privacy

Where Does Your Meeting Audio Go? AI Transcription Privacy Guide

Understand how AI transcription services handle your meeting data. Compare privacy practices across services and learn what regulations apply to recording.

MinuteKeepApril 16, 2026

Automate your meeting notes. MinuteKeep records your meeting and uses AI to transcribe, summarize, and extract action items. 9 languages, no subscription, 30 min free.

You press record on your meeting. The audio is captured. Then what?

That question matters far more than most people realize. Your meeting contains confidential information—business strategy, personal details, sensitive decisions. The moment you transcribe it, that audio leaves your device and enters a system. And depending on which app you use, that system might be storing, analyzing, or training on your data in ways you never explicitly agreed to.

This guide explains how AI transcription actually works, what happens to your audio data, and the privacy differences between popular services. We'll show you MinuteKeep's approach too—including the parts we know users care about and the parts we know raise questions.

How AI Transcription Data Flows

When you use an AI transcription app, your audio takes a specific journey. Understanding that journey is the foundation of informed consent.

Recording phase: Audio is captured locally on your device (phone, computer, browser tab).
Processing phase: Audio is sent to a transcription service's servers, usually over the internet.
Transcription phase: AI processes the audio and generates a text transcript.
Storage phase: Transcripts are stored somewhere. The original audio may or may not be retained.
Use phase: Your data may be used for service improvement, AI training, analytics, or law enforcement requests.

The critical question at each phase is: What are your rights? Who controls the data? Can they use it for purposes beyond transcription?

What Different Apps Do With Your Data

Transcription services don't all operate the same way. Privacy practices vary significantly—sometimes within the same company's different product tiers.

Otter.ai

Otter captures and transcribes meeting audio. According to its privacy policy, Otter may use transcripts to train its AI model and improve its service. The company stores encrypted data on Amazon Web Services servers but maintains access to the encryption keys. Otter.ai received a class action lawsuit in August 2025 alleging it recorded private conversations and used transcripts to train AI without participant consent.

Key detail: Two-factor authentication is available on all account types, which is a security positive. However, data access for AI training remains a concern for privacy-sensitive conversations.

Descript

Descript emphasizes SOC 2 compliance and data encryption. However, Descript's quality assurance process includes employees reviewing uploaded audio, not just the transcript. The company does not offer two-factor authentication on free or standard accounts (Enterprise only).

Key detail: Human review of your audio is explicit in their documentation, which is transparent but not privacy-maximizing for confidential conversations.

Rev

Rev uses multiple cloud providers (Google Cloud, AWS, and Microsoft Azure) and subcontracts language processing to third-party vendors. Employees are supposedly restricted to data required to perform their job, and staff receive security training.

Key detail: Multi-vendor architecture means your audio touches more hands and more systems than a single-provider approach. Like other services, Rev does not publish a transparency report about law enforcement data requests.

General Pattern

None of these services publish transparency reports. You cannot see how often they receive law enforcement requests, government subpoenas, or regulatory inquiries about user data. You're taking their word that they don't disclose data—but you have no evidence.

This is one reason many organizations now require transcription services to be hosted on private infrastructure or to commit to zero government access policies.

MinuteKeep's Approach to Your Audio

MinuteKeep was designed with a specific privacy principle: your audio is your data.

Here's exactly how MinuteKeep works:

You press record. Audio is captured locally on your iPhone.
You stop recording. The audio file stays on your device until you choose to transcribe it.
You tap "Transcribe." MinuteKeep sends the audio to OpenAI's Whisper API via a Supabase Edge Function (which acts as a proxy).
OpenAI processes the audio and returns the text transcript.
MinuteKeep does not store your audio on any server. The audio is deleted after transcription completes.
Your transcript is stored locally on your device. All your notes stay on your iPhone.

We don't collect usernames, emails, or accounts. No sign-up required. No data shared with third parties beyond OpenAI for transcription.

The honest part: Yes, your audio goes to OpenAI's servers. We believe this is transparent and defensible for several reasons:

OpenAI's API data policy explicitly states that API data is not used for training OpenAI's models. (See OpenAI's API data usage policy.)
OpenAI is a recognized, audited provider with security certifications.
We don't store audio redundantly, re-use it, or keep access to it after transcription.
Users can review OpenAI's privacy policy before they transcribe anything.

What we're not claiming: This isn't "on-device" transcription in the sense that your audio never leaves your phone. That's technically inaccurate, and inaccuracy erodes trust. Your audio does leave your device, goes to OpenAI, and then the audio file is deleted server-side.

Is that different from keeping audio on MinuteKeep's servers? Yes, significantly. Is it different from other consumer transcription apps that run their own ML models on stored audio? Also yes. Is it "perfect privacy"? No. But it's a transparent privacy trade-off: fast, accurate AI transcription in exchange for sending audio to an established third-party provider under their non-training policy.

If you need transcription without any audio leaving your device, you'll need on-device models (which are slower and less accurate). If you want the fastest, most accurate transcription with minimal server-side storage, MinuteKeep's approach is a reasonable middle ground.

Recording Laws and Consent Requirements

Privacy isn't just about data handling. It's also about legality. The moment you press record, you may trigger recording consent laws that vary by jurisdiction.

All-Party Consent States and Countries

Some jurisdictions require all participants to consent to recording. Recording without consent is illegal.

