Otter.ai

Plain-English risk rating: 5 of 5 (Free/Pro pending litigation outcome) / 3 of 5 (Business/Enterprise)

Otter.ai is currently the highest-risk meeting AI tool in this database, and the risk picture is dominated by an active and consolidated class action lawsuit that goes to the heart of how Otter operates: whether OtterPilot's auto-join behaviour and voiceprint generation constitute unauthorised wiretapping and biometric data collection under federal and California law.

As of profile verification date (May 24, 2026), Otter is the defendant in In re Otter.AI Privacy Litigation (No. 5:25-cv-06911 and consolidated cases), a federal class action consolidated before Judge Eumi K. Lee in the Northern District of California. The motion-to-dismiss hearing was scheduled for May 20, 2026 — just before this profile's verification date. Judge Lee's ruling, when issued, will be the first federal test of whether decades-old wiretap statutes reach an AI bot sitting quietly in a video call. Until that ruling is published, the legal exposure for Otter and for businesses using Otter remains genuinely uncertain.

The Business and Enterprise tiers carry the same underlying legal exposure but offer stronger contractual controls. The 3-of-5 rating for those tiers reflects the higher floor of vendor-side controls; it is not a guarantee that the litigation outcome will not affect those tiers.

Recommended for

• Sole proprietor: Not recommended during the litigation pendency. Use Granola (Mac, local-first audio) or Zoom AI Companion as a privacy-comparable alternative.
• Small team (2-10 people): Not recommended during the litigation pendency unless Otter is contractually required by an existing client relationship. Migrate planning is reasonable.
• Regulated industry: Not appropriate. The biometric voiceprint generation alone is incompatible with regulated-data handling without extensive legal review and consent processes.
• The honest answer for most 1-10 employee businesses: Otter.ai built the AI notetaker market and remains highly accurate, but the legal posture as of May 2026 is the worst of any vendor in this database. The right move is to pause new Otter deployments until Judge Lee's ruling is published and the implications are clear, and to migrate existing deployments toward Granola, Fathom, or Zoom AI Companion. If you cannot migrate, the absolute minimum is to disable OtterPilot's calendar-driven auto-join entirely.

Critical pre-deployment warning (active class action litigation)

This is the most important fact in this profile: Otter.ai is currently defending an active class action that alleges its core product behaviour constitutes unauthorised wiretapping and biometric voiceprint collection without all-party consent.

The consolidated litigation includes four cases (Brewer, Walker, Theus, Winston), filed August through September 2025, consolidated by Judge Lee on October 22, 2025, with a consolidated complaint filed December 5, 2025. The core allegations:

• OtterPilot (now rebranded as Otter Meeting Agent) syncs with the user's calendar and auto-joins any scheduled call as a visible participant
• It records audio, transcribes in real time, takes screenshots, and captures speaker voiceprints
• Non-account-holders attending those meetings receive no disclosure before the recording begins
• Otter shifts consent responsibility onto the meeting host rather than obtaining it from all participants
• Recordings and voiceprints are alleged to be used for AI model training, including for non-account-holders

Under California's Invasion of Privacy Act and analogous statutes in 11 other states (the "two-party consent" jurisdictions), all-party consent is required for recording. The Walker case specifically alleges that Otter captures and stores biometric voiceprints to identify the same speakers across future meetings — the BIPA equivalent of fingerprinting.

The practical implication for SMBs using Otter today: if a meeting participant in a two-party-consent state successfully sues over an Otter-recorded meeting, the responsibility may fall on the business that hosted the meeting (under Otter's contractual host-responsibility model) rather than on Otter itself. Document your consent practices carefully; review whether your client meetings could expose your business to liability.

Data retention default

• Free, Pro, Business: Recordings and transcripts retained per plan; check current retention policy at otter.ai/privacy. Plaintiffs allege Otter retains recordings indefinitely.
• Voiceprints (biometric): Allegedly retained for speaker recognition across future meetings; the exact retention policy is one of the contested issues in litigation
• De-identified training: Otter states recordings are de-identified before being used for model improvement; this de-identification claim is contested by plaintiffs and is one of the litigation's core factual questions
• Business and Enterprise: Admin-configurable retention; verify per current contract
• OtterPilot agent activity: Calendar integration means OtterPilot may auto-join meetings; user-side controls available but the disclosure to non-account-holder participants is the litigation flashpoint

Training opt-out

Free and Pro — De-identified training is the default, with Otter asserting that recordings are de-identified before being used for model improvement. The de-identification claim is contested in litigation. Voice embeddings have demonstrated re-identification rates of >92% even from anonymised datasets (Nature Communications, 2023), which is one of the empirical arguments plaintiffs will likely make.

