytics, Amplitude, and Facebook for analytics and advertising measurement, processes payments through Stripe, integrates with third-party programs like Google Calendar when you connect them, and discloses personal information to law enforcement or in a corporate sale. Retention is described in deliberately open terms — the policy commits only to keeping personal information for as long as the stated purposes or legal obligations require, without naming a specific window for transcripts or recordings.

For European users the policy points to a Data Privacy Framework appendix and lists the standard set of access, correction, erasure, portability, and consent-withdrawal rights. California residents get a separate privacy notice with CCPA-grade detail.

What this means for solo freelancers

Here is where the policy meets the jobsite, so to speak. Three concrete scenarios are worth thinking through, because they are exactly the situations our methodology flags when we evaluate any AI tool used in solo client work.

Scenario one: the freelance copywriter on a brand strategy call. The client describes an unannounced product, names internal team members, and shares revenue figures. Otter transcribes it. The freelancer never opts the recording into manual human review, so the explicit-consent training pipeline never touches it. But the de-identified-audio training pipeline is a different system, and based on the policy as written it is not clear whether the freelancer can fully opt that out without leaving the platform or moving to an enterprise plan with different terms. For a one-time prospect call, fine. For an ongoing engagement with NDAs, that ambiguity is uncomfortable.

Scenario two: the freelance accountant taking a discovery call. The prospect shares the name of their company, their bank, the rough size of their tax problem. Otter writes that into a transcript. Some of that transcript ends up in the analytics layer (the policy explicitly names Google Analytics, Amplitude, Facebook for ads), and even though the content of a transcript is not the same as analytics event data, the freelancer is now responsible for explaining to that prospect — if asked — exactly where the conversation went and who has it. Most solo accountants cannot answer that question precisely from a thirty-thousand-character privacy policy.

Scenario three: the freelance UX consultant working with EU clients. The Data Privacy Framework is the post-Schrems-II framework that lets US vendors lawfully receive EU personal data, but the controller-processor relationship for a freelancer running Otter on a call with an EU client is genuinely murky. Based on the policy as written, Otter holds itself out as a controller for the personal information it collects, which means the freelancer needs their own data processing agreement story for the client, not just Otter’s terms — and a freelancer rarely has the leverage or template to negotiate that.

None of this is a claim that the tool itself violates any law. It is a claim that the responsibility to explain a recorded client conversation does not stop at the vendor’s policy page. The freelancer is the one in the call, and the freelancer is the one the client will email when something feels off.

How to use it safely

If Otter is already in your stack and you do not want to rip it out, there is a workable middle ground. Settings first, workflow second.

Inside the Otter app, four settings deserve immediate attention:

• Account, then Settings, then privacy controls — turn off the option that allows your recordings to be used to improve transcription quality if you see it (this is the manual-human-review consent toggle).
• Calendar integration — disconnect Google Calendar unless you actively need it; the calendar connection is what creates the “Otter bot auto-joins your meetings” behavior that catches participants by surprise.
• Meeting Assistant — switch automatic recording from “all meetings” to “manual only” so nothing records unless you intentionally start it.
• Sharing defaults — set new conversations to “private” by default so they do not propagate into a workspace others can see.

For shared workspaces, create a dedicated freelance workspace separate from any personal Otter usage. Use a work-only email address. If the plan tier supports SSO, enable it; SSO accounts have a cleaner deletion trail and a cleaner audit story when a client asks.

Workflow side: before a client call you want transcribed, three steps cover most of the risk.

• Tell the client at the start of the call that the meeting is being transcribed and name the vendor. Explicit notice removes the consent question across most US states and EU jurisdictions.
• Redact obvious sensitive identifiers before you save or export the transcript: client legal name, bank, contract value, anyone else’s name mentioned in passing.
• After the engagement ends, delete the transcript and the recording individually. The vendor’s open-ended retention language only protects you if you actively remove material once the necessity is gone.

For anything covered by a non-disclosure agreement, by HIPAA-adjacent obligations, or by EU client work where the DPA chain matters, the safer default is to record on your own device, transcribe locally with a tool that does not phone home, and keep Otter out of the loop entirely.

Privacy-friendlier alternatives

For freelancers who want a meeting transcription workflow without the open questions above, three alternatives sit higher on the privacy ladder. Match the choice to the kind of work you do.

Fathom is the closest direct replacement and the alternative most often named in freelancer threads. The free plan handles unlimited recordings, the paid plan starts around fifteen dollars per user per month, and the company markets itself explicitly on the not-trained-on-your-recordings angle. For solo workers who want the Otter workflow with a friendlier default privacy posture, Fathom is the first place to look.

