Is Fireflies AI Safe for Freelance Client Calls? Review

You sit down for a discovery call with a new client. Your AI notetaker, Fireflies.ai, joins the meeting, records every word, generates a transcript, and stores it in your dashboard so you can search “what did Marc say about the November deadline” three weeks later. For solo freelancers handling client calls, this workflow is genuinely useful — until you read the policy and notice that meeting audio passes through third-party transcription vendors, voice characteristics get extracted as biometric data, and Illinois courts are actively litigating whether the bot needed every participant’s written consent before sitting in the corner of that Zoom. Below is a plain-English read of what Fireflies does with your client meetings, what it means if you handle paid client work, how to use it more safely, and our final verdict.

What Fireflies does with your data

Fireflies.ai records the audio and video of meetings you connect it to, generates a transcript, builds a summary, and stores all of it tied to your account. According to Fireflies’ privacy policy (retrieved 2026-05-26, last updated by the vendor on 2026-03-06), the company collects account information, meeting transcripts, audio and video files, voice characteristics extracted for speaker diarization, payment data, and standard analytics about how you use the product.

On training data, Fireflies takes a clear public stance: personal information is not used to train AI models, and vendors who process meeting content are contractually barred from using it for their own model training. The policy also asserts a Zero Data Retention arrangement for meeting content with its third-party vendors, meaning audio, video, transcripts, and summaries are not retained by those vendors after the processing call completes. This is more restrictive than what you get from many consumer AI tools by default, and our review methodology weights this kind of contractual restriction heavily.

The piece freelancers should pay attention to is voice data. Fireflies states that service providers may extract speaker-voiceprint characteristics from meeting audio to tell participants apart in the transcript. In some U.S. states — most notably Illinois under BIPA — those voiceprints can be treated as biometric identifiers requiring written consent from every participant. Fireflies argues the vendors don’t use these voiceprints to identify individuals and Fireflies’ own servers never receive them, but the company is currently defending at least two BIPA class actions filed in March 2026 in the Northern District of Illinois that allege otherwise (see the Workplace Privacy Report analysis and the All About Lawyer breakdown, both linked at the end).

Retention is account-tied: as long as your account is active, personal information stays. If you close the account, Fireflies says it will delete the associated personal information within thirty days. Meeting recordings can also be deleted on request by participants who don’t have an account by contacting the meeting host.

What this means for solo freelancers

Three concrete risk scenarios apply to solo workers who deploy Fireflies on client calls.

First, consent is on you, not the vendor. The policy and the active BIPA litigation both make clear that meeting recording laws are jurisdiction-specific. If your client is in Illinois, California, or any state with a two-party-consent statute, the bot joining the call is your event to disclose — Fireflies provides the tool, but the obligation to obtain participant consent before recording sits with the meeting organizer. Based on the policy as written, deploying the bot without an explicit, documented consent step before the meeting starts carries the risk that a participant could later claim their voiceprint was captured without authorization.

Second, the contents of client discovery calls are sensitive business data. If a prospective client walks through their pricing strategy, a confidential product roadmap, or a personal-injury legal matter on a call you’re recording, that transcript lives in your Fireflies workspace. The Zero Data Retention vendor arrangement is helpful, but your own copy in your Fireflies account is fully retained until you delete it. A workspace breach or a careless share link exposes that transcript the same way an unsecured Dropbox folder would.

Third, EU clients introduce a controller-processor question. When you record a meeting with a client based in Germany, France, or another EU jurisdiction, the call audio contains personal data about that participant. Under the GDPR framework Fireflies acts as a processor and you act as the controller, which means a written data processing agreement should be in place between you and Fireflies before client meetings start. Fireflies does publish a Data Processing Addendum, but you have to opt in by signing it — having an account does not automatically mean a DPA is on file.

How to use it safely

If Fireflies stays in your stack, tighten the configuration before the next client call. The following six steps cover the highest-leverage settings to adjust right now.

1. Sign the Data Processing Addendum from the Fireflies legal page if you handle any EU client data — a free step that gets you the contractual paperwork courts care about.
2. Add a clear opening line to every recorded meeting: “I’m using Fireflies to take notes — is everyone comfortable with that?” Press record only after participants verbally confirm, and save the consent line in the transcript itself as the documented record.
3. Default meeting visibility to “only me” rather than workspace-wide, so future collaborators do not inherit access to historical client transcripts without an explicit share decision.
4. Turn off any auto-share-to-CRM integrations you do not actively use — Fireflies pushes data into Salesforce, HubSpot, and similar tools by default once integrations are connected.
5. Set a calendar reminder to delete transcripts older than ninety days unless you have a specific reason to keep them. The safest data is data you no longer hold.
6. Review the third-party app connections list quarterly and revoke anything you no longer recognize or use.

For sensitive client work — legal intake, medical practice, anything touching financial data, or any conversation with a participant located in a two-party-consent jurisdiction — consider not recording at all. Take notes by hand, switch to a fully local transcription tool that never sends audio off your machine, or write the summary yourself immediately after the call while the conversation is still fresh. Convenience is a real factor, but a recorded call you cannot fully control is a liability you carry indefinitely, especially while the BIPA cases against AI meeting bots are still being argued in U.S. federal courts.

Privacy-friendlier alternatives

If the BIPA litigation, the voiceprint extraction, or the always-on cloud retention is a dealbreaker, three alternatives sit at different points on the privacy spectrum, all matched to the same freelancer use case of meeting capture and summarization.

