Otter.ai is the meeting AI most teams try first. It is widely available, the free tier is generous, and the integrations cover the calendars and conferencing tools every team already uses. For a US-based team, it is a sensible starting point.

For an EU-based team, it is a sensible starting point that often does not survive a procurement review. Not because Otter is doing anything wrong, it is doing exactly what its US-based architecture was built to do. Because that architecture sits at an awkward angle to GDPR.

This article walks through what Otter does well, where the friction lives for EU buyers, and what the questions to ask in the demo call actually are. No disparagement; just the fact pattern your compliance team will assemble anyway.

What Otter does well

Credit where it is due. Otter ships several things that most competitors copy badly:

Live transcription during the meeting, with speaker attribution that gets better the more the team uses it.
Notetaker bot integrations for Zoom, Google Meet, Microsoft Teams. One click and the bot joins the call.
Search across the team's entire meeting history. This is a real productivity gain when it works for your data residency requirements.
AI Chat over your meetings. Ask "what did we agree to do about pricing last quarter?" and get a synthesized answer.
Free tier. A team can validate the workflow before procurement is involved at all.

If your team is in the US, on a US-hosted stack, with no GDPR exposure, Otter is genuinely good software. The trade-offs below do not apply to you.

Where Otter creates friction for EU teams

The friction is mostly about where the data lives, how long it stays there, and what is done with it. Three areas, in order of how often they come up.

1. Data residency

Otter's infrastructure is US-based. By default, audio and transcripts live in US data centers regardless of where the user is. EU residency is positioned as an enterprise tier feature, not as a default for every customer.

For EU teams under GDPR Article 5(1)(f) and the international transfer rules in Articles 44–50, this means every Otter session is a transfer to a third country. That is not illegal, but it is documented in your records of processing and it depends on the EU-US Data Privacy Framework, which has been challenged repeatedly. Procurement will ask. Legal will ask. The answer is "yes, it transfers" and the conversation goes from there.

2. Retention by default

Otter retains audio and transcripts until the user deletes them. Storage is durable, encrypted, and persistent. There is no default expiration window short enough to satisfy data minimization (GDPR Article 5(1)(c)) without a separate manual deletion policy on the customer's side.

For some teams this is fine. For teams in regulated industries, financial services, healthcare, legal, it is not. The default-on indefinite retention shifts the burden to the customer to set up automated deletion, which most teams do not do, which means the recordings of their executive meetings sit in a US data center for years.

3. Use of data for AI improvement

Otter's privacy policy reserves the right to use aggregated and anonymized data for service improvement. The exact wording matters for procurement; check the version live at the time you are evaluating.

The core tension is that "anonymized voice data" is a contested category. Voice carries biometric signal that is hard to fully anonymize. For EU teams under GDPR Article 9 (special categories of personal data, which includes biometric data when used for unique identification), this is one more conversation with the DPO.

The comparison procurement will assemble

Criterion	Otter.ai (default)	What an EU-default vendor offers
Storage region	US	EU
Processing region	US	EU
Source media retention	Indefinite	Hours, not days
Summary retention	Indefinite	Hours, not days
Training on user data	Aggregated / anonymized used	None
Sub-processor list	Available, US-heavy	Available, EU-resident
DPA standard terms	Available	Available
EU-US DPF dependency	Yes	None

The right column is what compliance asks for. EnClair sits there. So do a handful of EU-native vendors. The point is not that Otter is wrong; it is that the default Otter offers is a different trade-off than the one EU procurement is built around.

Questions to ask in the demo

The demo call is the cheapest moment to surface friction. Five questions to put on the agenda:

Where is audio stored, and where is it processed? (Two questions. Storage and processing can differ, see Fireflies for the precedent.)
What is the default source-media retention, in hours, and is shorter retention available on lower-tier plans?
Is user data used to train, evaluate, or improve any model, including via aggregation? If so, is opt-out available per tenant, on a self-serve basis?
Is the sub-processor list EU-resident? How are changes communicated, and on what notice period?
Does the DPA include the standard contractual clauses for international transfers, or do we sign a custom addendum?

If the vendor cannot answer in writing within a week, your compliance team has its answer.

What this means for your shortlist

Otter is on the shortlist for many EU teams because it is the default starting point. It often falls off the shortlist after the procurement conversation because the default trade-offs are aimed at the US market. For EU teams that genuinely need EU residency, short retention, and no training-on-data, the legal, healthcare, public-sector, and most enterprise verticals, the shortlist looks different.

Tools built EU-default, including EnClair, exist precisely because that procurement conversation kept happening. The fact pattern is documented enough now that the trade-off is not surprising; it is a known choice point in the buyer's journey.

A note on retention

EnClair stores audio and summaries for 24 hours, then deletes both. Hosting is in Europe. We do not train models on user inputs or outputs. The full posture is on the security page.

What to take from this

Otter.ai is good software with a US-default architecture. For US teams, that is fine. For EU teams under GDPR, the trade-offs add up to procurement friction every time. The decision is not about which tool is "better", it is about which tool's defaults match your jurisdiction. When the defaults match, the procurement call lasts twenty minutes.