Otter.ai is currently the highest-risk meeting AI tool in this database, and the risk picture is dominated by an active and consolidated class action lawsuit that goes to the heart of how Otter operates: whether OtterPilot’s auto-join behaviour and voiceprint generation constitute unauthorised wiretapping and biometric data collection under federal and California law.
Granola is a fast-growing AI meeting-notes tool (1M+ users by late 2025; $125M Series C at $1.5B valuation early 2026) that has carved out a privacy-positioning niche by avoiding the visible-bot architecture that has put Otter.ai, Fireflies.ai, and others into class-action litigation. The architecture is bot-free — Granola captures system audio directly from the user’s…
Linear’s AI features are designed for software engineering workflows (issue triage, sprint planning, automated status updates, agent-assisted PR review). They inherit Linear’s broader privacy and security posture. Linear maintains a no-training default with its AI subprocessors, holds SOC 2 Type II, and is GDPR-compliant. The risk picture is similar to Asana AI and Notion AI…
Asana’s AI features (“Asana Intelligence”) sit within Asana’s broader workspace product and inherit its security posture. Asana operates a contractual no-training default with its third-party AI subprocessors, holds SOC 2 Type II, ISO 27001, and ISO 27017/27018 certifications, supports HIPAA via the Enterprise+ tier with BAA, and offers EU Data Residency. The Asana Trust Center…
Zoom AI Companion has one of the better privacy postures among Embedded Productivity AI products as of mid-2026, but this conclusion rests on Zoom’s published commitments after a substantial reputational scar. In August 2023, Zoom’s terms of service were updated with language that appeared to grant Zoom rights to train AI models on customer audio,…
Notion AI’s risk profile is dominated by one fact most users do not understand: when you use Notion AI, your content is sent to third-party LLM providers (Anthropic and OpenAI primarily) for processing. Notion itself does not train on customer data by default — but “Notion doesn’t train” and “your data doesn’t leave Notion” are…
“Slack AI” can refer to two distinct products with different defaults and different privacy postures, and the May 2024 controversy conflated them in ways that still confuse SMB owners.
ElevenLabs sits high on the consumer-AI risk axis for reasons different from any other vendor in this database. Voice is biometric data — legally classified as sensitive personal information under EU GDPR, California CPRA, and Illinois BIPA. Voice embeddings from AI voice models can reconstruct speaker identity with greater than 92% accuracy even when trained…
Midjourney sits high on the consumer-AI risk axis for a reason most users do not understand: everything you create on the lower tiers is public by default. Your prompts and your generated images are visible to other Midjourney users on the web gallery and across Discord. This is structurally different from every other vendor in…
Jasper is one of the lower-risk consumer-grade AI tools in this database for marketing-content use cases. The vendor maintains a contractual no-training commitment across all plan tiers (not just enterprise), holds SOC 2 certification, is GDPR and CCPA compliant, and stores data in US-based data centres. The risk profile is dominated by what Jasper itself…