AI Notetaker Lawsuits: How to Take Meeting Notes Without Legal Exposure

Otter.ai, Fireflies.ai, and Microsoft Teams are all facing privacy lawsuits over how they record and process meeting audio. If you're worried about legal exposure — or just don't want your conversations sent to a third-party server — here's what's actually safe to use, and how EmberType (a fully offline Mac dictation tool) avoids every one of these lawsuits by design.

Woman waving at her laptop during a video call in a home office, illustrating virtual meetings where AI notetakers often join

The Short Version

  • Three major AI notetakers (Otter, Fireflies, Microsoft Teams) face active lawsuits over recording consent and voiceprint storage
  • The legal risk: capturing audio without all-party consent in two-party-consent states (California, Illinois, and others)
  • EmberType processes voice 100% locally on your Mac — no audio ever leaves your machine, no consent issue, no biometric collection
  • $49 one-time, no subscription, no cloud, no legal exposure — but note: EmberType is a personal dictation tool, not a multi-speaker meeting notetaker

At-Risk Tools vs. EmberType: A Quick Look

EmberType is a dictation tool, not a meeting notetaker — the distinction matters and we'll come back to it. But the table below shows why local-only architecture sidesteps the entire category of legal risk these lawsuits are built around:

Tool Records audio? Sends to cloud? Creates voiceprints? Lawsuit exposure
Otter.ai Yes Yes Yes (diarization) Active (Brewer)
Fireflies.ai Yes Yes Yes (diarization) Active (Cruz)
Microsoft Teams Yes Yes Yes (BIPA claim) Active (Basich)
EmberType No (transcribes only) No (100% local) No None

Important framing: EmberType is a personal Mac dictation tool — you press a hotkey, speak, and it types. It is not a bot that joins a Zoom call. If your real need is private speech-to-text on your Mac (drafting emails, writing docs, capturing your own thoughts), this is the way to do it without legal exposure. For live multi-speaker meetings, no fully local tool exists yet that handles diarization well — and the lawsuits below show why current cloud options are getting risky.

Private Speech-to-Text on Mac — No Cloud, No Lawsuits

EmberType runs entirely on your Mac. Your voice never leaves your machine. $49 one-time, 7-day free trial, no account required.

Try EmberType Free for 7 Days

100% offline · macOS 14+ · Apple Silicon

The thesis: The AI notetaker category has grown faster than consent law can keep up. These tools sit silently in meetings, record everyone's voice, generate biometric voiceprints via speaker diarization, and often train their own models on the content. In two-party-consent states, most of that is arguably illegal. The 2025-2026 lawsuit wave is the bill coming due.

If you work in a company that uses Zoom, Google Meet, or Microsoft Teams, an AI notetaker has almost certainly joined one of your meetings in the last six months. It showed up as a small participant named "Otter," "Fireflies," or "Copilot." Nobody clicked "I agree" to a consent form. Nobody explained that their voice was being analyzed, diarized, and potentially used to train an AI model.

Lawyers are noticing.

Since August 2025, three major federal privacy lawsuits have been filed against AI notetaker companies. The defendants: Otter.ai, Fireflies.AI, and Microsoft. The claims are remarkably consistent. And the potential damages are large enough that the category may be about to look very different a year from now.

The three cases

Here's a chronological summary of the filings, what each one claims, and where they stand as of April 2026.

Brewer v. Otter.ai (Aug 2025)

Northern District of California · Consolidated

Filed in August 2025, Brewer v. Otter.ai alleges that Otter's Notetaker and OtterPilot services joined meetings, recorded participants, and used their conversations without securing the consent required under applicable wiretap statutes.

The specific allegations: Otter collects names, emails, and metadata from calendars, links those details to recordings and transcripts, sends unsolicited promotional emails to non-users, and uses recorded content to train AI models — all without disclosure or consent. The complaint cites violations of the federal Electronic Communications Privacy Act (ECPA) and the California Invasion of Privacy Act (CIPA). It has since been consolidated before Judge Eumi K. Lee with related cases.

Cruz v. Fireflies.AI Corp. (Dec 18, 2025)

Northern District of California · Consolidated with Brewer

Filed four months after the Otter case, Cruz v. Fireflies raises parallel consent-and-recording claims against the Fireflies.ai meeting assistant. The theory is the same: the AI notetaker joined meetings, recorded participants, and used the content without obtaining consent from everyone present. This case has been consolidated with the Otter matter before the same judge.

Basich v. Microsoft Corp. (Feb 5, 2026)

Illinois · BIPA class action

The most recent case — and arguably the most legally significant. Filed on February 5, 2026 by five Illinois residents, Basich v. Microsoft targets Microsoft Teams' speaker diarization feature.

When Teams transcribes a meeting, it analyzes pitch, tone, speaking rhythm, and vocal characteristics to separate speakers and label their contributions. The complaint argues this constitutes biometric voiceprint collection under the Illinois Biometric Information Privacy Act (BIPA), and that Microsoft never provided written notice, never published a retention schedule, and never obtained written consent from participants.

