What Plaud Users in Europe Should Know
Plaud has filled a real gap: a credit-card-thin recorder that magnetically attaches to an iPhone, captures conversations and summarises them using AI. The device is cleverly designed, won the iF Design Award 2026 and has a loyal following, primarily in the US and Asia. For European businesses and users operating within the GDPR framework, however, there are questions that Plaud has yet to answer satisfactorily: Where does the data go? Who is legally responsible? And can a hardware recorder be used in European business meetings without legal risk?
This article answers these questions objectively and explains what you need to consider before deploying Plaud in your organisation.
Is Plaud GDPR-Compliant? The Honest Answer
The short answer is: with significant limitations that many European businesses will find unacceptable.
Since July 2025, Plaud has advertised a GDPR compliance declaration and has appointed the Prighter Group as its Article 27 representative in the EU. That sounds like progress. A closer look at the corporate structure and privacy policy, however, reveals structural problems that no certificate can resolve.
The Contractual Partner Is in Hong Kong, Not Europe
When ordering through Plaud's European website, you are not entering into a contract with a European or US company, but with Nicebuild Technology Limited, based in Wanchai, Hong Kong. The legal notice on de.plaud.ai is unambiguous: European buyers are contracting with a Hong Kong entity.
According to the privacy policy, PLAUD LLC in Delaware (USA) acts only as the data controller for cloud infrastructure. The founder and CEO Nathan Xu (Xu Gao) is a Chinese national; research, development and production take place in Shenzhen and Beijing. In September 2025, Plaud felt compelled to issue a public security statement after security concerns were raised with Taiwanese authorities. For EU data protection officers, this corporate structure significantly changes the risk assessment.
Data Goes to US Servers, Not the EU
Plaud's privacy policy states verbatim: "Your data will be processed on servers located in the United States." This applies to data from European users as well. There is no EU hosting option and no data residency option for Europe. All recordings, transcripts and AI summaries leave the EU for AWS Oregon.
For companies processing personal data in meetings (which is nearly every company), this is a significant constraint. In regulated industries such as legal, healthcare, finance or the public sector, a US server location is frequently a disqualifying criterion.
Hong Kong National Security Law and China's Data Security Law
Since the entry into force of the Hong Kong National Security Law in 2020, Hong Kong companies can be compelled by Chinese authorities to hand over data. The safeguards that the European Court of Justice required for third-country transfers in its Schrems II ruling do not apply fully in this context.
Adding to this is China's Data Security Law of 2021 (DSL), which grants Chinese authorities far-reaching data access rights. Since Plaud's operational base and infrastructure are closely tied to the People's Republic of China, the risk is not merely theoretical. Plaud addressed these concerns in its public statement of September 2025, but the structural risks remain as long as the corporate structure is unchanged.
Three-Tier Data Transfer and Schrems II
For a European user, this results in a three-tier data path: from the EU to the Hong Kong contractual partner, from there to the US-based PLAUD LLC as data controller, and finally to AWS Oregon as a sub-processor. A complete Transfer Impact Assessment under Schrems II must cover all three tiers, including the risk arising from the Hong Kong NSL and China's DSL.
This is not impossible, but considerably more burdensome than with providers offering pure EU hosting. For small and medium-sized businesses without an in-house legal team or data protection officer, this is a real barrier.
§ 201 StGB: German Law on Covert Recording
A further issue is less about international data protection law and more about German criminal law. Plaud's core product is a discreet recorder that captures conversations. § 201 StGB (violation of the confidentiality of the spoken word) prohibits the covert recording of non-publicly spoken words and carries a penalty of up to three years' imprisonment.
This means: anyone using Plaud in a client meeting, an internal discussion or a phone call must ensure that all participants are informed and have given their consent. A device worn or positioned discreetly significantly increases the risk of a covert recording. Software solutions with a visible meeting bot create transparency automatically and document consent, because the bot is recognisable as a participant.
Plaud and the German Language: Where It Falls Short
Plaud claims to support 112 languages, including German. However, users who depend on high-quality German transcription should look more carefully.
- No bilingual mode: A single language must be selected per recording. In reality, many business meetings switch between German and English. International teams working in Germany regularly hit this limitation.
- No dialect recognition: Plaud's transcription model is not optimised for the variety of German-language dialects. Austrian German, Swiss German or pronounced regional dialects such as Bavarian, Alemannic or Cologne German are recognised less accurately than standard High German.
- Post-processing instead of real-time: Plaud does not generate transcripts in real time; they are created after the meeting via a cloud upload. Anyone who wants live access to the text during a conversation will not get it.
- Quality with German technical terminology: Medical, legal or technical terminology in German is a known challenge for AI transcription systems not specifically optimised for the German-speaking market. US-centric systems are trained predominantly on English-language data and lag behind in this area.
Further Disadvantages of Plaud in Everyday Use
Beyond the data protection topic, there are practical everyday issues with Plaud that are often underestimated when making a purchase decision.
Hardware Costs per Employee
The Plaud Note costs around €169.90, the Note Pro around €189. These are per-device costs, meaning per employee. For a team of ten, that is up to €1,900 in upfront investment before any subscription begins. Add potential replacement units for damage or loss.
