Fathom (meeting AI)

Plain-English risk rating: 3 of 5 (Free/Premium) / 2 of 5 (Team Edition with custom contract)

Fathom is a meeting-AI tool focused on Zoom, Google Meet, and Microsoft Teams call summaries. Unlike Granola's silent bot-free architecture, Fathom uses a visible-bot model — "Fathom Notetaker" appears as a named participant in your meetings. This is the same architecture as Otter.ai and Fireflies.ai, the two vendors currently defending class actions over consent and biometric voiceprint collection. Fathom has so far avoided similar litigation, which appears to be a combination of (a) clearer no-training-on-customer-data default across tiers, (b) cleaner participant disclosure (the visible bot at least signals to all attendees that recording is happening), and (c) smaller market footprint making it a less attractive plaintiff target.

The CyberUnit April 2026 privacy comparison of six widely-used meeting tools ranked Fathom as "Medium" data-sharing risk vs Otter.ai's "High" — a meaningful differentiator if you are choosing between the two during the litigation pendency.

Recommended for

  • Sole proprietor: Free tier (genuinely generous — unlimited recordings and basic summaries) acceptable for personal use; Premium at $19/month (or $16/month annual) for unlimited calls and advanced summaries.
  • Small team (2-10 people): Team Edition at $15-29/user/month for shared workspaces and admin controls.
  • Regulated industry: Custom contract with explicit no-training, BAA where applicable (Fathom claims HIPAA compliance), and disabled cross-organisation sharing features.
  • The honest answer for most 1-10 employee businesses: During the Otter.ai litigation pendency, Fathom is a reasonable alternative for teams that prefer the bot-based-with-no-training-default architecture over Otter's bot-based-with-de-identified-training-default architecture. The underlying biometric-data exposure from cloud audio upload still applies; if that is a primary concern, Granola (bot-free architecture, no persistent audio) is the structurally-better choice for macOS/Windows users.

Critical pre-deployment warning (consent and recording compliance)

Fathom's visible bot architecture provides automatic disclosure that recording is happening — every participant can see "Fathom Notetaker" in the participant list. This is a meaningful privacy-and-compliance advantage over Granola's silent operation. However, visible-bot disclosure alone may not satisfy two-party-consent requirements in some jurisdictions. California, Washington, Florida, Illinois, Maryland, Massachusetts, Montana, Nevada, New Hampshire, and Pennsylvania in the US, plus the EU under GDPR and New Zealand under the Privacy Act 2020, generally require affirmative consent for recording rather than just notice.

The right practice for any external meeting: verbal disclosure at the start ("I'm using an AI tool to take notes and create a summary of our call") plus a meeting-invite line item disclosing AI use. The visible bot is the floor; affirmative consent is the standard.

Data retention default

  • Standard Fathom retention for transcripts and summaries
  • AI provider retention per contractual arrangements (typically zero-retention for paid tiers)
  • Account deletion removes Fathom-side stored content; user can request complete data deletion at any time
  • End-to-end encryption for recordings and transcripts (per Fathom security documentation)

Training opt-out

NO TRAINING ON CUSTOMER DATA BY DEFAULT across all plan tiers, including the free tier. This is the structural differentiator from Otter.ai (where Free/Pro train on de-identified data by default). Fathom's published policy and subprocessor agreements prohibit using customer audio, transcripts, or summaries for model training.

For any team handling client-sensitive content, this default-across-tiers posture is meaningfully better than Otter's tier-gated training defaults.

Zero Data Retention availability

  • Available at Team Edition and Enterprise tiers via zero-retention API arrangements with model providers
  • End-to-end encryption applied to all recordings and transcripts at-rest

Plan tiers and pricing (as of early 2026)

TierPrice (USD)Training defaultSuitable for
Free$0No — contractually excludedPersonal use; genuinely generous unlimited recordings
Premium$19/month ($16/month annual)No — contractually excludedIndividual professionals
Team Edition$15-29/user/month (tier-dependent)No — contractually excludedSmall teams with shared workspaces
EnterpriseCustomNo — contractually excludedLarger orgs needing SSO, custom contracts

Jurisdiction

  • Primary processor: Fathom Video Inc., San Francisco, California, USA
  • Cloud infrastructure: AWS
  • SOC 2 Type 2 certified; GDPR-compliant; claimed HIPAA compliance (verify per contract for regulated use)
  • Subject to California privacy law (CCPA/CPRA), California Invasion of Privacy Act, BIPA (Illinois) for voice biometric considerations

Breach history (public incidents)

No major public breach of Fathom infrastructure as of May 2026.

No publicly-disclosed Fathom-specific class action litigation as of May 2026 — in contrast to Otter.ai (In re Otter.AI Privacy Litigation, consolidated October 2025) and Fireflies.ai (Cruz v. Fireflies.AI Corp., December 2025). Why Fathom has not been a target so far appears to be a combination of: (a) clearer no-training default, (b) smaller market footprint making it less attractive to plaintiffs, (c) visible-bot architecture providing better automatic disclosure than Otter's auto-join behaviour. None of these is a guarantee against future litigation; the BIPA voiceprint question applies to any vendor that performs speaker recognition.

Category-level risk: Cloud audio upload means raw biometric data leaves the user's device. This is the same category risk that applies to Otter and any other cloud-transcription product. The mitigation is contractual (no-training, zero-retention) rather than architectural. Fathom's contractual posture is materially better than Otter's; the architectural risk is unchanged. If your meetings include Illinois-resident participants, BIPA voiceprint exposure applies regardless of vendor unless the vendor explicitly does not generate voiceprints — verify Fathom's current speaker-recognition implementation per its security documentation.

What this means in plain English for SMB owners

Three honest takeaways:

  1. Fathom's no-training-default-across-tiers posture is structurally better than Otter's Free/Pro de-identified-training default. For teams choosing between cloud meeting AI tools during the Otter litigation pendency, this is a meaningful differentiator. The CyberUnit privacy comparison ranks Fathom as "Medium" risk vs Otter's "High" — mostly because of this difference.
  1. The cloud audio upload architecture is the same category risk regardless of vendor. If raw audio leaving your devices is a primary concern, Granola (bot-free architecture, no persistent audio) is the better architectural fit on macOS and Windows.
  1. Visible-bot disclosure is the floor, not the ceiling, for consent compliance. Fathom's visible Notetaker bot does meaningful disclosure work — every participant can see recording is happening. But affirmative consent (verbal disclosure at meeting start + invite line item) is the right standard for any external meeting, particularly in two-party-consent jurisdictions including New Zealand.

Sources

  • Fathom security and privacy documentation (fathom.video/security, verified 2026-05-24)
  • Fathom trust documentation for current certifications
  • ScreenApp: Fathom AI Review Free Meeting Assistant 2026 (March 2026)
  • Fahimai: Fathom AI Note Taker Worth It in 2026 review (May 2026)
  • CyberUnit: AI Meeting Recorders Are Collecting More Than You Think comparison (April 2026)
  • National Law Review: When AI Takes Notes Protecting Privilege Privacy and Professional Obligations (March 2026)
  • Reworked: Your AI Notetaker May Already Be Breaking the Law (April 2026)
  • Basil AI: Your Voice Is Being Harvested BIPA Lawsuit Wave (May 2026)
  • Mason LLP: Your AI Meeting Assistant May Be Stealing Your Voiceprint (April 2026)

Related on AI Leakage