Damages exposure: up to $5,000 per intentional violation. The class covers every Illinois Teams user since March 2021.

What these cases actually claim

Strip away the legal language and the three cases reduce to one question: when an AI notetaker records a meeting, whose consent is required?

In about a dozen U.S. states, recording a private conversation requires the consent of all participants — not just the person who started the recording. California (CIPA) and Illinois (BIPA) are two of the most enforced. Plaintiffs argue that AI notetakers structurally violate this: only the meeting host invites the bot, but every participant is recorded.

The companies' standard defense is that consent is handled elsewhere — through a notification banner, through enterprise admin settings, through the act of speaking in a meeting where a notetaker is visible. Plaintiffs counter that these are not "consent" in any meaningful legal sense. A banner after the fact is not informed consent. An enterprise admin agreeing on behalf of all employees is not individual consent. And speaking in a meeting is not waiver of wiretap rights.

That tension is what the court will decide.

Why BIPA is the nastier law

The Illinois Biometric Information Privacy Act is the statute AI notetakers have the most reason to fear. A quick breakdown of why:

$1,000 Per negligent BIPA violation
$5,000 Per intentional BIPA violation
Private Right of action (no regulator needed)

BIPA requires companies to (1) notify people in writing that biometric identifiers are being collected, (2) explain the specific purpose, (3) obtain written consent, and (4) publish retention and destruction schedules. Voice-diarization systems that identify individual speakers have been argued to create "voiceprints," which are biometric identifiers under the statute.

Unlike most privacy laws, BIPA lets individuals sue directly — they don't have to wait for a regulator. And damages stack per violation, per person. A class action covering every Illinois Teams user since 2021 is the kind of exposure that forces product changes.

This is the same statutory framework driving the simultaneous Apple Siri and Amazon Alexa voiceprint lawsuits. AI notetakers are now in the same legal bucket as voice assistants — which is a bucket that has already produced multi-hundred-million-dollar settlements.

What this actually means for someone using these tools

A few observations that might not be obvious from the legal commentary:

You're likely a class member in at least one of these cases. If you're in California and your voice has been recorded by Otter or Fireflies in a meeting since these services launched, you're potentially a class member in Brewer or Cruz. If you're in Illinois and you've used Teams since 2021, you're potentially a class member in Basich. Class notices typically go out months to years after filing.

"Informed consent" is about to become a UX problem, not a legal footnote. If plaintiffs win on core theories, meeting tools will be forced to implement visible, per-participant consent at the moment recording starts — not buried in an admin setting. That's a significant product change across Zoom, Teams, Meet, and every AI notetaker built on top of them.

Enterprise compliance teams are already moving. Legal teams at public companies have started pulling AI notetakers off approved-tool lists pending clarification. Some healthcare, financial, and legal services organizations banned them months ago. Employment lawyers now routinely warn about deposition testimony and attorney-client privilege issues when a Fireflies bot silently joins a call.

The "just disable the notetaker" advice is not enough. Most of these tools default to on once an enterprise admin enables them. Individual employees often don't know they can opt out, and often can't without breaking workflow. The lawsuits argue that default-on is the legal problem — not that an opt-out exists somewhere.

Take Meeting Notes Without the Legal Exposure

EmberType transcribes voice entirely on your Mac using Whisper AI. No bot joins the call. No recording leaves your machine. No voiceprint is generated for any third party.

Download EmberType Free

7-day free trial. No account needed. $49 one-time after trial.

Person handwriting notes in a notebook next to a MacBook and latte, illustrating a private on-device note-taking workflow

How we think about this at EmberType

We don't build an AI notetaker. What we build — an offline voice-to-text app for Mac — touches the same legal territory from a different angle, and watching this wave of cases unfold has validated some decisions we made in 2024 that some people at the time thought were overcautious.

When we designed EmberType, we made a choice: no cloud processing, ever. Not as a default. Not as an "optional" mode. The architecture simply doesn't allow audio to leave your Mac. At the time, the tradeoff was clear — we'd need to ship a larger app bundle (the Whisper model runs locally), and we couldn't outsource the hardest transcription problems to larger cloud models. The upside: our users don't have standing to sue us for collecting voiceprints, because we don't collect any. We can't retain what we never receive.

The AI notetaker cases suggest that tradeoff is paying off for a reason we didn't originally frame this way. Local-only isn't just about privacy theater. It's about not being a defendant.

If you need meeting transcription specifically — not dictation, but actual multi-speaker meeting notes — the honest answer is that no perfect solution exists yet that runs fully on-device, handles multi-speaker diarization accurately, and doesn't require a cloud service. The closest options involve recording the meeting locally (with the consent of all participants) and transcribing the file afterward with a local Whisper-based tool. That workflow is clunkier than Otter, but every party has knowingly agreed to the recording, and the audio never leaves your machine.