Software meeting assistants have no hardware costs. A monthly subscription covers all employees without any additional device procurement.
The Device Needs to Be Charged
A recorder without battery power is useless. Plaud users regularly report in forums and App Store reviews the problem of arriving at an appointment with an uncharged device and missing the recording as a result. A software assistant does not have this problem: it is always available as long as the smartphone or computer is switched on.
The Device Can Be Forgotten or Lost
Another underestimated risk: anyone who needs a physical device will forget it. At home, in the car or in the pocket of the other jacket. Especially for spontaneous appointments, a hardware recorder is a potential bottleneck. Loss and theft risk add to this: a forgotten or stolen Plaud device may contain cached audio files that have not yet been synchronised. This is an additional data protection risk that simply does not exist with software solutions.
Availability: Frequently Out of Stock
Plaud devices are hardware products with limited production capacity. Both the Plaud Note and the Note Pro are regularly sold out and cannot be reordered at short notice. Anyone who loses a device, receives a defective unit or wants to equip new employees may have to wait weeks for stock. Software solutions like Sally are immediately available for any number of users.
Firmware Updates and Stability Issues
Plaud user communities have documented that firmware updates have in the past caused problems with existing recordings. Hardware products have their own update lifecycle that software services do not have. A failed firmware update at the wrong moment can mean losing recordings from important meetings.
Sally: The GDPR-Compliant Alternative from Germany
For European users who want to avoid the risks described above, Sally is the natural alternative. Sally is an AI meeting assistant from Aliru GmbH in Mannheim, Germany, hosted and developed exclusively in Germany.
No Hardware Device Required
Sally works entirely without additional hardware. As a software solution, Sally joins Microsoft Teams, Zoom and Google Meet calls automatically as a meeting bot, transcribes the conversation and generates a structured summary with tasks, decisions and discussion points. No device to buy, no battery to charge, no risk of forgetting it.
The Sally App: Plaud Replacement for In-Person Meetings and Phone Calls
Plaud's unique selling point is hardware for physical conversations: on-site client appointments, trade fairs, field sales meetings, phone calls. This is precisely where the Sally App comes in. With the mobile app for iOS and Android, conversations can be recorded and transcribed directly via smartphone, without the need for a separate device.
The smartphone is already with you. It does not need to be charged separately. It cannot be forgotten. And recordings go directly into Sally, where they are processed with summaries and CRM integrations. For businesses that need to cover both online meetings and in-person appointments, this provides a unified solution with no hardware investment.
GDPR by Design, Hosted in Germany
Sally was built in Germany. European data protection is not a certificate added after the fact, but an architectural principle. All data is processed and stored exclusively on servers in Germany. There is no third-country transfer and no US cloud. The contractual partner is Aliru GmbH, headquartered in Mannheim, Germany. A Transfer Impact Assessment under Schrems II is not required because all processing takes place within the EU.
Sally is also ISO-certified: information security and data protection are standards verified by independent audits, not merely internal promises.
Sally also uses a visible bot model: the meeting assistant joins as a recognisable participant, automatically creating transparency and making it easy to obtain and document consent. This keeps you on the right side of the law from the very beginning.
Plaud vs. Sally: A Direct Comparison
An overview of the key differences at a glance:
| Criterion | Plaud AI | Sally |
|---|---|---|
| Product category | Hardware + App | Software |
| Hardware required | Yes (€169 to €189) | No |
| EU contractual partner | Nicebuild Technology Ltd (Hong Kong) | Aliru GmbH (Mannheim, Germany) |
| Data storage | USA (AWS Oregon) | Germany |
| GDPR compliance | GDPR declaration since 2025, US hosting + HK entity | Fully compliant by design |
| EU AI Act | Depends on template | Fully compliant |
| Transfer Impact Assessment | EU to Hong Kong to USA, with NSL risk | Not required (EU-only) |
| § 201 StGB (covert recording) | Elevated risk with discreet hardware | No risk through visible bot |
| Native meeting bot | No | Yes (Teams, Zoom, Google Meet) |
| App for in-person recordings | Yes | Yes |
| Languages | 112 (no bilingual mode) | 99+ (incl. dialect recognition) |
| CRM integrations | 0 (Zapier only) | 7 native (HubSpot, Salesforce and more) |
| Free trial | 300 min/month | 30 days full access |
Conclusion: Is Plaud the Right Tool for European Businesses?
Plaud is an excellent product for a specific use case: physical conversations where a dedicated recording device delivers the best microphone quality. The industrial design is award-worthy and the hardware works.
For the typical business environment in Europe, however, Plaud comes with a number of limitations that are hard to ignore. The data protection situation is complex: a Hong Kong contractual partner, US servers, a three-tier third-country transfer with NSL risk and no EU hosting option. This is documentation-intensive and frequently unacceptable for regulated industries. Add the practical everyday problems of the hardware: per-device costs, charging requirements, the risk of forgetting it and firmware dependency.
Anyone who primarily meets online or is looking for a unified solution for online and in-person appointments will find Sally to be a GDPR-compliant alternative, developed and hosted in Germany. The Sally App covers the in-person use case without any additional device.
Disclaimer: This is not legal advice.
