In my earlier article on AI transcription tools and GDPR, I looked at how many businesses are switching AI meeting systems on without fully understanding what happens to the data afterwards.
I then reviewed Otter.ai and GDPR using a simple question:
“What can an ordinary business owner realistically work out from the publicly available information before enabling this for client meetings?”
This article applies the same practical approach to Fathom.
This is not a technical security audit and it is not legal advice.
It is a practical attempt to understand:
- what the platform appears to do
- what controls appear to exist
- what remains unclear
- and why that matters if meetings involve sensitive information.
Why we looked at Fathom
Fathom is increasingly recommended by:
- Virtual Assistants
- consultants
- coaches
- sales teams
- online businesses
because it can:
- record meetings
- generate AI summaries
- create searchable transcripts
- integrate with CRMs
- connect with calendars and meeting systems
- and automate follow-up workflows.
Like Otter.ai, it is often presented as a productivity tool designed to save time and reduce admin.
But the deeper we dug, the clearer it became that these systems are not simply “meeting note apps”.
They are increasingly operating as:
- searchable organisational knowledge systems
- AI workflow tools
- CRM-connected information platforms
- and automated meeting analysis systems.
That creates a very different operational picture from:
“we just recorded the call.”
What we could establish from Fathom’s published information
Retention controls
| Account type | What we found publicly | Why it matters |
|---|---|---|
| Free accounts | We could not find a clear plain-English explanation of retention controls for free users | Businesses may not know how long meeting data remains accessible |
| Paid/business plans | Fathom refers to admin and workspace functionality in some documentation | Controls may depend on workspace/account type |
| Enterprise/admin-managed accounts | Some enterprise controls appear available, but details are scattered across support and sales materials | Larger organisations may have more control over visibility and sharing |
Sources:
Fathom pricing
Fathom help centre
As with Otter.ai, one important issue is that “using Fathom” may mean very different things depending on:
- account level
- workspace settings
- integrations
- admin permissions
- and organisational controls.
Two businesses could both say they are using Fathom while actually operating with very different levels of visibility and control.
AI summaries and searchable transcripts
| Question | What we found publicly | Why it matters |
|---|---|---|
| Does Fathom create AI summaries? | Yes | This is more than a simple recording tool |
| Are transcripts searchable later? | Yes | Sensitive conversations may remain searchable after meetings |
| Does Fathom actively promote AI workflows and insights? | Yes | Meeting content may become part of wider operational systems |
Sources:
Fathom homepage
Fathom features
This is one of the biggest misunderstandings I see around AI meeting systems.
Many people still imagine:
“the meeting was recorded.”
In reality, the platform may also be:
- transcribing
- indexing
- summarising
- storing
- categorising
- integrating with other systems
- and making conversations searchable later.
That is a very different operational environment from a simple replay recording.
Sharing, downloads and integrations
| Question | What we found publicly | Why it matters |
|---|---|---|
| Can transcripts and notes be shared? | Yes | Meeting information may move beyond the original participants |
| Does Fathom integrate with CRMs? | Yes, including HubSpot and Salesforce | Meeting information may flow into wider business systems |
| Can Fathom integrate with Zoom, Teams and calendars? | Yes | Meetings may be automatically captured or connected |
| Does Fathom promote workflow automation? | Yes | Meeting content may become embedded in operational systems |
Sources:
Fathom integrations
Fathom homepage
Again, that does not automatically make the platform inappropriate.
But businesses should understand they may be enabling:
- searchable organisational records
- CRM syncing
- AI-generated summaries
- workflow automation
- and wider information sharing,
rather than simply creating meeting notes.
Storage, processing and consent
| Question | What we found publicly | Why it matters |
|---|---|---|
| Is UK-only storage clearly offered? | We could not clearly establish this from the public-facing information reviewed | UK businesses may need to consider international transfers |
| Does publicly available information suggest US-based processing? | Yes | Sensitive data may be processed outside the UK |
| Who is responsible for lawful use and consent? | Responsibility appears to remain with the customer/user | Businesses remain responsible if people later complain they did not properly understand the processing |
Sources:
Fathom privacy policy
Fathom terms
This is particularly important where meetings may involve:
- medical information
- children’s data
- safeguarding discussions
- family situations
- confidential financial discussions
- or other sensitive information.
Simply saying:
“This meeting may be recorded”
may not always be enough if people do not properly understand that AI summaries, searchable transcripts, downloads, integrations and cloud processing may also be involved.
In practice, that means people should understand not just that a meeting is being recorded, but also whether AI transcription, summaries, searchable transcripts, downloads, cloud storage or third-party processing are involved.
Questions we could not clearly answer from the public information
At the time of writing, we could not clearly establish from Fathom’s public-facing information:
- whether all account types can fully opt out of AI learning or model improvement
- exactly which retention controls apply to which plans
- whether all sharing permissions are role-based
- whether transcript visibility can always be tightly restricted
- what level of admin control exists on lower-tier plans
- whether deletion removes all copies immediately or only user-visible versions
That does not necessarily mean the controls do not exist.
But it does mean ordinary businesses may struggle to build a clear operational picture before switching the platform on.
Our practical concern
As with Otter.ai, I would personally be cautious about using Fathom for meetings involving:
- medical information
- children’s data
- safeguarding discussions
- highly sensitive financial conversations
- or other confidential personal data
unless someone has properly reviewed:
- the account settings
- integrations
- retention controls
- workspace visibility
- sharing permissions
- and admin options
on the specific version being used.
Many businesses still appear to think of these systems as simple meeting note tools when they may actually function as searchable, integrated AI knowledge systems connected to wider organisational workflows.
Thought about Fathom
Fathom is clearly a sophisticated and powerful platform.
But it is also clear that understanding exactly:
- what data is stored
- who can access it
- what controls apply
- and what happens to meeting information afterwards
takes considerably more digging than many ordinary businesses are realistically going to do before enabling the software.
The conversation around AI transcription tools and GDPR is only just beginning.
If you have not yet read the earlier articles in this series, start here:
