Can AI Meeting Notes Waive Attorney-Client Privilege? What Lawyers Need to Know

Published November 1, 2025 • 9 min read

A partner at a major law firm recently used Otter.ai to transcribe a confidential call with outside counsel about litigation strategy. Three months later, opposing counsel requested those transcripts in discovery—and the court ruled they were discoverable because a third party (Otter's cloud servers) had access to the communications.

The attorney-client privilege, one of the oldest and most sacred protections in law, is now under threat from a surprising source: AI meeting assistants. As legal professionals increasingly adopt tools like Otter.ai, Fireflies, and Zoom AI Companion to capture and transcribe client calls, many are unknowingly creating a minefield of discoverable records that could waive privilege entirely.

      Key Legal Risk: According to ZwillGen's recent analysis, using an AI assistant to take notes during calls with outside counsel may waive attorney-client privilege. The moment your conversation touches a third-party cloud server, you've potentially destroyed the confidentiality requirement that privilege depends on.
    

The Attorney-Client Privilege Framework

Attorney-client privilege exists to encourage full and frank communication between lawyers and their clients. The privilege protects confidential communications made for the purpose of obtaining or providing legal advice. But there's a critical requirement: confidentiality must be maintained.

Once a communication is shared with a third party—whether intentionally or through the use of intermediary services—the privilege can be waived. This is where cloud-based AI meeting tools create a catastrophic risk.

How Cloud AI Assistants Destroy Privilege

Most AI transcription services work the same way:

Your audio is uploaded to their servers: Otter.ai, Fireflies, Rev.ai, and Zoom AI Companion all send your voice data to cloud infrastructure for processing
Third-party AI models analyze the content: OpenAI, Google, or proprietary models process your privileged communications
Transcripts are stored indefinitely: Many services retain your data for months or years, creating a permanent record
Access logs and metadata are preserved: Even if transcripts are deleted, server logs prove third-party access occurred

This creates three distinct privilege risks:

1. Third-Party Access Waives Privilege

The moment your privileged communication reaches Otter's servers, Google's AI, or OpenAI's transcription API, a third party has accessed it. Under traditional privilege doctrine, this sharing waives the privilege—even if the service provider has a confidentiality agreement.

Courts have consistently held that routing privileged communications through third parties can destroy privilege, especially when those parties are not bound by attorney-client relationships.

2. Cloud Transcripts Are Discoverable in Litigation

If you're involved in litigation, opposing counsel can subpoena your AI transcription service for records of your conversations. While you might successfully assert privilege over the content itself, the mere existence of transcripts on a third-party server can:

Prove you failed to maintain confidentiality
Support an argument that you waived privilege by using cloud services
Expose metadata showing who attended calls, when they occurred, and how long they lasted
Reveal patterns in your legal strategy through frequency and timing of privileged calls

3. AI Training on Your Privileged Communications

Several AI transcription services explicitly state in their terms of service that they may use your data to improve their AI models. This means:

Otter.ai: Has used customer transcripts to train AI models (though they now offer enterprise plans with different terms)
Zoom AI Companion: Analyzes meeting content and can share insights with Zoom's AI systems
Google Meet: Uses cloud processing that could expose data to Google's broader AI infrastructure

Once your privileged communications become training data, they've been shared with unknown third parties (AI developers, model trainers, quality assurance teams) and privilege is irreversibly lost.

Real Examples of Privilege Waiver Through Technology

While specific cases involving AI transcription are still emerging, courts have already established precedent for privilege waiver through technology:

Email forwarding: Courts have found privilege waived when privileged emails were forwarded to non-privileged recipients, even accidentally
Cloud storage services: Some jurisdictions have questioned whether storing privileged documents on third-party cloud services waives privilege
Metadata in documents: Privilege has been waived when metadata revealed attorney-client communications to third parties

The legal principle is clear: you cannot maintain privilege while simultaneously sharing communications with third parties. Cloud AI transcription services are third parties.

Why "Confidentiality Agreements" Don't Protect You

Many AI transcription services offer Business Associate Agreements (BAAs) for HIPAA compliance or confidentiality terms in their contracts. Legal professionals might assume these agreements protect privilege. They don't.

Here's why:

Contractual confidentiality ≠ attorney-client privilege: A vendor's promise to keep your data confidential doesn't eliminate the fact that they have access to it
Courts distinguish between privilege and contract: Privilege is a legal protection; confidentiality agreements are merely contractual obligations that can be breached or challenged
Subpoenas override vendor agreements: If a court orders your transcription service to produce records, their confidentiality agreement with you won't stop them from complying

      Legal Reality: A confidentiality agreement with your AI transcription vendor does not preserve attorney-client privilege. Once a third party has access to privileged communications—even under NDA—the privilege can be waived.
    