If you're looking at cloud-based meeting AI tools, a few practical questions to ask the vendor:

If any of those answers are vague, that's the answer.

What to watch next

A few predictions, with the caveat that legal cases move slowly and surprising things happen:

The consolidated Otter/Fireflies case will set the template for how courts evaluate consent in AI notetakers. A ruling on motion-to-dismiss in 2026 will tell us whether the "enterprise admin consents on behalf of all employees" argument survives. If it doesn't, expect rapid product changes across the category.

The Microsoft Teams BIPA case is the canary. If Teams — one of the most heavily-lawyered products in tech — can be hit successfully over voiceprint collection, no consumer AI notetaker is safe. Expect Illinois customers to get prominent consent banners before speaker-identification features activate, and expect more vendors to regionally disable diarization rather than fight BIPA.

And expect to see copycat filings in other two-party-consent states: Washington, Florida, Maryland, and Massachusetts have similar statutes. The Illinois/California cases are the opening, not the whole story.

The fundamental economics of the AI notetaker business — which assumes a cheap, always-on bot silently joining every meeting and generating training data — may not survive contact with consent law. If it doesn't, the category will either move dramatically toward local-only architectures, or it will shrink to only the organizations that can afford rigorous per-participant consent workflows.

Either way, the era of the invisible AI notetaker is ending.

The 30-second test: is your notetaker a legal liability?

You don't need to read three complaints to assess your own exposure. After building a transcription pipeline ourselves, we've found every one of these lawsuits collapses to a single architectural question: does the audio leave the device before it's transcribed? If it does, every downstream risk in those cases — consent, retention, voiceprints, training — becomes possible. If it doesn't, most of them simply can't exist, because there's no server-side recording to subpoena and no voiceprint to collect.

Run your current tool through this in under a minute:

Note what this test is not: it's not "is the vendor trustworthy" or "do they have a good privacy policy." Policies change and trust isn't a legal defense. Architecture is. A tool that never receives your audio can't be compelled to hand it over, can't retain it, and can't have trained on it — not because it promises not to, but because it structurally cannot. That's the distinction we built EmberType around, and it's the one that turns out to matter when a complaint gets filed: the safest data is the data that was never collected.

Frequently Asked Questions

Is Otter.ai really being sued?
Yes. Brewer v. Otter.ai was filed in August 2025 and alleges that Otter's Notetaker and OtterPilot services recorded and used the content of private conversations without obtaining proper consent from all participants. The complaint cites violations of the federal Electronic Communications Privacy Act (ECPA) and the California Invasion of Privacy Act (CIPA). It has since been consolidated with related cases before Judge Eumi K. Lee in the Northern District of California.
Is Fireflies.ai being sued?
Yes. Cruz v. Fireflies.AI Corp. was filed on December 18, 2025. The case raises similar consent-and-recording claims to the Otter lawsuit and has been consolidated with it before the same federal judge.
Is Microsoft being sued over Teams?
Yes. Basich v. Microsoft Corp. was filed on February 5, 2026. The suit alleges that Microsoft Teams uses speaker diarization to create biometric voiceprints from meeting participants without proper notice or written consent, in violation of the Illinois Biometric Information Privacy Act (BIPA). BIPA provides damages of up to $5,000 per intentional violation.
Do AI notetakers need everyone's consent to record a meeting?
In "two-party consent" states like California and Illinois, recording a conversation typically requires the consent of all participants, not just one. The central legal claim in the Otter, Fireflies, and Teams cases is that these tools effectively record and analyze conversations without obtaining the informed consent of every participant — only the meeting host or the inviting organization's admin.
How can I take meeting notes without legal risk?
Options include: taking notes manually or via local dictation, using transcription tools that process audio entirely on-device (so no third-party service ever receives participant audio), and ensuring every meeting participant gives explicit consent before any recording or AI notetaker joins. Local-only workflows avoid the core legal exposure these lawsuits are built around.
What is BIPA and why does it matter for AI notetakers?
BIPA is the Illinois Biometric Information Privacy Act. It requires companies to obtain written consent before collecting biometric identifiers like voiceprints, and to publish retention and destruction schedules. It provides damages of $1,000 per negligent violation and $5,000 per intentional violation, with a private right of action. AI notetakers that use speaker identification (diarization) arguably create voiceprints, which is why BIPA has become a central law in these cases.
Steve Mount, builder of EmberType

Steve Mount

Builder of EmberType

I make EmberType, the offline dictation app for Mac — and I write everything on this blog myself, usually by dictating the first draft. Every comparison and recommendation here comes from running the tools on my own Macs, not from reading other people's reviews. More about me →

Voice Transcription That Can't Be Subpoenaed

EmberType runs Whisper AI on your Mac. No cloud, no servers, no retention policy — because there's nothing to retain. Your voice never leaves your machine, so there's no audio to discover, no voiceprint to surrender, and no consent gap to sue over.

Try EmberType Free for 7 Days

macOS 14+ and Apple Silicon required. $49 one-time purchase after trial. No subscription, no account.