Zero-Day Retention for AI Meeting Tools: What Investment Firms Need to Know
•
9
MIN READ
AI Summary by Fellow
If you're a Chief Compliance Officer or head of technology at an SEC-registered firm, zero-day retention is probably already on your evaluation checklist. You know the basic premise: delete the raw data fast, keep the exposure low. But the details matter more than the concept.
What exactly gets deleted? What persists? And when your analysts are relying on AI-generated summaries to document diligence calls, do those summaries create new books-and-records obligations your firm now has to manage?
This post answers those questions directly, with enough technical and regulatory specificity to take back to your compliance team or use to frame your next vendor conversation.
If you'd rather talk it through with a team that's walked dozens of hedge funds, private equity firms, and registered investment advisers through this evaluation, book a call with us.
What is zero-day retention?
Zero-day retention is a data policy that deletes raw meeting recordings and transcripts as soon as AI processing is complete, typically within minutes of a call ending. The term "zero-day" refers to the retention period for that raw data: zero days of storage after processing.
This is different from standard configurable retention schedules, which let firms set a deletion window anywhere from one day to six or more years depending on the type of data and regulatory requirement. Zero-day retention sits at the most aggressive end of that spectrum for raw data.
The key point that many compliance teams miss: zero-day retention applies to the raw recordings and transcripts. Meeting summaries, action items, and decisions can persist on a separate, independently configured schedule.
The data layer breakdown
An AI meeting note taker creates several distinct data layers, each with its own retention schedule and compliance implications. Here's how those layers work:
Data layer | What it contains | Configurable retention schedule | Deleted under zero-day? |
|---|---|---|---|
Audio/video recording | Full call audio and video | Separate schedule; as short as zero days | Yes |
Transcript | Complete word-for-word text of the call | Separate schedule; as short as zero days | Yes |
AI summary | High-level meeting recap | Persists independently | No |
Action items | Assigned tasks with owners | Persists independently | No |
Decisions | Logged decisions from the meeting | Persists independently | No |
Key takeaways | Extracted analytical insights | Persists independently | No |
Two things are worth emphasizing in that table:
First, with Fellow, recordings and transcripts have independent deletion schedules. Your firm can configure the audio to delete immediately while retaining the transcript for 90 days, or delete both on the same schedule.
Second, the AI-generated outputs, including summaries, action items, and decisions, persist even after both the recording and transcript are gone. This reflects how many SEC-registered firms want to use these tools: retain the analytical output, eliminate the underlying raw data.
How Fellow's retention controls work for private equity, hedge funds, and investment firms
Fellow's retention policies are workspace-wide and admin-enforced. Individual analysts don't configure their own deletion schedules. The CCO or IT admin sets the policy, and it applies across the entire workspace.
This matters for compliance purposes. One of the failure modes with earlier-generation tools was that retention became a user-level behavior, which meant it was inconsistent across the firm. A policy that depends on individual users following instructions is not a policy. A workspace-wide enforced control is.
Configurable retention options
Fellow's retention options range from zero days to six years or more, applying separately to recordings and transcripts. For example, your firm can set 90-day auto-deletion on transcripts, immediate deletion of audio, and indefinite retention of AI summaries. These are independent variables.
Super admin API
Fellow's Super Admin API lets authorized administrators export full transcripts, recaps, and metadata in JSON format, which can support SEC audit archiving workflows.
Audit logging
Fellow generates audit logs that track workspace activity, including administrative actions, configuration changes, and meeting access events. These logs can be manually exported for your IT and InfoSec teams to review.
Global Relay integration
Fellow supports a Global Relay integration for firms that route meeting notes through their communications archiving platform. Deployment varies by firm: some firms archive all notes, some archive nothing, and some apply a review-period buffer before archiving. The integration accommodates those variations.
If you're working through how to configure Fellow's retention policies for your firm's specific requirements, book a call with our team. We've walked through this with compliance teams at SEC-registered RIAs and can map the controls to your specific retention schedule.
Zero-day retention is one layer. Other controls worth evaluating
Zero-day retention is a meaningful data minimization control, but it's one layer of a broader compliance posture. The full picture covers the entire lifecycle of a meeting: how it's captured, who knows it's happening, who can access the output, and where that output can travel. Firms evaluating AI meeting tools should work through each of those layers in sequence.
Sharing controls
Zero-day retention on raw data doesn't help if your AI summaries can be distributed via unauthenticated links. For PE and RIA firms, the ability for admins to remove open "anyone with the link" sharing from the workspace entirely is a non-negotiable control. A tool that retains zero raw data but distributes summaries openly has traded one risk for another.
