Why Your AI Meeting Assistant Isn't as Private as You Think
You just finished a meeting where your team discussed a pending acquisition, a client’s medical situation, or the exact terms of a deal you’ve been working on for six months. Your AI meeting assistant captured every word, generated a clean summary, and sent it to your inbox within minutes.
What you probably didn’t notice: every one of those words left your device and passed through a third-party cloud server before that summary was generated.
This isn’t a fringe concern. It’s how virtually every major AI meeting tool works — and for businesses operating under GDPR, POPIA, HIPAA, or any client confidentiality obligation, it’s a compliance exposure hiding in plain sight.
How AI Meeting Tools Actually Work
Otter.ai, Fireflies.ai, Granola, and most of their competitors follow the same basic architecture. Your audio is recorded, transcribed (either locally or in the cloud), and then the raw transcript is shipped to a large language model API — typically OpenAI, Anthropic, or Google — for summarization and action item extraction.
The transcript that gets sent is the full, unfiltered version. That means:
- Client names — the person you just promised confidentiality to
- Financial figures — deal sizes, valuations, account balances
- Medical information — patient details discussed in clinical handoffs or HR conversations
- Legal strategy — privileged attorney-client discussions
- Proprietary deal terms — NDAs, acquisition structures, employment negotiations
All of it goes to a server you don’t control, processed by a model trained and operated by a company whose business interests may not align with yours.
The transcript doesn’t get “anonymized” before it leaves. There’s no filtering step. It goes as-is.
The Privacy Policy Loophole You Haven’t Read
Most AI meeting tools have privacy policies that contain some variation of the following: data may be used to improve our models, train our systems, or enhance our services.
Even where opt-outs exist, the defaults are rarely privacy-preserving. And “opt-out of training” doesn’t mean “opt-out of storage” or “opt-out of human review.” Many of these companies explicitly reserve the right to have employees review transcripts for quality assurance.
If you haven’t read the full data processing agreement for every AI tool your team uses, you don’t actually know where your meeting data goes or how long it’s retained.
You May Already Be in Violation
This isn’t hypothetical. Under GDPR, sending personally identifiable information to a third-party processor without a valid Data Processing Agreement (DPA) is a violation — even if the third party is a well-known US tech company. The fines are real: up to 4% of global annual turnover.
Under POPIA (South Africa’s Protection of Personal Information Act), similar obligations apply. You must have a lawful basis for processing personal information, inform data subjects about third-party transfers, and ensure those third parties meet the same standard you’re held to.
Under HIPAA, the rules are even stricter. Any Business Associate Agreement (BAA) must be in place before protected health information can be shared with a vendor. Most AI meeting tools don’t offer HIPAA-compliant configurations at all.
Beyond regulatory exposure, there’s the question of professional ethics. Law firms have attorney-client privilege. Medical practices have patient confidentiality. Financial advisors have fiduciary obligations. Using an AI meeting tool that routes transcripts through a third party may breach those obligations without anyone in leadership realizing it.
”But We Agreed to Their Terms”
Agreeing to a vendor’s terms of service is not the same as obtaining valid consent from the people being recorded. Your client didn’t agree to have their name, deal terms, and financial details processed by an AI company in another jurisdiction. Your employee didn’t consent to their HR conversation being analyzed by a third-party model.
The person whose data it is has rights that exist independently of whatever your company signed up for.
The Fundamental Problem: Cloud PII Detection Is a Contradiction
Some tools advertise that they “anonymize” data before sending it to AI. But there’s a logical flaw in that approach: if anonymization happens on a cloud server, the data already left your device. The moment it hit that server — raw and unfiltered — the exposure already occurred.
You can’t protect privacy by sending data to the cloud and then stripping it there. The protection has to happen before the data moves.
How Veil Solves This
Veil takes the opposite approach. Before any text is sent anywhere, an on-device model called Shade scans the transcript and detects personally identifiable information.
Shade is a fine-tuned DeBERTa-v3-xsmall model — 22 million parameters, running entirely on your Mac. It achieves 97.6% F1 on PII detection across 12 entity types: names, organizations, phone numbers, email addresses, financial figures, government IDs, bank account numbers, dates, addresses, IP addresses, card numbers, and legal case references. Inference takes under 50ms.
When Shade finds a name like “Sarah Chen from Westpac,” it replaces it with a token: [PERSON_1] from [ORG_1]. That token is then swapped with a realistic pseudonym — “Alex Rivera from Meridian Bank” — before the text ever reaches the AI API.
The AI sees a coherent, realistic transcript. It produces a useful summary. But it never sees a single real name, real amount, or real identifier from your meeting.
When the summary comes back, Veil reverses the process locally: pseudonyms become tokens, tokens become the original values, and you see an accurate summary with the real names and figures restored — all processed on your device, never in the cloud.
What Veil Detects (That Others Miss)
Generic PII detection models trained on US and European data miss a lot. Veil’s Shade model was specifically trained on:
- South African ID numbers and rand-denominated financial figures
- Regional organization names that US-trained models don’t recognize
- Legal case number formats used in Commonwealth jurisdictions
- Business meeting language where context matters — “the deal with Marcus” means Marcus is a person, not a product
This matters because real-world transcripts are messy and regional. A model that scores well on a benchmark of clean US text may perform poorly on an actual meeting recording from Cape Town or London.
Built for High-Stakes Conversations
Veil is designed for the industries where privacy isn’t optional:
Law firms handle privileged communications. Every word in a client meeting carries confidentiality obligations that survive the end of the representation. Routing transcripts through a cloud AI is incompatible with those obligations.
Banks and financial services operate under strict data governance requirements. Client account details, investment strategies, and deal structures are regulated information. They belong on your systems, not in a third party’s training data.
Medical groups and healthcare providers deal with protected health information every day — in clinical handoffs, administrative discussions, and referral calls. HIPAA requires that PHI be handled with specific safeguards that most AI meeting tools simply don’t provide.
Government and public sector organizations handle information that is sensitive by definition. The idea of civil servant meeting transcripts being processed by a commercial AI company’s cloud infrastructure should be alarming to anyone in a procurement or compliance role.
The Standard Should Be Higher
The AI meeting tool category has moved fast. Features have improved rapidly. But privacy architecture hasn’t kept pace with adoption. Most tools still operate as if the privacy concerns are hypothetical or niche.
They’re not. Every regulated industry has binding obligations. Every professional services firm has confidentiality duties. Every organization with a competent legal team should be asking hard questions about where their meeting data goes.
The fact that a tool is popular doesn’t mean it’s compliant. The fact that your competitors use it doesn’t mean you’re covered if something goes wrong.
A Better Default
Veil’s position is simple: the AI should never see the real data. Not as an optional setting. Not as an enterprise add-on. As the default.
On-device PII detection with Shade, pseudonymization before any network request, and local rehydration after the AI responds. The meeting summary is just as useful. The privacy exposure is eliminated.
Your clients trusted you with that conversation. The AI doesn’t need to know who they are.
Veil is available for macOS. Learn more at helloveil.com.