US states requiring all-party consent: California, Connecticut, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Pennsylvania, and Washington.

International: GDPR (European Union) requires explicit, informed consent for recording any meeting that includes EU participants. Consent must be freely given, specific, informed, and unambiguous. You cannot use pre-ticked boxes. You must ask before recording starts.

The practical implication: If one meeting participant is in California or in the EU, you must inform all participants and get their consent before pressing record. Violating all-party consent laws can result in criminal liability in some jurisdictions.

One-Party Consent Jurisdictions

Most US states and many countries allow recording if at least one party consents—usually the person doing the recording. If you're recording your own meeting (and you're a participant), you may be compliant. But check your local laws. One-party consent doesn't mean zero consent; it means one person's consent is sufficient.

GDPR-Specific Requirements

Under GDPR, if your meeting includes participants in the EU:

You must inform them before recording starts
You must explain why you're recording
You must state how long the recording will be kept
You must link to your privacy policy
You should provide a verbal reminder at the meeting start

Consent cannot be assumed from silence. You need affirmative agreement.

Non-compliance penalties: Up to €20 million or 4% of annual global turnover, whichever is higher.

What This Means for Transcription

If recording requires consent, transcription does too. You're not just capturing audio; you're converting it into a searchable, shareable format. That increases the sensitivity and the legal risk.

Best practice: Before transcribing a meeting, verify you have consent from all participants to both record and transcribe. This is especially important if the meeting includes participants from EU countries, all-party consent states, or sensitive contexts (legal, medical, confidential business discussions).

Protecting Your Transcription Data

Beyond choosing an app with strong privacy practices, you can take steps to minimize risk:

Inform participants upfront. Tell them at the start of the meeting that you'll record and transcribe. Get explicit agreement.
Know your local laws. If you operate in multiple jurisdictions, follow the strictest rule.
Limit access. Don't share transcripts unnecessarily. Treat transcripts as confidential documents.
Use secure storage. If you sync transcripts to cloud storage, ensure encryption is enabled.
Delete old records. Set a retention policy and delete transcripts you no longer need. Don't keep meeting audio indefinitely.
Understand your provider's obligations. Read the privacy policy. Know whether your data can be used for AI training or law enforcement disclosure.
Consider industry requirements. If you work in healthcare, law, or finance, your industry may have specific recording and transcription rules (HIPAA, attorney-client privilege, financial regulations).

Frequently Asked Questions

Q: Does MinuteKeep store my audio? No. Your audio is sent to OpenAI's API for transcription and then deleted. Transcripts are stored locally on your device. MinuteKeep doesn't store audio on any server.

Q: Can OpenAI use my audio to train its models? No. OpenAI's API data policy explicitly excludes API audio data from model training. However, if you have concerns about this, review OpenAI's policy directly or use an alternative service.

Q: Is MinuteKeep encrypted? Transcripts are stored locally on your device using iOS's standard data storage mechanisms. Audio is encrypted in transit to OpenAI (HTTPS). MinuteKeep itself doesn't apply additional encryption to stored transcripts on-device—you rely on your iPhone's device-level security.

Q: What if I'm recording a meeting with participants in the EU? You must get explicit consent before recording. GDPR doesn't have an exception for casual meetings or internal calls. If anyone is in the EU, assume GDPR applies.

Q: Can I be sued for recording someone without their knowledge? Yes, if you're in an all-party consent state and you record someone without their consent, they can sue you—and it may be criminal. Even in one-party consent states, if you transcribe someone's private conversation without consent, there may be civil liability. Always get consent.

Q: Does MinuteKeep comply with GDPR? MinuteKeep respects GDPR-related rights (like data deletion on your device). However, GDPR compliance is primarily your responsibility as the data controller. You must ensure you have legal basis (usually consent) for recording and transcribing. MinuteKeep doesn't have access to your data and can't help you comply—only you can do that by getting consent.

Q: What should I do if I transcribe something sensitive by accident? Delete it. MinuteKeep doesn't have copies. Your deletion is final. If it was very sensitive and you worry about OpenAI's servers, you could contact OpenAI, but your best protection is to delete from your device immediately and get explicit consent before transcribing sensitive content in the future.

Key Takeaways

Your audio privacy depends on three factors: how you record, which app you choose, and what laws apply to your jurisdiction.

Recording consent matters. If you're in an all-party consent state or recording EU participants, you need explicit consent before pressing record. Transcription doesn't exempt you from recording laws.
Transcription services vary. Some services train AI on your data; others don't. Some store audio indefinitely; others don't. Some have human review; others don't. Read the policy of the service you use.
No service is perfect. Even strong privacy services send data to external servers or third-party providers. Understand what "privacy" means for your use case.
MinuteKeep's approach is transparent. Audio goes to OpenAI, gets transcribed, then deleted. Transcripts stay on your device. No account, no tracking, no secondary use. We don't claim it's the most private option—only that it's clear about what happens.
You control what happens next. Once you have a transcript, how you store, share, and use it is your decision. Treat it as confidential. Don't share unnecessarily. Comply with local laws.

The best transcription app isn't the fanciest—it's the one whose privacy model matches your needs and whose privacy practices you understand completely. If MinuteKeep's approach resonates with you, we're here. If you need something different, we respect that. The most important thing is that you know where your audio goes and that you're comfortable with that choice.