Recording a client call is legal in some states, a crime in others.

By Fazit

Recording a client call is legal with one participant’s consent under US federal law and in most states, but roughly a dozen states require every participant to consent. For lawyers, therapists, and advisors, professional-conduct and confidentiality rules go further than the statute. And a call that crosses state lines defaults to the strictest rule that applies. Here is the map — and the risk that survives even after you have consent.

This is general information, not legal advice. Recording law changes and is fact-specific; confirm the current rule for your jurisdiction with counsel before you rely on it.

One-party vs. all-party consent

US call-recording law turns on a single question: how many people in the conversation have to agree to the recording?

  • One-party consent. Only one participant needs to consent — and that participant can be you. This is the federal baseline under 18 U.S.C. §2511 and the rule in the majority of states.
  • All-party (two-party) consent. Every participant must consent before recording. Roughly a dozen states require this, and in several of them a violation is a criminal offense, not just a civil one.

The trap is that “two-party” is a misnomer on a group call: it means all parties, so a five-person call in an all-party state needs five consents. Here is the commonly-cited breakdown for 2026:

ALL-PARTY (TWO-PARTY) CONSENT — commonly cited, 2026

California      Connecticut     Delaware        Florida
Illinois        Maryland        Massachusetts   Montana
New Hampshire   Pennsylvania    Washington      Oregon*

* Nuanced / contested: Oregon (in-person requires all-party; phone is
  one-party). Nevada and Michigan are treated as all-party by some
  courts despite one-party statutes — check current law.

Everywhere else, plus US federal law (18 U.S.C. Sec. 2511): one-party.
One-party means one participant (which can be you) may consent.

Treat that list as a starting point, not gospel. Classifications shift with new case law, and a few states resist clean labels — which is exactly why the safe default for cross-border calls is stricter than any single state’s rule.

The interstate problem

Most client calls are not neatly inside one state. When participants sit in different states, it is often unsettled which state’s law governs, and courts have applied the law of the stricter jurisdiction. The practical consequence: if you or your client might be in an all-party state, assume all-party consent applies to the whole call.

For anyone who takes calls across state lines as a matter of routine — which is to say most professionals — the workable rule is simple: default to all-party consent unless you have confirmed otherwise. It is cheaper than being wrong once.

Why professionals are held above the statute

Even where recording is legal, a professional’s duties can make it inadvisable or prohibited. The statute is the floor, not the ceiling:

  • Lawyers. Bar ethics opinions have long warned that recording a client without their knowledge — even where legal — can undermine the trust at the center of the relationship, and secretly recording opposing parties raises separate misconduct questions. The deeper issue is privilege waiver, covered in AI Notetakers for Lawyers.
  • Therapists and clinicians. Session content is protected health information. Recording implicates HIPAA, informed consent, and the therapeutic relationship well before any state wiretap statute is reached.
  • Financial advisors. SEC and FINRA recordkeeping rules can require you to retain certain communications — which turns every recording into a governed record with its own retention, supervision, and production obligations.

In other words, the professions where AI notetakers are most useful are the same ones where the recording carries the most obligation. That tension is the whole reason the next section matters.

Consent answers one question: may I record this conversation? It says nothing about the second question: what happens to the recording after I do? Those are different risks, and most notetaker decisions collapse them into one.

The risk that outlives consent

Say you did everything right: you disclosed, every party consented, the recording is lawful. You still created an artifact — an audio file, or a transcript, sitting on a server. That artifact now has a life of its own. It can be subpoenaed in a matter unrelated to why it was made. It can be breached. It can be swept into a vendor’s model-training set unless you found the opt-out. And under GDPR, shipping EU call audio to a US transcription vendor is a cross-border transfer with its own paperwork.

Consent is a permission you obtain once. The recording is a liability you hold for as long as it exists. Deleting it later helps, but “deleted after transcription” is a promise about vendor behavior, not a property of the data — the file still existed, and existence is what discovery and breach attach to.

What an on-device notetaker does — and does not — change

Be clear about the boundary: an on-device notetaker does not remove your duty to obtain consent. If you are in an all-party state, you still disclose and get agreement before you transcribe. Nothing about the architecture changes the consent question.

What it changes is the second risk — the artifact. Fazit holds call audio in a RAM ring buffer, transcribes it with an on-device model on Apple Silicon, and writes the note to your own vault as Markdown. No audio file is created, nothing is sent to a subprocessor, and the note carries audio_retained: false in its frontmatter because that line describes the execution path. There is no recording to subpoena, breach, or feed to a training set — because none was created. The legal weight of “never created” versus “created then deleted” is unpacked in Why “Never Records” Is Not Marketing, and the architectural comparison is in On-Device vs. Cloud AI Notetakers.

A practical checklist for compliant call capture

  1. Assume all-party consent for any call that might cross into an all-party state.
  2. Disclose before you capture, and — for privileged or clinical relationships — get it in writing.
  3. Check your professional duties, which may prohibit or mandate-to-retain independently of the wiretap statute.
  4. Minimize the artifact. Prefer a tool that never creates a stored recording over one that promises to delete it later.
  5. Know your subprocessors. If audio leaves the device, the list of who receives it is part of your compliance footprint. If it never leaves, there is no list.
Again — general information, not legal advice; confirm your jurisdiction’s current rule with counsel. If confidentiality is central to your work, see how the on-device capture pipeline avoids creating a recording, or if it fits your practice, early access pricing is live. Security and compliance teams: source access for independent review is available on request — hello@getfazit.com