Granola (granola.ai) — runs transcription locally on your Mac. The audio never leaves your device for the transcription step itself, and you control whether to send the transcript to an LLM for summarization. Pricing starts around $18 per month for individuals. Best fit for solo freelancers on Apple silicon who want AI notes without the cloud-recording footprint.

Whisper running locally via MacWhisper or whisper.cpp — fully on-device transcription using OpenAI’s open-weight Whisper model. Zero data leaves your machine. No biometric voiceprint extraction. MacWhisper is a one-time $69 purchase; whisper.cpp is free and open source. Best fit for freelancers comfortable with a slightly more technical setup who handle highly sensitive client matters (legal, medical, financial).

Pen and paper, plus a basic encrypted hardware notebook or a 1Password secure note for action items — for the highest-stakes calls, the cleanest workflow is no recording at all. Take live notes, capture action items immediately after, and accept the small productivity cost as the price of a clean privacy posture. This is the only approach that makes you fully immune to the recording-consent debate currently playing out in U.S. courts.

For freelancers who want to lock down the rest of the stack while they figure out their meeting tooling, a NordVPN subscription on the same workstation that handles client calls reduces network-level leakage from other tools running in the background, and Proton for end-to-end-encrypted email handles the contractual paperwork side cleanly.

The verdict

Frequently asked questions

Does Fireflies train its AI models on my meeting transcripts?

Based on the privacy policy as written (retrieved 2026-05-26), Fireflies does not use personal information to train its AI models, and contractually prohibits its third-party vendors from using meeting content for their own model training. The vendor also operates a Zero Data Retention arrangement with those processors for meeting content. This is a stronger public stance than several competing AI meeting tools, but it does not eliminate the underlying data exposure of the transcript living in your Fireflies workspace.

Is Fireflies safe to use with EU clients under GDPR?

Based on the policy as written, Fireflies positions itself as a data processor and offers a Data Processing Addendum that you, as the controller, can sign. The DPA is not auto-applied to every account, so you have to opt in. With the DPA signed, documented participant consent at the start of each call, and visibility settings tightened to “only me,” the configuration aligns with common GDPR processor expectations. This is policy posture, not legal advice — consult a lawyer for any specific client engagement.

Is Fireflies HIPAA-compatible for therapists or medical freelancers?

Fireflies does not publish a Business Associate Agreement on the same self-serve basis as it does the DPA. Without a signed BAA in place, the policy as written does not support recording protected health information through the platform. For solo medical or mental-health practitioners, our read is to keep PHI off the tool entirely and use a fully local transcription option, or recording-free notes, until the vendor offers a documented BAA.

What is the BIPA lawsuit against Fireflies about?

Two class-action complaints filed in March 2026 in the Northern District of Illinois allege that Fireflies’ AI notetaker extracts voiceprints from meeting participants without obtaining the written consent that the Illinois Biometric Information Privacy Act requires. Fireflies’ policy position is that its service providers extract voice characteristics solely for speaker diarization and do not identify or authenticate individuals. The cases are ongoing as of the snapshot date and will set precedent for how AI meeting bots are treated under state biometric statutes.

Can meeting participants ask Fireflies to delete their voice data?

According to the policy as retrieved, participants who do not have a Fireflies account can request deletion of meeting recordings by contacting the meeting host, who then makes the deletion in their workspace. Account holders can delete content directly. Personal information tied to an account is retained while the account is active, and Fireflies states it deletes the data within thirty days of account closure. There is no published participant-direct delete portal at the time of this review.

How does Fireflies compare to Otter.ai on privacy?

Both vendors face active U.S. recording-consent litigation, both offer DPAs for paid plans, and both retain meeting content in the workspace until you delete it. Fireflies publishes a more explicit no-training, vendor-Zero-Data-Retention stance than Otter’s default-plan public position. Otter has a broader feature set on cross-platform integrations. For a freelancer choosing between them on privacy alone, Fireflies’ written policy is marginally stronger, but neither tool removes the recording-consent burden that sits with the meeting organizer.

Sources

• Fireflies.ai privacy policy, retrieved 2026-05-26, last updated by vendor 2026-03-06 — https://fireflies.ai/privacy-policy
• Fireflies.ai Data Processing Addendum, retrieved 2026-05-26 — https://fireflies.ai/data-processing-agreement
• Fireflies policy update changelog, retrieved 2026-05-26 — https://guide.fireflies.ai/articles/6892479029-fireflies-ai-updates-to-our-privacy-policy-terms-of-service-data-processing-addendum
• “AI Meeting Assistants and Biometric Privacy: Governance Lessons from the Fireflies.AI Lawsuit,” Workplace Privacy Report, April 2026 — https://www.workplaceprivacyreport.com/2026/04/articles/artificial-intelligence/ai-meeting-assistants-and-biometric-privacy-governance-lessons-from-the-fireflies-ai-lawsuit/
• “Fireflies.AI Lawsuit 2026: Was Your Voice Data Collected?,” All About Lawyer — https://allaboutlawyer.com/fireflies-ai-biometric-privacy-class-action-lawsuit-2026/
• “AI Meeting Recorder Lawsuits 2026: Otter.ai, Fireflies, and Recording Compliantly,” tl;dv blog — https://tldv.io/blog/ai-meeting-recorder-lawsuits/

Reviewed by Jérémy, founder of AidTaskPro and GreenBudgetHub. Based in central France. Privacy posture sourced from public policies and vendor documentation as of 2026-05-26.

[INTERNAL_LINK_TO_CLUSTER_ai-privacy-reviews] [INTERNAL_LINK_TO_CLUSTER_ai-privacy-reviews]