Consent & Compliance
Frequently asked questions about recording consent and compliance with BuildBetter
Consent & Compliance
Recording Consent
Yes. In most jurisdictions, you need some form of consent to record conversations. The specific requirements vary by location:
- One-party consent jurisdictions: At least one participant in the conversation must consent to recording (which can be you). This is the federal standard established by the Electronic Communications Privacy Act (ECPA).
- Two-party/all-party consent jurisdictions: All participants must consent to recording. This applies in 11 states plus Washington D.C.
BuildBetter provides tools to help with consent management, but legal compliance remains your responsibility. We recommend consulting with your legal team regarding specific requirements for your location and use case.
BuildBetter offers several consent tools:
- Pre-call consent emails: Automatically sent 24 hours before the call, notifying participants that the call will be recorded and offering them the option to opt out. This can be configured in your account settings.
- In-call consent pop-ups: When joining a call, participants see a clear pop-up indicating that recording is active, and they confirm their consent through the meeting platform (Zoom, MS Teams, Google Meet).
- Visual indicators: Clear recording indicators in supported meeting platforms.
- Chat messages: Automated consent messages in meeting chat.
- Custom consent workflows: Enterprise customers can design custom consent processes.
These tools can be configured to match your organization’s compliance requirements and help ensure compliance with both federal and state-specific laws.
If a participant doesn’t consent to recording, you should follow these best practices:
- Stop or pause recording: BuildBetter allows you to pause or stop recording at any time
- Offer alternatives: Suggest alternative ways to participate (e.g., written input)
- Document objection: Note the objection in your records
- Post-meeting editing: You can edit transcripts to remove content if needed
Participants can revoke consent by explicitly stating so or by leaving the call. For meetings in all-party consent jurisdictions, recording should not proceed without everyone’s consent.
BuildBetter only records meetings according to rules you configure. You have complete control through:
- Recording rules: Set criteria for which meetings to record
- Calendar settings: Specify which calendars to monitor
- Manual controls: Override automatic settings for specific meetings
- Blacklist options: Exclude specific meeting types or participants
The system never records without your explicit configuration and permission, and always follows the consent workflows you’ve established.
Legal Compliance
All-party consent is required in various jurisdictions, including:
U.S. States with all-party consent laws:
- California
- Connecticut
- Florida
- Illinois
- Maryland
- Massachusetts
- Montana
- New Hampshire
- Pennsylvania
- Washington
- Nevada (despite its one-party stance in-person)
- Washington D.C.
Countries with strict recording consent regulations:
- Australia (varies by state)
- Canada (for private conversations)
- Germany
- Switzerland
- United Kingdom (for business purposes)
This list is not exhaustive, and laws change frequently. You can find detailed information about state laws on recording at:
Always verify current requirements for your jurisdiction.
Courts have generally ruled that AI-powered transcription is treated similarly to recording, particularly in states requiring all-party consent. For example, California’s TranscriptionStar case under Penal Code §632 established that transcription services are subject to the same consent requirements as recordings.
This means that BuildBetter’s transcription process must also be compliant with:
- State-specific recording consent laws
- Relevant data protection regulations like HIPAA and CCPA where applicable
BuildBetter’s compliance certifications (SOC 2, GDPR, HIPAA) ensure that both recording and transcription processes meet regulatory requirements.
GDPR compliance for recordings requires several measures:
- Legal basis: Establish a legal basis for processing (consent, legitimate interest, etc.)
- Transparency: Clearly inform participants about recording before the meeting
- Data minimization: Only record necessary meetings and content
- Access controls: Limit access to recordings to those with a need to know
- Retention limits: Set appropriate retention periods
- Subject rights: Honor data subject requests (access, deletion, etc.)
BuildBetter provides tools to help with these requirements, including consent mechanisms, access controls, and retention settings. Our platform is fully GDPR compliant, giving you the necessary infrastructure to maintain compliance.
BuildBetter maintains several key compliance certifications:
- SOC 2 Type 2: Covering security, availability, and confidentiality
- GDPR: Full compliance with European data protection requirements
- HIPAA: Healthcare data protection (available for healthcare customers)
- CCPA/CPRA: California privacy requirements
We also provide an AI Transparency Policy detailing how our AI technologies are used and how data is handled.
These certifications ensure that BuildBetter’s data handling practices meet the highest standards for security and privacy. For detailed documentation, enterprise customers can request access to our complete compliance package.
Yes. BuildBetter offers several documentation features:
- Consent logs: Records of notification delivery and acknowledgments
- Access logs: Tracking who has viewed recordings
- Processing records: Documentation of data processing activities
- Retention tracking: Records of when data is deleted according to policies
- Policy management: Tools to document and implement compliance policies
Enterprise customers have access to additional compliance reporting features and can request access to our detailed security documentation.