Access controls
Once you've locked down external sharing, look at internal access. Role-based access controls determine who inside your workspace can see which meeting notes. Meetings in Fellow are private by default, accessible only to invited attendees. Workspace-level RBAC lets you lock down access further, by role, team, or individual, without relying on users to manage their own permissions.
Botless recording
For external diligence calls where a visible bot joining the meeting would create friction with management teams or counterparties, bot-free recording removes the visual signal without removing the capture. This is a separate control from retention, but it's relevant to the consent and disclosure picture.
Taken together, these controls create a compliance architecture that goes beyond simply deleting raw data. Zero-day retention handles the back end. Sharing controls, access controls, and recording configuration handle everything that happens before and during the meeting.
Transcript redaction
One additional feature worth asking about specifically: redaction. Fellow lets users strike sensitive content from transcripts, with an audit trail logging who redacted what and when. For accidental disclosures, this is useful.
That said, compliance posture on redaction varies across firms. Some CCOs are comfortable with user-level redaction as a cleanup tool. Others have concerns about data concealment under SEC rules and want to restrict or disable the feature entirely at the workspace level. Ask your vendor explicitly how redaction works and what admin controls exist around it before you reach the POC stage.
Conclusion
Zero-day retention solves a specific problem: it ensures that raw recordings and transcripts don't accumulate as long-lived data assets that expand your discovery exposure over time. What remains after zero-day deletion is the analytical layer: the summaries, action items, and decisions your analysts actually need to do their work.
But the right configuration for your firm depends on how your compliance team classifies AI-generated outputs, what your retention schedule looks like for different data types, and what your CCO's posture is on features like redaction and external sharing.
What you need from your vendor is the control architecture to support whatever policy you set. Fellow is designed to give compliance teams that control.
If you want to walk through how the retention configuration would work for your firm's specific requirements, talk to our team.
Frequently asked questions
Do AI meeting summaries count as books and records under SEC rules?
Whether AI meeting summaries constitute books and records under Investment Advisers Act Rule 204-2 depends on how they're treated and distributed within your firm. Many SEC-registered firms treat internally reviewed AI summaries as analyst work product rather than communicated records, on the basis that they're internal documents that inform decisions rather than records of client communications. That said, summaries can become retainable communications when they memorialize investment advice, recommendations, or client discussions, especially if shared outside the tool.
The practical starting point for most compliance teams is to assume AI summaries could become regulated communications, then build governance around that assumption: define which tools are approved, require human review before any summary is shared externally, and route business-relevant summaries into your SEC-compliant archive. Your CCO should make the final determination in the context of your firm's specific workflows and obligations.
What is zero-day retention for AI meeting tools?
Zero-day retention is a data policy that deletes raw meeting recordings and transcripts immediately after AI processing is complete, leaving no long-lived copy of the underlying audio or verbatim text. It does not delete AI-generated outputs like summaries, action items, and decisions, which persist on independent retention schedules. The goal is to eliminate long-tail discovery exposure from raw meeting data while preserving the analytical intelligence derived from those meetings.
Does zero-day retention delete AI meeting summaries?
No. Zero-day retention applies to raw recordings and transcripts only. AI-generated summaries, action items, decisions, and key takeaways persist independently, even after the underlying recording and transcript have been deleted. Recordings and transcripts are each on their own configurable deletion schedule, and AI outputs are on a separate schedule entirely.
Can we configure separate deletion schedules for recordings and transcripts?
Yes. In Fellow, audio/video recordings and transcripts have independent retention schedules. Your firm can configure the recording to delete immediately (zero-day) while retaining the transcript for 90 days, or apply the same schedule to both. These are separate controls, not a single toggle.
How does Fellow enforce retention policies across a workspace?
Fellow's retention policies are set at the workspace level by an admin and apply to all users in the workspace. Individual users cannot override these policies. This ensures consistent data handling across your firm rather than relying on user compliance with written procedures.
Is Fellow compliant with SEC recordkeeping rules for registered investment advisers?
Fellow is SOC 2 Type II certified, GDPR compliant, and HIPAA compliant. Fellow does not train AI models on customer data, and contractual data processing agreements are available for enterprise customers. However, whether any specific technology deployment satisfies your firm's SEC recordkeeping obligations is a compliance determination your CCO and legal team need to make, informed by how you configure and use the tool. Fellow's controls, including configurable retention, admin-enforced policies, consent capture, and the super admin API for audit exports, are designed to support that compliance posture.
Record, transcribe and summarize every meeting with the only AI meeting assistant built with privacy and security in mind.
