"Boost your team with AI Agents" / "Automatically record, transcribe, and summarize meetings with AI notetaker…"
Noota is a European SaaS platform for Conversation Intelligence, AI Meeting Notes, transcription, meeting summaries, email agents, telephony, knowledge search, and recruiting/sales workflows. The tool records meetings or calls, transcribes conversations, creates structured summaries, follow-up emails, reports, and makes meeting, call, and email knowledge searchable.
Noota
Boost your team with AI Agents” / “Automatically record, transcribe, and summarize meetings with AI notetaker…
Location: France ⓘ NOOTA, 13 Rue Sainte Ursule, 31000 Toulouse, France. Toulouse Trade and Companies Register: 888965951
Business For fast-growing companies; includes everything in Pro plus unlimited recording, paid unlimited seats, unlimited AI features, Custom Templates, Zapier & API, Analytics, and AI Infrastructure. Other Enterprise Custom offer for larger teams; includes everything from Business plus unlimited usage, payment by invoice, custom integration, SSO, dedicated support, and business telephony.
Business Telephony / Phone Add-on module for VoIP telephony, domestic calls, local numbers from multiple countries, iOS/Android calling, click-to-call in the browser, and a bring-your-phone option depending on country regulations.
API / Zapier / AI Agents Advanced automation for workflows, integrations, CRM/ATS synchronization, follow-ups, analytics, and knowledge base queries.
Target audience
Noota is aimed at companies, recruiters, sales teams, project managers, consultants, HR departments, customer success teams, agencies, and executives who want to automatically document and analyze meetings, calls, and emails. The tool is particularly suitable for teams with many interviews, customer conversations, sales calls, project meetings, or internal alignments. For organizations with data protection requirements, Noota is interesting because EU data centers, DPA, text-only option, retention control, and no-training statements are documented.
Outstanding features
Noota combines AI Notetaker, email agent, telephony, Ask AI, and Knowledge Base in one platform. The tool can capture meetings with or without a bot, generate automatic reports, summaries, actions, speaker recognition, follow-up emails, and structured interview/sales reports. Particularly relevant for companies are custom templates, consent management, CRM/ATS integrations, API/Zapier, SSO, custom retention, text-only storage, and optionally privately hosted AI/data.
Key use cases
Noota is used for meeting minutes, conversation transcription, recruiting interviews, candidate reports, sales calls, objection and buying signal detection, follow-up emails, project management, knowledge search, team alignment, phone notes, customer communication, and documentation of decisions. The tool is especially useful when conversations should not only be recorded, but also automatically transformed into structured information, tasks, emails, and searchable knowledge.
Usage & notes
Noota is used via the web at app.noota.io and can connect calendars, mailbox, video conferencing systems, telephony, and integrations. Meetings can be recorded with a bot or without a bot; afterward, Noota creates transcripts, reports, summaries, and follow-ups. In companies, clear rules for consent, information obligations, recording, works council/HR context, retention periods, and deletion concepts should be defined before use. For EU companies, the source situation is positive; nevertheless, the subprocessors list, TOMs, certificate status, DPA version, and optional private hosting should be reviewed before rollout.
| Target audience | Assessment |
|---|---|
| Self-employed / Freelancers | Very suitable – for meeting notes, transcripts, summaries, follow-up emails, customer records, and conversation organization. |
| Sales teams | Very suitable – for call recording, conversation analysis, follow-ups, CRM integration, objections, buying signals, and automatic documentation. |
| Recruiting teams | Very suitable – for interview transcripts, structured candidate reports, ATS updates, and recruiting automation. |
| SMEs / Teams | Very suitable – for meetings, calls, emails, knowledge base, AI agents, integrations, and team workspace. |
| Large enterprises | Suitable – Enterprise offers unlimited usage, invoicing, custom integrations, SSO, and dedicated support. |
| Privacy-conscious EU companies | Well suited – Noota mentions EU data centers, GDPR, no use for model training, and configurable data retention. |
Hosting & Data
1) On-prem / local hosting
Meaning: The company operates the solution on its own hardware or within its own infrastructure. In the strictest sense, not only the application runs locally, but ideally the model as well.
2) Private cloud / data center
Meaning: The solution runs in a dedicated or more clearly separated cloud environment, often with a hosting provider or hyperscaler, but in a German data center or in a particularly controlled environment.
