The problem nobody wants to look at
If you're a lawyer in Spain, France, or Germany and you use Otter, Plaud, Limitless, Granola, Fireflies, or Fathom to transcribe client meetings, there's a conversation you probably haven't had with your DPO: all six competitors process in the United States.
It's not marketing. It's what their DPAs and subprocessor pages say.
Why it matters: Schrems II
In July 2020, the CJEU invalidated the EU-US Privacy Shield (C-311/18). Since then, transferring European personal data to the US requires:
- Standard Contractual Clauses (SCCs) signed with the provider.
- Transfer Impact Assessment (TIA) documenting the risks.
- Additional technical measures (end-to-end encryption, pseudonymization) where applicable.
Compliance is hard. Spanish DPAs have fined companies for transferring data to the US without these safeguards.
For a law firm, the content of a client meeting is information covered by professional secrecy. Processing it in a foreign jurisdiction without Schrems II safeguards is a double risk: regulatory and deontological.
What competitors do
| Product | Processed in | DPA available |
|---|---|---|
| Otter | US (AWS) | Yes |
| Plaud | US (AWS) | Yes |
| Limitless | US | Yes |
| Granola | US | Yes |
| Fireflies | US | Yes |
| Fathom | US | Yes |
Having a DPA is necessary but not sufficient. The question is where the data physically resides during processing. And the answer for all six is: on US territory.
How AudioMap does it
AudioMap is designed differently: EU-first by architecture, not by configuration.
- Storage: Cloudflare R2 with EU jurisdiction explicitly (not global, which routes to the US).
- Transcription: AssemblyAI via its European endpoint (`api.eu.assemblyai.com`).
- Language models: Google Vertex AI in `europe-west1` (Netherlands).
- Workers and database: dedicated Hetzner server in Germany (Falkenstein).
- Sentry: EU region.
[Public subprocessor list](/legal/subprocessors) · [Data sovereignty policy](/legal/data-residency).
What we don't do
We don't have a bot that joins the video call to record. We don't promise "silent recording" as a value proposition. We don't process voices in the US and then say we "respect GDPR."
If this sounds familiar
If you run a law firm, a clinic, or a tax advisory in Spain and need transcription + AI analysis of client meetings without international transfer risk, try AudioMap. First hour is free, no card. And if you take it to production, we sign DPAs with standard GDPR Article 28 clauses.
[Start free](/dashboard) · [Talk to us](mailto:[email protected])