Opt-out controls have changed multiple times during 2024-2026; verify current settings via Account → Settings → Privacy. The individual opt-out availability is itself one of the regulatory questions.

Business and Enterprise — stronger contractual training exclusions available; verify per-contract.

Zero Data Retention availability

• Not offered in the OpenAI/Anthropic API ZDR sense
• Enterprise customers can negotiate custom retention terms

Plan tiers and pricing (as of early 2026)

Tier	Price (USD)	De-identified training default	Suitable for
Free	$0	Yes	Personal use; limited minutes
Pro	$16.99/month	Yes	Individual professionals (litigation exposure applies)
Business	$30/user/month	Verify per contract	Small teams (litigation exposure applies but stronger contractual controls)
Enterprise	Custom	No — contractually excluded	Larger orgs

Jurisdiction

• Primary processor: Otter.ai Inc., Mountain View, California, USA
• Cloud infrastructure: AWS
• SOC 2 Type II certified
• Subject to California privacy law (CCPA/CPRA), California Invasion of Privacy Act (the central litigation statute), federal Electronic Communications Privacy Act, federal Computer Fraud and Abuse Act, and BIPA (Illinois) for voice biometric data classification
• Litigation venue: Northern District of California (consolidated cases before Judge Eumi K. Lee)

Breach history (public incidents and active litigation)

August 2025 onward — In re Otter.AI Privacy Litigation (ACTIVE CLASS ACTION)

The central event dominating Otter's risk picture as of mid-2026. Four federal class actions filed in California between August and September 2025, all alleging that OtterPilot's auto-join behaviour and voiceprint collection violate federal wiretap law, California's Invasion of Privacy Act, the Computer Fraud and Abuse Act, BIPA (in some cases), and common-law intrusion and conversion claims.

Key case timeline:

• August 2025: Brewer v. Otter.ai Inc. (No. 5:25-cv-06911) filed in the Northern District of California. Plaintiff Justin Brewer was not an Otter account holder; he participated in a February 2025 Zoom call where Otter's notetaker auto-joined and allegedly created a voiceprint of him.
• August 26, 2025: Walker case filed (voiceprint focus, biometric data allegations)
• September 3, 2025: Theus case filed
• September 10, 2025: Winston case filed
• October 22, 2025: Judge Eumi K. Lee consolidates all four cases as In re Otter.AI Privacy Litigation
• December 5, 2025: Consolidated complaint filed by interim co-lead counsel (Levin Law, Clarkson Law Firm, Werman Salas)
• April 2026: MLex reports Otter's reply brief denying interception occurred
• May 20, 2026: Motion-to-dismiss hearing scheduled before Judge Lee in Courtroom 7 of the San Jose federal courthouse

Otter CEO Sam Liang publicly defended the product to TechCrunch (October 7, 2025): "If they accuse us, then they could accuse everyone else, all the tools you heard about doing meeting notes. My view is that we are on the right side of history. We're building this new AI revolution. If you want AI to help, you need to put AI in the meetings."

Sources: court filings via PACER; Mason LLP analysis (April 2026); UC Today coverage (April 2026); Babst Calland analysis (January 2026); Fisher Phillips bulletin (August 2025); Best Law Firms analysis (November 2025); TLDV.io comparison guide (May 2026); HR Executive coverage (April 2026); Jackson Lewis P.C. coverage (August 2025); AI CERTs News analysis (February 2026)

December 2025 onward — Cruz v. Fireflies.AI Corp. (related BIPA litigation)

Katelin Cruz, an Illinois resident, filed a proposed class action in the Northern District of Illinois against Fireflies.AI Corp. (No. 3:25-cv-03399-SEM-DJQ) on December 18, 2025. Cruz alleged that when Fireflies' bot joined a nonprofit meeting she attended, it recorded her voice and generated a voiceprint via Fireflies' "Speaker Recognition" feature without notice, written consent, or a retention policy as required by Illinois's Biometric Information Privacy Act. Not Otter-specific, but directly relevant to the AI notetaker category and likely to inform the outcome of the Otter litigation.

