playbook
AI meeting bot policy for sales calls
A practical policy for small sales teams using AI meeting bots, call summaries, transcripts, CRM notes, and follow-up drafts on prospect and customer calls.
Bottom line
AI meeting bots can help sales teams capture discovery calls, demo notes, objections, next steps, and CRM updates. They also turn a live conversation into durable customer data: audio, transcript, speaker names, pricing discussion, buying committee details, objections, contract terms, support issues, and sometimes competitive information.
Use this default rule:
Sales teams may use approved AI meeting bots only when the call has notice, the transcript stays in approved systems, CRM sync is controlled, and a human reviews any customer-facing summary or follow-up.Before rollout, run the AI Tool Risk Checker for the meeting bot and record the approved workflow in the Small Team AI Security Checklist. Pair this policy with the broader AI meeting bot consent and retention template.
Sales call risk matrix
| Sales call type | Bot default | Minimum control |
|---|---|---|
| Public webinar or recorded product demo | Allow with notice. | Visible notice, host review, approved storage location. |
| First discovery call | Conditional. | Notice before recording, transcript private to account team, no auto-send summary. |
| Technical demo | Conditional. | Remove secrets, roadmap details, and customer infrastructure details from summaries. |
| Pricing or procurement call | Restrict. | Sales lead approval; do not auto-sync raw transcript to broad CRM fields. |
| Contract negotiation | Restrict. | Account owner review; legal/commercial terms must be reviewed before reuse. |
| Renewal, churn, or escalation call | Restrict. | Customer success owner and retention rule; limit sharing to account team. |
| Security review, incident, legal, HR, health, payment, or regulated-data call | Block normal bot use. | Escalate to qualified owner before recording or transcription. |
If the team would not be comfortable attaching the full transcript to the CRM account record, the bot should not auto-sync the transcript.
Notice script
Use a plain notice at the start of external calls. Do not rely only on a small bot badge or calendar line.
Before we start, we use an AI meeting assistant to create a transcript, summary, and action items for our internal follow-up.
The notes may be stored in our company workspace and CRM for the account team.
Please tell us now if you do not want the call recorded, transcribed, or summarized by AI, and we can remove it and take manual notes instead.
Please do not share passwords, payment card details, private keys, health information, or other restricted data during recorded parts of the call.Put a shorter version in the calendar invite:
This call may use an AI assistant for transcript, summary, and internal follow-up notes. Tell us if you prefer manual notes.Recording and consent rules vary by location and context. This is an operating policy, not legal advice. The practical rule for small sales teams is: make the bot visible, say what it does, and give the prospect a real opt-out.
CRM sync rules
Sales teams often create more risk after the call than during the call. The transcript can spread into CRM fields, Slack channels, enablement tools, shared drives, or follow-up emails.
| Output | Default rule |
|---|---|
| Raw transcript | Do not sync automatically to CRM. Keep in the meeting-bot workspace unless approved. |
| Call summary | Sync only after account owner review. Remove irrelevant personal data. |
| Action items | Sync if reviewed and tied to the account or opportunity. |
| Objections and competitor notes | Sync if business-relevant; avoid personal comments or speculation. |
| Pricing and discount discussion | Sync only to approved CRM fields with restricted access if needed. |
| Security, compliance, or legal statements | Do not treat bot output as authoritative. Route to the owner. |
| Customer-visible follow-up | Human review required before sending externally. |
The sales owner should decide which CRM fields are approved for AI-generated content before enabling any connector.
Transcript retention rules
Start with a short retention rule and expand only when there is a business reason.
| Call output | Suggested default | Owner |
|---|---|---|
| Audio/video recording | Off unless needed. | Meeting owner. |
| Transcript | 30-90 days for normal sales calls. | Sales lead or revenue operations owner. |
| AI summary | Same as transcript unless copied to CRM. | Account owner. |
| CRM note | Follow CRM retention policy. | CRM owner. |
| Customer-visible follow-up email | Follow email/CRM retention policy. | Account owner. |
| Sensitive call output | Delete or restrict quickly. | Sales lead, legal, security, or customer owner. |
If a vendor supports custom retention, configure it before allowing external sales calls. If it does not, write the manual deletion process into the sales operating procedure.
Tool approval checklist
Approve a sales meeting bot only after answering these questions.
- Does the bot join with a visible, recognizable name?