Privacy Controls
BuildBetter offers several content protection features:
- Automatic PII detection: Identifies potentially sensitive information
- Redaction tools: Remove sensitive content from transcripts
- Custom vocabulary filters: Set specific terms for automatic redaction
- Access restrictions: Limit who can view sensitive recordings
- Export controls: Manage how content can be shared
These tools help protect sensitive information while preserving valuable insights.
Yes. BuildBetter provides several post-recording editing capabilities:
- Transcript editing: Modify or remove specific content
- Redaction: Obscure sensitive information
- Segment removal: Delete portions of recordings
- Custom exports: Create sanitized versions for sharing
- Annotations: Add context or corrections
Editing capabilities help you maintain compliance while preserving valuable information.
Retention periods are customizable based on your requirements:
- Starter plan: 30-day default retention
- Professional plan: 90-day default retention
- Enterprise plan: Custom retention policies
You can configure different retention periods for different meeting types or content categories. Automatic deletion occurs at the end of the configured retention period.
Your organization retains full ownership of all data recorded and processed in BuildBetter. As our founder Spencer puts it: “BuildBetter excels at a lot of stuff, but one of the big ones is I can confidently say that no other call recorder can: ‘it’s your data.’”
Your data is:
- Never used to train our AI models
- Never shared with third parties without your explicit permission
- Fully exportable at any time
- Deletable at your request
BuildBetter acts as a data processor, not a data controller (unless specifically arranged otherwise), meaning you maintain ultimate control over your information.
Best Practices
Based on our experience and legal research, we recommend these consent best practices:
- Advance notice: Include recording notices in meeting invitations and send pre-call consent emails (BuildBetter can automate this)
- Verbal confirmation: Announce recording at the start of meetings
- Visual indicators: Ensure recording status is visible to all participants
- Opt-out option: Provide clear instructions for objecting to recording
- Purpose explanation: Clearly state why recording is happening and how it will be used
- Access transparency: Inform participants about who will have access to recordings
At a minimum, companies should notify all call participants about recordings. In many internal settings (like customer support or user research), consent may already be covered under broader corporate policies. However, BuildBetter’s layered consent system is designed to preempt any legal issues by verifying and displaying consent clearly at every stage.
Following these practices helps build trust while maintaining compliance across jurisdictions.
Effective team training should include:
- Policy education: Clear guidelines on when and how to record
- Legal requirements: Basic understanding of applicable laws (federal one-party consent and state-specific requirements)
- Consent procedures: Proper methods for obtaining and documenting consent
- System training: How to use BuildBetter’s consent features
- Scenario practice: Handling objections or special situations
- Regular updates: Refreshers when policies or laws change
BuildBetter provides training materials and getting-started videos that you can customize for your organization. These resources are available at app.buildbetter.app/getting-started.
Yes. We strongly recommend creating a formal recording policy that addresses:
- When recording is permitted or required
- Who has authority to initiate recordings
- Proper consent procedures based on jurisdiction
- Access and sharing restrictions
- Retention and deletion schedules
- Handling of sensitive information
- Compliance with applicable regulations
Your policy should account for both federal standards (ECPA) and any state-specific requirements that apply to your operations. BuildBetter can provide policy templates as a starting point for your organization.
For enterprise customers operating across multiple jurisdictions, we recommend a policy that defaults to the strictest applicable standards (typically all-party consent) to simplify compliance.
Risk Mitigation
The primary legal risks associated with recording meetings include:
- Compliance violations: Failing to obtain proper consent as required by state or federal laws
- Privacy infringement: Recording confidential or sensitive conversations without appropriate safeguards
- Data protection issues: Not properly securing or handling recorded content
- Contractual breaches: Violating terms of employment or service agreements regarding confidentiality
BuildBetter’s multi-tiered approach minimizes these legal risks by:
- Integrating federal one-party consent requirements as defined by the ECPA
- Implementing additional measures to meet stricter state laws and all-party consent states
- Providing robust consent acquisition workflows (pre-call emails and in-call notifications)
- Ensuring participants are fully aware of and can manage their consent at any time
This comprehensive approach helps protect your organization while maintaining ethical recording practices.
For organizations operating across multiple states or countries, we recommend:
- Default to the strictest standard: Apply all-party consent rules to all recordings to simplify compliance
- Implement location detection: Configure settings based on participant locations when possible
- Document state-specific procedures: Maintain clear guidance for employees on jurisdiction-specific requirements
- Regular policy reviews: Update procedures as laws change
BuildBetter’s platform can accommodate these multi-jurisdiction strategies while maintaining consistent user experiences and workflows.
Need compliance assistance?
Contact our compliance specialists for personalized guidance
Was this page helpful?