Sources: court filings; Mason LLP analysis (April 2026); TLDV.io coverage

Note on institutional bans: Multiple universities have banned or restricted AI notetakers (Read AI, Fireflies, sometimes Otter) from Zoom and Teams integration during 2024-2026 (including the University of Washington, Chapman University, and the University of California, Riverside per UC Today). The pattern reflects institutional risk-management responses to the consent and biometric concerns.

No major direct breach of Otter's core infrastructure publicly disclosed as of May 2026. The dominant risk is litigation rather than infrastructure compromise.

What this means in plain English for SMB owners

Three honest takeaways:

1. The active class action litigation is the dominant fact about Otter.ai as of mid-2026. Judge Lee's ruling on the motion to dismiss (heard May 20, 2026) will set the first federal precedent on whether AI bots in video calls constitute unauthorised wiretapping. Until the ruling and its implications are clear, the conservative posture is to pause new Otter deployments and plan migration of existing deployments.

1. The host-responsibility model shifts legal exposure onto your business. Otter's terms tell customers to "make sure you have the necessary permissions" — effectively outsourcing the consent compliance obligation. If you operate in a two-party-consent state (California, Washington, Florida, Illinois, Maryland, Massachusetts, Montana, Nevada, New Hampshire, Pennsylvania) and you host meetings recorded by Otter without explicit all-party consent, the litigation exposure may fall on you.

1. The migration options are reasonably good. Granola (Mac, local-first audio architecture) is the structurally best alternative for individual professionals; the local-first model means raw audio never leaves the user's device. Zoom AI Companion is the best alternative for teams already on Zoom and is included with paid Zoom plans. Fathom has comparable accuracy with cleaner integration defaults than Otter. Migration is operationally inconvenient but is becoming the prudent choice during the litigation pendency.

Sources

• Otter.ai privacy and security documentation (otter.ai/privacy, verified 2026-05-24)
• Court filings: In re Otter.AI Privacy Litigation, No. 5:25-cv-06911 (N.D. Cal.) and consolidated cases
• Court filings: Cruz v. Fireflies.AI Corp., No. 3:25-cv-03399-SEM-DJQ (N.D. Ill.)
• Mason LLP: Your AI Meeting Assistant May Be Stealing Your Voiceprint (April 2026)
• UC Today: Otter.ai on Trial, and the AI Notetaker Industry with it (April 2026)
• Babst Calland: Eavesdropping by Algorithm legal risks analysis (December 2025/January 2026)
• Fisher Phillips LLP: New Lawsuit Highlights Concerns About AI Notetakers (August 2025)
• Best Law Firms: When AI Listens Too Closely future of compliance (November 2025)
• TLDV.io: AI Meeting Recorder Lawsuits 2026 comprehensive guide (May 2026)
• HR Executive: A lawsuit over AI notetakers should be on every HR leader's radar (April 2026)
• Jackson Lewis P.C.: AI Notetaking Tools Under Fire (August 2025)
• AI CERTs News: AI Security Spotlight Otter.ai Zoom Recording Lawsuit (February 2026)
• TechCrunch interview with Sam Liang (October 7, 2025)
• Nature Communications: voice embedding speaker identity reconstruction study (2023)

Related on AI Leakage

• Compare all 29 AI tools in the risk directory — see how Otter.ai stacks up against the rest, tier by tier.
• Take the 5-minute “Am I Leaking?” check — a personalised view of your business’s AI exposure.
• Check a prompt before you paste it — our free Data-Safe Prompt Rewriter.
• Shadow AI vs AI leakage — why even approved tools like Otter.ai can leak data.
• Get plain-English AI Leakage Alerts — we email you when an AI tool you use changes its data policy or has an incident.
• Get the free AI Acceptable Use Policy template — a plain-English policy with the tool-by-tool risk guide built in.