- Can admins disable auto-join for external meetings?
- Can admins control sharing of transcripts and summaries?
- Can the host remove the bot when the conversation changes?
- Can recordings, transcripts, summaries, and clips be deleted?
- Can CRM, Slack, email, Drive, Notion, and calendar connectors be disabled by default?
- Can transcript sharing be limited to attendees, owner, workspace, or account team?
- Does the vendor explain whether meeting content is used for model training?
- Does the vendor document retention, subprocessors, security, and compliance controls?
- Does offboarding remove the user from the bot workspace and connected systems?
For vendor review, use official documentation and do not rely only on a salesperson’s summary.
Approved sales policy
Copy this into your sales handbook.
Sales AI meeting bot policy
Only approved company meeting-bot accounts may be used for prospect, customer, partner, or vendor calls.
The host must provide notice before AI recording, transcription, or summarization begins.
If a participant objects, the host must remove the bot and use manual notes.
The bot may not be used for legal, HR, health, payment, security incident, regulated-data, or highly sensitive negotiation calls unless the responsible owner approves the specific use case.
Raw transcripts may not be automatically synced to CRM, Slack, Drive, Notion, email lists, or project tools.
AI-generated summaries, CRM notes, action items, and follow-up drafts must be reviewed by the account owner before they are shared externally or saved as customer-facing commitments.
Transcripts and recordings are retained for [30/60/90] days unless the sales owner documents a longer business reason.
If restricted data is captured, the host must notify [policy owner] the same business day and request deletion or access restriction where appropriate.Rollout plan
Use this sequence for a two-week pilot.
| Step | Action | Exit criteria |
|---|---|---|
| 1 | Pick one approved sales meeting bot and one sales team. | Owner, admin, and tool documented. |
| 2 | Disable auto-join for external calls by default. | No surprise bot joins. |
| 3 | Configure transcript sharing and CRM sync. | Raw transcript does not auto-sync broadly. |
| 4 | Add the notice script to calendar invites and call openers. | Reps can say it clearly. |
| 5 | Pilot on low-risk discovery calls. | First 10 summaries reviewed. |
| 6 | Review transcript quality and oversharing. | Sensitive details removed or settings adjusted. |
| 7 | Approve, restrict, or block broader rollout. | Decision added to approved AI workflow register. |
Do not start with all reps, all calls, and every connector enabled. That makes failures harder to reverse.
Red flags
Pause or block the rollout when any of these happen:
| Red flag | Response |
|---|---|
| Bot joins calls without the host noticing. | Disable auto-join and review calendar settings. |
| Prospects are not told what the bot does. | Fix notice script before more external calls. |
| Raw transcripts sync to broad CRM fields or shared folders. | Disable connector and review existing records. |
| Summaries create commitments the salesperson did not make. | Require human review before CRM or customer use. |
| Calls include payment, health, legal, HR, incident, or regulated data. | Remove bot and escalate. |
| Departed reps still have transcript access. | Fix offboarding and connector access. |
Evidence checked
- Zoom AI Companion Security and Privacy
- Zoom meeting summary admin controls
- Fireflies security and privacy
- Fireflies policy on keeping information safe
- Otter privacy and security
- Otter enterprise admin controls overview
- FTC privacy and security guidance
- NIST Privacy Framework
FAQ
Can sales reps use personal AI meeting bot accounts?
No, not for prospect or customer calls. Personal bot accounts are harder to administer, restrict, audit, delete, and offboard. Use approved company accounts with workspace controls.
Is a calendar invite notice enough?
Not for a sensitive external call. Put notice in the invite, but the host should also say it at the start and offer manual notes if the participant objects.
Should we send AI summaries to prospects automatically?
No. A salesperson or account owner should review every external summary and follow-up draft before sending it. AI summaries can omit context, include sensitive details, or create commitments the company did not approve.
Can we sync summaries to CRM?
Yes, after review and with approved fields. Do not sync raw transcripts or unreviewed summaries broadly. Treat CRM as a system of record, not a dumping ground for every transcript.
What if the prospect says no?
Remove the bot and take manual notes. Do not argue. Record only that the call used manual notes and continue the conversation.
Recommended next step
Choose one sales call type, fill out the policy placeholders, and pilot it with 10 low-risk discovery calls. Then run the AI Tool Risk Checker and add the final rule to the Small Team AI Security Checklist.