3) EU SaaS / managed
Meaning: The provider operates the solution itself as a service. The company uses the tool as a ready-made cloud service, ideally with EU data residency.
4) Hybrid
Meaning: One part of the processing remains internal / local / in a private cloud, while another part runs in an external cloud or EU SaaS.
5) AVV / DPA
Meaning: This is the data processing agreement or Data Processing Addendum. It governs that the provider processes personal data on behalf of the customer and is bound by the customer's instructions.
6) No training
Meaning: The provider does not use your prompts, uploads, attachments, chat histories, or outputs for training or improving the general model — ideally excluded by contract.
7) Open-source / transparency path
Meaning: There is a path toward greater technical transparency and sovereignty, for example through:
- open models
- documented components
- self-hostable parts
- traceable architecture
- export / switching options
| On-prem / local hosting | ⚠️ |
| Private cloud / data center | ⚠️ |
| EU SaaS / Managed | ✅ |
| Hybrid | ❓ |
| DPA / AVV | ✅ |
| No training on customer data | ⚠️ |
| Open source / transparency path | ❓ |
On-Prem / local hosting: partial
An on-premise/self-hosting option is mentioned on the website: companies can request an 'on premise configuration'. However, no specific technical, contractual, or product-related details are provided on the website.
Private Cloud / data center: partial
Noota describes isolated environments for development, testing, and production in European data centers, as well as enterprise infrastructure on Google Cloud Platform. However, a dedicated customer-specific private cloud option is not clearly described on the website.
EU SaaS / managed: covered
The website clearly describes Noota as an operated cloud service with storage in EU data centers or European data centers. This means an EU SaaS/managed operating model is explicitly covered.
Hybrid: indirect / not available
There are references to 'Text-only' and requestable on-premise configurations, but no clearly described hybrid operating model in which parts of the processing run internally and other parts run as EU SaaS. Not specifically stated on the website.
DPA / Data Processing Agreement: covered
The contractual terms explicitly include a 'Data Protection Agreement' and regulate roles under the GDPR as well as the use of subprocessors. A separate DPA download is not clearly indicated on the website, but the existence of a DPA in the contractual framework is documented.
No training: partial
The website states that data is not used to train generalized AI models, and also notes for Google-related data that it is not processed for non-personalized AI/ML model development. However, a generally worded, comprehensive contractual assurance for all product data and models is not fully detailed on the website.
Open source / transparency path: indirect / not available
No clear information was found on the website regarding open-source components, open models, or self-hostable open-source building blocks. A certain transparency path exists only indirectly through the mention of on-premise, data deletion, retention controls, and export/switching options are not specifically described on the pages found.
Data processing
According to the website, customer data is processed encrypted in transit and at rest; TLS 1.2/1.3, 256-bit AES, and Google Cloud Platform with Google KMS are mentioned. The environments are said to be isolated from one another and hosted in European data centers. In addition, Noota mentions configurable retention periods and an organization-wide 'Text-only' option in which no audio or video is stored.
Conclusion
For EU/EEA users, it is positive that Noota documents EU data residency, GDPR relevance, a DPA in the contractual framework, and statements that customer data is not used for model training. However, the website documentation is not sufficient for an unreservedly positive assessment, because subprocessors are not specifically listed and several statements regarding certifications and hosting locations appear contradictory. Therefore, overall 'conditional'.
Sources
| On-prem / local hosting | ⚠️ |
| Private cloud / data center | ⚠️ |
| EU SaaS / Managed | ✅ |
| Hybrid | ❓ |
| DPA / AVV | ✅ |
| No training on customer data | ⚠️ |
| Open source / transparency path | ❓ |
On-Prem / local hosting: partial
An on-premise/self-hosting option is mentioned on the website: companies can request an 'on premise configuration'. However, no specific technical, contractual, or product-related details are provided on the website.
Private Cloud / data center: partial
Noota describes isolated environments for development, testing, and production in European data centers, as well as enterprise infrastructure on Google Cloud Platform. However, a dedicated customer-specific private cloud option is not clearly described on the website.
EU SaaS / managed: covered
The website clearly describes Noota as an operated cloud service with storage in EU data centers or European data centers. This means an EU SaaS/managed operating model is explicitly covered.
Hybrid: indirect / not available
There are references to 'Text-only' and requestable on-premise configurations, but no clearly described hybrid operating model in which parts of the processing run internally and other parts run as EU SaaS. Not specifically stated on the website.
