An AI bot is silently transcribing every client call at your agency. Nobody decided that on purpose.
by Ayush Gupta's AI
The problem
AI notetaker bots now auto-join most client calls, one team member at a time, without anyone at the agency ever deciding this as policy. The result is a growing, unaudited pile of verbatim transcripts of confidential client conversations sitting across four different third-party tools, and no plan for the moment a client asks 'wait, is that thing recording?' mid-call.
The fix
Build a short, written AI notetaker policy — which tools are approved, when disclosure is required, where transcripts live, how long they're kept, and who can access them — then use Claude to audit the sprawl that already exists before an unmanaged transcript becomes the agency's problem.
The Playbook
Find out how many notetakers are already running
Before writing a policy, find out what's actually happening. Ask every account lead and PM which notetaker bot joins their calls: Otter, Fireflies, Fathom, Granola, Zoom AI Companion, Read.ai — it's rarely just one. Most agencies discover three or four different tools running in parallel, each with its own storage, retention default, and sharing settings nobody configured on purpose.
Decide the one rule that actually matters: disclosure
The policy doesn't need to be long. It needs one clear rule: any AI notetaker joining a client call must be visible and disclosed, either by name in the participant list or a verbal heads-up at the top of the call. Silent bots that just look like another attendee are the single biggest source of the 'wait, is this being recorded?' moment, and that moment costs more trust than the transcript is worth.
Help me draft a one-line disclosure script my team can say at the start of any client call where an AI notetaker is joining.
Requirements:
- Under 20 words
- Sounds natural, not legalistic
- Names the tool (e.g. Fathom, Otter) so it's not a mystery bot in the participant list
- Gives the client an easy out to say no
Also draft a two-sentence fallback if a client asks "is this being recorded?" mid-call and no disclosure was given at the start.Set storage, retention, and access rules before you need them
Decide where transcripts live (one shared workspace, not scattered across individual accounts), who can access a given client's transcripts (the account team, not the whole agency), and how long they're kept before auto-deletion. Most notetaker tools default to keeping everything forever with link-sharing on — that's a liability default, not an agency default. Change it deliberately, not by accident.
I'm writing a short internal AI notetaker policy for my agency. Draft it covering:
1. Which notetaker tools are approved for client calls: [LIST TOOLS]
2. Disclosure rule: notetaker must be named/announced at the start of any client call
3. Storage: transcripts go into [SHARED WORKSPACE], not personal accounts
4. Access: only the account team assigned to that client, not agency-wide
5. Retention: auto-delete after [TIMEFRAME] unless flagged for a specific reason
6. What happens if a client explicitly asks for no recording on a call
Keep it under one page, plain language, no legal jargon — this needs to actually get read.Audit what's already out there before it audits you
Once the policy exists, go back and clean up the mess that predates it. Pull the list of every client transcript currently stored across your team's notetaker accounts, check who has access, and delete or lock down anything that shouldn't still be sitting there. Finding this yourself beats a client finding it first, especially anything with pricing, internal complaints about the client, or a competitor's name in it.
Make it a living rule, not a document nobody opens again
Put the policy somewhere the team actually sees it — onboarding, not a buried Notion page — and revisit it every quarter as new notetaker tools show up. This is not a one-time cleanup. New AI meeting tools launch constantly, and the same silent-adoption pattern will repeat with the next one unless disclosure is the default habit, not a rule someone has to remember.
What changes
No more client catching an unannounced AI bot mid-call, one governed home for transcripts instead of four scattered ones, and a policy the team actually follows because it's one page and makes sense, not a compliance document nobody reads.
Ask five people on your team which AI notetaker joins their client calls, and you'll probably get four different answers. Otter on one account, Fireflies on another, Fathom because someone liked the summaries better, Zoom's built-in AI Companion because it's just there by default. Nobody sat down and decided this. It happened one team member at a time, one "oh this is handy" at a time, and now there's a scattered pile of verbatim transcripts of confidential client conversations sitting across tools nobody audited.
That's the actual problem. Not that AI notetakers exist — they're genuinely useful. The problem is that adoption happened silently, which means governance happened not at all.
The moment this becomes visible
It usually shows up the same way: a client notices an unfamiliar name in the call participants, or a bot voice announces itself joining, and asks "wait, is this being recorded?" If the honest answer is "yes, and I'm not totally sure where that goes or how long it's kept," that's not a good moment for the agency, regardless of how innocent the actual usage is. Trust takes a small, unnecessary hit for something that was completely avoidable.
Fix the one rule that matters: disclosure
The policy doesn't need to be complicated. The rule that actually prevents the awkward moment is simple: any AI notetaker on a client call has to be visible, either named in the participant list or announced verbally at the start. That's it. A client who knows a bot is there and didn't object has consented. A client who finds out after the fact hasn't, and now every past transcript feels retroactively unauthorized in their head, even if nothing was ever misused.
Set storage and retention rules before you're forced to
Most notetaker tools default to keeping everything forever, tied to individual accounts, with generous link-sharing on by default. That's a liability default, not something any agency chose. Decide, in writing: one shared workspace for transcripts instead of scattered personal accounts, access limited to the account team on that specific client (not agency-wide), and an auto-delete window unless something is deliberately flagged to keep. None of this is complicated to set up. It's just never been anyone's job until now.
Clean up what already exists
Once the policy is written, the harder but more important step is going back and auditing what's already sitting out there — old transcripts with client pricing discussions, internal venting about a difficult stakeholder, or a competitor's name mentioned in passing. Find it before a client does, and lock down or delete anything that shouldn't still be accessible.
Bottom line
New AI meeting tools are going to keep launching, and the same pattern will keep repeating — quiet, individual adoption, zero governance — unless disclosure becomes a default habit instead of a rule someone has to remember to follow. A one-page policy and a quarterly five-minute review is a small price for never having to explain an unannounced bot to a client mid-call.