Is Otter.ai safe for work?
Medium risk · 34Otter.ai, Inc. · Meetings & notetakers · facts (medium-confidence)
Otter.ai is medium-risk for default at-work use (34/100): it trains on your data unless you opt out, and holds SOC 2 Type II.
34
Medium risk
Watch out: Otter trains its own models on de-identified user content by default and its meeting assistant can auto-join calendar meetings, raising consent and surveillance concerns (it is the subject of a wiretap/consent class action).
Data and compliance facts
- Trains on consumer-tier data
- Opt-out
- Trains on business-tier data
- Opt-out
- Training opt-out available
- Yes
- SOC 2 Type II
- Yes
- ISO 27001
- Unverified
- ISO 42001 (AI management)
- Unverified
- GDPR Data Processing Addendum
- Yes
- HIPAA BAA
- Yes
- EU data residency
- Unverified
- SSO / SAML
- Yes
- Data retention
- Conversations stored on Otter's cloud (AWS S3, AES-256) until deleted; deleted items auto-purge from trash after 30 days; admins can set custom auto-deletion durations.
- Safer tier
- Enterprise
Why it scores 34 out of 100
- +14Trains on your data unless you opt out. Training is on by default on the consumer tier; you must find and toggle the opt-out.
- +8Business-tier training is opt-out. The paid tier still trains on your data until you opt out.
- +6No ISO 27001. No ISO/IEC 27001 information-security certification found.
- +6No EU data residency. Data cannot be guaranteed to stay in the EU.