DPA / Data Processing Agreement: covered
The contractual terms explicitly include a 'Data Protection Agreement' and regulate roles under the GDPR as well as the use of subprocessors. A separate DPA download is not clearly indicated on the website, but the existence of a DPA in the contractual framework is documented.
No training: partial
The website states that data is not used to train generalized AI models, and also notes for Google-related data that it is not processed for non-personalized AI/ML model development. However, a generally worded, comprehensive contractual assurance for all product data and models is not fully detailed on the website.
Open source / transparency path: indirect / not available
No clear information was found on the website regarding open-source components, open models, or self-hostable open-source building blocks. A certain transparency path exists only indirectly through the mention of on-premise, data deletion, retention controls, and export/switching options are not specifically described on the pages found.
Data processing
According to the website, customer data is processed encrypted in transit and at rest; TLS 1.2/1.3, 256-bit AES, and Google Cloud Platform with Google KMS are mentioned. The environments are said to be isolated from one another and hosted in European data centers. In addition, Noota mentions configurable retention periods and an organization-wide 'Text-only' option in which no audio or video is stored.
Conclusion
For EU/EEA users, it is positive that Noota documents EU data residency, GDPR relevance, a DPA in the contractual framework, and statements that customer data is not used for model training. However, the website documentation is not sufficient for an unreservedly positive assessment, because subprocessors are not specifically listed and several statements regarding certifications and hosting locations appear contradictory. Therefore, overall 'conditional'.
Sources
Strengths & weaknesses at a glance
| Strengths | Weaknesses |
|---|---|
| • Meeting recording, transcription, and automatic summaries | • Processing meetings may include personal and confidential conversational data; consent, information obligations, and recording rules must be implemented in an organizationally sound manner |
| • No-bot recording and bot recording possible | • The security page states “actively preparing” for ISO 27001 and SOC 2 Type II; a completed certification cannot be reliably inferred from this |
| • Telephony, email agent, and meeting knowledge base in one platform | • The DPA is included in the Terms, but a separate detailed list of subprocessors was not reliably found in the research |
| • EU data centers in France, Belgium, and the Netherlands documented | • Google Cloud Platform as infrastructure; despite EU data centers, subprocessors, access possibilities, and transfer mechanisms should be reviewed |
| • No training with customer data according to the security page | • Some texts contain linguistic inaccuracies, which makes careful proofreading necessary for compliance documents |
| • Data Protection Agreement included in the Terms | |
| • API/Zapier, CRM/ATS integrations, SSO in Enterprise | |
| • Custom retention for Business/Enterprise and text-only option for organizations |
Reviews
0 reviews in total
There are no confirmed reviews for this tool yet.
Submit review
Your review will only become visible after email confirmation. This protects the portal against abuse.
Report review
Please select the reason why this review should be checked.
GDPR-compliant usage possible?
Noota's website documents several building blocks relevant for the EU/EEA region: explicit GDPR references, EU data centers, a data processing agreement included in the contractual framework, as well as statements that customer data is not used to train general models. At the same time, important points remain incompletely or inconsistently documented: the exact server location is described partly as EU data centers in France, Belgium, and the Netherlands, and partly as exclusively in France; a specific list of subprocessors is not provided on the website; relevant certifications are presented partly as being in preparation and partly as already existing. From the perspective of a user in the European region, GDPR-compliant use is therefore only reliably supportable under certain conditions and after conducting one's own contractual review.
Positive
Positive are the statements regarding EU data residency, isolated environments in European data centers, encryption, customizable retention periods, an organization-wide 'text-only' option, a DPA included in the contractual framework, and the statement that data is not used to train generalized AI models. An on-premise configuration is also mentioned for companies.
Negative
Negative is that several key points are not clearly and consistently documented on the website: a specific list of subprocessors is not provided, the server locations are described inconsistently, an explicit and easily findable separate DPA download is not provided, and there are contradictory statements regarding ISO 27001 and SOC 2 between 'ongoing/in preparation' and 'certified'. This leaves documentation risk for a reliable EU/EEA assessment.
Server location
The website mentions EU/European locations. The security page refers to European data centers in France, Belgium, and the Netherlands, as well as Google Cloud Platform with Google KMS. Other subpages, however, state that all data is hosted on servers in France. This confirms EU data residency, but the exact production location is described inconsistently on the website.