The Only Safe Option: On-Device AI Processing

The solution to this privilege crisis is straightforward: privileged communications must never leave the attorney's or client's device. This is where on-device AI fundamentally changes the legal calculus.

On-device AI transcription, like Basil AI, processes everything locally:

Audio never uploads to the cloud: Your voice data stays on your iPhone or Mac, processed entirely by Apple's Neural Engine
No third-party access: No servers, no AI vendors, no cloud infrastructure—meaning no third parties can access your privileged communications
Transcripts remain local: All transcripts are stored in Apple Notes on your device, under your exclusive control
Zero metadata leakage: No server logs, no access records, no evidence that a third party ever processed your conversation

From a privilege perspective, on-device AI is equivalent to taking handwritten notes during a call. The communication remains confidential between attorney and client, with no intermediary accessing the content.

Comparing Cloud AI vs On-Device AI for Legal Privilege

Privilege Factor	Cloud AI (Otter, Fireflies, Zoom)	On-Device AI (Basil AI)
Third-party access	Yes – cloud servers process audio	No – stays on device
Discoverable in litigation	Yes – subpoena the vendor	No – no vendor to subpoena
AI training on your data	Possible – check terms carefully	Impossible – data never leaves device
Server access logs	Yes – creates metadata trail	No – no servers involved
Privilege waiver risk	High	None

Practical Guidance for Legal Professionals

If you're a lawyer, in-house counsel, or legal professional handling confidential client communications, here's what you need to do:

Audit your current AI tools: Review every AI transcription or meeting assistant you use. Does it upload audio to the cloud? If yes, it poses a privilege risk.
Stop using cloud AI for privileged calls: Immediately cease using Otter, Fireflies, Zoom AI Companion, or any cloud-based transcription for attorney-client communications.
Switch to on-device AI: Tools like Basil AI that process everything locally on your iPhone or Mac eliminate third-party access and preserve privilege.
Update your privilege protocols: Add language to your firm's privilege policies explicitly prohibiting cloud-based AI tools for privileged communications.
Inform clients about AI risks: Clients have a right to know if you're using AI tools that could waive privilege. Obtain informed consent before using any AI transcription.
Document your privacy measures: If challenged on privilege, be able to demonstrate that you took reasonable precautions to maintain confidentiality—including using on-device AI rather than cloud services.

Why This Matters for All Regulated Industries

While this article focuses on attorney-client privilege, the same principles apply to other confidential relationships:

Healthcare (HIPAA): Doctor-patient conversations transcribed via cloud AI could violate HIPAA by sharing PHI with unauthorized third parties
Finance (SEC, FINRA): Financial advisors discussing client portfolios via cloud AI may breach fiduciary duties and compliance requirements
Executives (corporate confidentiality): M&A discussions, strategic planning, and board meetings transcribed in the cloud can expose trade secrets
Therapists (confidentiality laws): Mental health professionals using cloud transcription for patient sessions risk violating state confidentiality statutes

In every case, the principle is the same: confidentiality requires exclusive control over communications, which cloud AI services cannot provide.

The Future of Legal Tech: Privacy by Design

The legal profession is beginning to recognize that AI tools must be designed with privilege and confidentiality in mind from day one—not bolted on through vendor agreements after the fact.

On-device AI represents the future of privacy-preserving legal technology:

Apple's commitment to on-device processing: With Apple Intelligence and on-device Foundation Models, Apple has shown that powerful AI doesn't require cloud infrastructure
Edge computing for privacy: Processing data at the edge (on user devices) rather than in centralized clouds is the only architecture that guarantees zero third-party access
Regulatory momentum: GDPR, CPRA, and emerging AI regulations increasingly favor data minimization and local processing over cloud storage

Legal professionals who adopt on-device AI now will be ahead of the curve as courts and regulators catch up to the privilege risks of cloud-based AI tools.

Conclusion: Protect Your Privilege Before It's Too Late

Attorney-client privilege is the foundation of effective legal representation. Once waived, it cannot be restored. Every time you use a cloud-based AI meeting assistant for a privileged call, you're gambling with a 400-year-old legal protection.

The question isn't whether cloud AI transcription creates privilege risks—it does. The question is whether you're willing to take that risk with your clients' confidential communications.

On-device AI eliminates this entire category of risk. With tools like Basil AI, your privileged calls are transcribed using Apple's on-device speech recognition, stored locally in Apple Notes, and never touch a third-party server. It's the only way to leverage AI meeting notes while preserving attorney-client privilege.

      Bottom Line: Cloud AI assistants create discoverable records that can waive attorney-client privilege. On-device AI processing is the only technology that preserves confidentiality while enabling AI-powered transcription. For legal professionals handling privileged communications, the choice is clear.
    

Keep Your Meetings Private with Basil AI

100% on-device processing. No cloud. No data mining. No privacy risks.

Free to try • 3-day trial for Pro features