For the team-of-one who wants the conversation to never leave their machine in the first place, a local transcription stack built on Proton Drive for storage plus an on-device tool like MacWhisper (paid one-time fee, runs OpenAI’s open-source Whisper model locally) keeps the audio off any vendor’s training pipeline by definition. Pricing band: Proton plans start around four dollars per month and the one-time desktop transcription tool is in the thirty-to-sixty-dollar range. This is the strongest privacy posture but it does not auto-join meetings — you record manually and process afterward. Right answer for client work under NDA.

For password management of the Otter account itself (because most freelancers will inevitably share workspace access with a VA or a client occasionally), Bitwarden offers a free open-source baseline with a paid tier under four dollars per month, and 1Password has a freelancer-friendly tier with shared vaults. Either of these gives you a clean trail when an engagement ends and you need to revoke access fast.

A second-screen hardware note: if you take client calls from a coffee shop or coworking space, plug a hardware security key into your laptop for the Otter login itself. Affiliate-friendly options exist on Amazon (YubiKey 5C NFC) in the fifty-to-sixty-dollar range. It does not change Otter’s policy but it does keep your transcripts out of the wrong hands if your account gets phished.

Frequently asked questions

Is Otter.ai GDPR-friendly for EU client work?

Based on the policy as written, Otter.ai relies on the Data Privacy Framework for transfers of EU personal data to the United States, lists itself as a data controller for the information it collects, and offers the standard EU rights set (access, erasure, portability, objection). The practical issue for a freelancer is that the controller-processor relationship with an EU client is not automatic, and a freelancer needs their own data processing agreement story with that client — not just Otter’s terms. For one-off work this is usually fine. For ongoing engagements with NDAs or sensitive data, treat it as a yellow flag, not a green one.

Can I use Otter.ai for HIPAA-covered client work?

Otter.ai’s standard plans are not marketed as HIPAA-eligible and the consumer-tier policy does not commit to a Business Associate Agreement. If your freelance work touches protected health information — therapy notes, medical billing context, anything where HIPAA applies to your client — Otter at the consumer or business tier is not the right tool, and the safer path is a local transcription workflow or a vendor with an explicit BAA in place.

Does Otter.ai train on my prompts or recordings?

According to the policy retrieved 2026-05-22, Otter trains its AI on de-identified audio recordings and on transcriptions that may contain personal information. Manual human review of specific recordings for further model refinement is described as requiring explicit permission, typically through a feedback-style consent action when you rate transcripts. The two pipelines are described separately. Solo freelancers should treat the de-identified-audio training as baseline behavior and the human-review pipeline as opt-in.

What happens to my transcripts if I cancel my Otter account?

The policy describes retention in open-ended terms — Otter says it keeps personal information for as long as the stated purposes or applicable legal obligations require, without committing to a specific deletion window for transcripts or audio recordings after account closure. The practical takeaway: do not rely on cancellation to clear your history. Delete transcripts and recordings individually before you close the account, and request erasure of remaining personal information under the policy’s stated user rights.

Is there an Otter.ai alternative that explicitly does not train on customer data?

Fathom markets itself most directly on the not-trained-on-recordings angle and is the alternative most often named in freelancer threads. A fully local workflow — record on device, transcribe locally with a Whisper-based desktop tool, store on a privacy-first cloud like Proton Drive — keeps the audio off any vendor pipeline by definition and is the strongest posture for NDA-bound or HIPAA-adjacent client work.

Should I tell every client before recording with Otter?

Yes, and for two reasons. The legal one is that recording laws vary by US state and across EU jurisdictions; some require all-party consent and some require one-party consent, but explicit notice removes the question. The practical one is that the moment the Otter bot joins a call, every participant sees a third-party AI in the room, and a freelancer who has not flagged it in advance loses trust in the first thirty seconds. The right phrasing is short: “I use Otter to transcribe our calls so I can focus on the conversation — let me know if you would prefer I disable it for this one.”

Sources

• Otter.ai Privacy Policy. https://otter.ai/privacy-policy — retrieved 2026-05-22.
• Otter.ai California Privacy Notice (linked from main policy) — retrieved 2026-05-22.
• Otter.ai Data Privacy Framework appendix (linked from main policy) — retrieved 2026-05-22.
• New York Times DealBook, “A.I. Note Takers Are Making Lawyers Nervous.” https://www.nytimes.com/2026/05/09/business/dealbook/ai-notetakers-legal-risk.html — published 2026-05-09.

---

Reviewed by Jérémy, founder of AidTaskPro and GreenBudgetHub. Based in central France. Privacy posture sourced from public policies and vendor documentation as of 2026-05-22.