LET'S TALK
← All work
CompliancePrivacyHIPAATwo-Party ConsentDeep Prototype

MeetingAudit — Recording Consent & Retention

Audits every recorded meeting for two-party consent, attendee objections, retention-window adherence per classification (PHI, attorney-client, M&A, external), and access-log evidence. 26 seeded meetings across regulated and standard categories.

MeetingAudit — Recording Consent & Retention preview
Open live →

What it is

A meeting-recording audit prototype. Treats every recording as evidence — who consented, who objected, what the recording contains (PHI vs attorney-client vs M&A vs regular), how long it can legally be kept, and who has accessed it.

What’s in it

  • 26 seeded meetings across the realistic mix: customer support escalations, board sessions, HR investigations, M&A diligence, clinical case conferences, settlement negotiations, weekly engineering syncs, all-hands replays.
  • Five classification tiers, each with its own retention rule cited:
    • PHI / healthcare — 6 years from creation (45 CFR §164.530(j))
    • Attorney-client privileged — 7 years (ABA Model Rules)
    • M&A diligence — 2 years (standard data-room TTL)
    • External customer call — 1 year
    • Internal regular meeting — 90 days
  • Two-party consent enforcement — 10 all-party-consent states tracked (CA, IL, FL, WA, PA, MA, MD, MT, NH, OR). Implicit consent in an all-party state surfaces a WARN; an attendee objection that the host overrode surfaces a BAD finding.
  • Access-log audit — every replay, download, or sealed access logged. PHI recordings accessed by non-clinical accounts surface a “minimum-necessary” warning. Attorney-client recordings accessed by non-counsel surface a privilege-waiver finding.
  • Retention statuscompliant, delete soon (within 30 days), past retention (BAD).
  • Filterable by classification, status, free-text. Sorted recent-first.

Why this shape

Three audit categories converge here: HIPAA §164.530 retention, all-party-consent state wiretap law, and attorney-client privilege preservation. Most companies handle each separately and pretend the recording app’s built-in policy is sufficient. The evidence required when one is challenged — who consented, when, what classification, who accessed it after — lives somewhere else, usually nowhere.

MeetingAudit prototypes the unified shape. Same record covers all three audit categories.

How it ships

Single HTML file, ~32KB. Zero dependencies. The classification catalog, jurisdictional consent map, retention math, access-log analyzer, and findings generator are 340 lines of vanilla JavaScript.

Open the tool →