Teams Compliance Bot
Registered Microsoft Teams compliance application; capture every meeting in a tenant under your IT admin's policy.
06 · compliance recording api
Q4 2026 · enterprise tier · waitlist openCompliance, shipping Q4 2026.
Enterprise tier · Microsoft Teams compliance bot path · shipping Q4 2026. Need SOC 2 / HIPAA today? Talk to us about an early-access roadmap — but we'll tell you honestly that meetbot is not the right answer for a regulated workload that needs certification on day one.
overview
Why this exists.
What this will be. Microsoft licenses a "Teams compliance bot" path that lets a registered application receive every audio + video stream from every meeting in a tenant — without joining as a participant tile, without lobby admit, without the user knowing more than what your IT admin disclosed in their employee handbook. We plan to build meetbot's adapter for that path so regulated industries (finance, healthcare, legal) can capture without running their own infra. Q4 2026 target.
The planned output contract is identical to the standard /product/meeting-bot-api — same per-speaker audio webm files, same captions JSONL, same signed webhook on completion. What will change at GA: no anti-bot strategy needed (we're inside the tenant by consent), retention defaults to "forever" with WORM bucket support, and the SOC 2 Type 1 audit + BAA template are sequenced alongside this product. Hosted in EU (Hetzner Frankfurt) or US (AWS us-east-1) per regulatory residency requirement once US region ships.
Honest scope, today. We have no compliance certifications today. No SOC 2, no ISO 27001, no HIPAA, no signed BAA template, no published uptime SLA. Today's M1 product line is intentionally not pitched at compliance buyers — we don't have the controls in place yet, we don't have the BAA, and we don't have the audit. If you need any of this now, talk to Recall or Verint; we'll tell you up front. If you're planning a 2027 procurement cycle and want to influence what we build, get on the waitlist and we'll wire you into the beta when it opens.
honest scope
Where compliance recording stands today.
We are explicit: there is nothing here today. M1 product line was deliberately not pitched at compliance buyers. Q4 2026 is when both the Teams compliance-bot adapter and the SOC 2 Type 1 audit complete in parallel.
works today
Standard bot API
/product/meeting-bot-api ships today and works on Microsoft Teams as an anonymous-guest bot. It is not a tenant-wide compliance capture path; it joins one meeting at a time, by URL, with the host admitting from the lobby.
EU residency by default
All capture, storage, and processing default to Hetzner Falkenstein (DE). US region planned alongside the compliance product.
DPA template (draft)
/dpa-template.pdf will be available pending counsel finalisation — usable for non-HIPAA workloads where GDPR-shape DPAs are sufficient.
not yet
Microsoft Teams Compliance Bot registration
Q4 2026. Register a meetbot application as a Teams compliance app; capture every meeting in a tenant under the IT admin's policy.
WORM-bucket support (S3 Object Lock, Azure Blob immutable)
Q4 2026. Retention can't be tampered with post-hoc.
Per-user retention overrides + audited delete log
Q4 2026. FINRA-compatible per-employee retention windows.
SOC 2 Type 1 attestation
Audit in progress, target 2026 H2. No issued attestation today.
Signed BAA (HIPAA)
Q4 2026 alongside this product. We have no formal HIPAA certification today and don't claim one.
Tenant-wide event firehose (WebSocket / RTMP / webhook for the whole tenant)
Q4 2026. One connection scales to thousands of concurrent calls.
US region (AWS us-east-1) for data residency
Q4 2026, sequenced with this product.
Need a Teams meeting captured one at a time today (not tenant-wide)? The standard bot API handles that — see /product/meeting-bot-api/teams.
planned scope
Spec, in the open.
WORM-bucket support
Write-once-read-many storage targets (S3 Object Lock, Azure Blob immutable) so retention can't be tampered with post-hoc.
Per-user retention overrides
FINRA-compatible per-employee retention windows. Audited delete log for any retention exception.
BAA + SOC 2 Type 1 (planned)
Targeted Q4 2026 alongside this product. SOC 2 Type 1 first; Type 2 requires a 6+ month observation window after Type 1 completes. EU + US data residency selectable per tenant once US region ships.
Audit log export
Every meetbot orchestrator action against your tenant emits an audit-log entry. Export to your SIEM (Splunk, Datadog, S3) on a schedule.
Tenant-wide event firehose
WebSocket / RTMP / webhook delivery of meeting-start + meeting-end events for the whole tenant; one connection scales to thousands of concurrent calls.