The Lawsuits That Could Decide If AI Call Analytics Is Wiretapping

The first case arrived on June 4, 2025. Milton v. ASAPP, Inc., filed in the Southern District of New York, named a startup that builds AI software for contact centers — tools that listen to customer-service calls in real time, transcribe them, and help agents respond faster. The docket listed a cause of action under federal electronic-communications privacy law. Two months later, the case was terminated. No published opinion explains why.

By then, three more suits had landed. Galanter v. Cresta Intelligence was filed in Northern California on June 13, targeting another AI coaching vendor. On June 19, two more arrived the same day: Thompson v. Observe.AI and a second ASAPP case, Oliver v. ASAPP, both in Northern California. Four lawsuits against four AI call-analytics startups in three weeks. Then the Cresta case, too, went dark — terminated September 3, again with no published explanation. Whether the two terminations resulted from voluntary dismissals, settlements, or orders compelling arbitration is not determinable from the docket entries we reviewed; the stipulations and minute orders have not been pulled.

The two quick exits might have looked like a blip. But on August 27, a new complaint appeared on the docket in San Francisco: Medina v. Salesforce, Inc. Two days later, two more. By the end of September, more than a dozen privacy suits naming Salesforce had been filed in the same courthouse. And behind Salesforce, a fourth front was opening: lawsuits against the dental chains, mortgage lenders, and auto-glass companies that put the software on their phone lines.

A Plaintext review of federal court dockets found at least 31 unique privacy lawsuits filed between June 2025 and January 2026 targeting the product category the enterprise software industry calls "conversation intelligence." The suits reach every tier of the supply chain: the startups that build the AI, the enterprise platform that distributes it, and the businesses that deploy it on calls with customers and patients. We found no prior mainstream coverage connecting all three tiers; the full docket is in the evidence appendix below. In a comparable eight-month window ending January 2025, a CourtListener search using the same parameters returned zero results for Salesforce — though we have not completed a category-wide baseline covering all vendors and end users, so the body-to-body comparison is Salesforce-specific.

The story hiding in those filings is not about one company's legal problem. It is about whether an entire industry built its product around an assumption — that a brief recorded disclosure at the start of a call covers whatever an AI does next — that plaintiffs now say is wrong.

---

What the Agent Sees

To understand what these lawsuits challenge, it helps to see a conversation-intelligence call from the agent's side of the screen.

Salesforce sells products it calls Einstein Conversation Insights and Service Cloud Voice. According to the company's own product pages, these tools transcribe calls in real time, identify keywords and topics, and surface action items for agents. The agent sees a live transcript scrolling alongside the conversation. The software flags sentiment — Salesforce's term — as positive, negative, or neutral, and can prompt suggested next steps. After the call ends, a searchable summary is generated and stored in the customer's record inside Salesforce's CRM. Managers review dashboards aggregating patterns across hundreds or thousands of calls.

Startups like Observe.AI and ASAPP sell similar capabilities directly to contact centers. Otter.ai does the equivalent for video meetings — joining calls, recording, and generating transcripts that participants can search later.

The customer hears none of this. In the complaints we reviewed at the docket level — we have not yet pulled full complaint texts from PACER for most cases — the core allegation is consistent: callers heard a standard disclosure along the lines of "this call may be monitored or recorded for quality assurance," but were not told that AI software would analyze their speech in real time, generate transcripts, and flag their sentiment for the company's review. Whether any specific defendant's IVR disclosure mentioned AI or automated analysis is a question that varies by company and that we cannot answer without reviewing each complaint's allegations and each company's actual scripts.

But the legal theory is visible from the docket codes alone. Most of the California cases carry Nature of Suit designations 360 or 890, consistent with claims under the California Invasion of Privacy Act. The Heartland Dental case in Northern Illinois is docketed under cause code 18:2518 — the court's Title III wiretap category — with claims typically pleaded under 18 U.S.C. §2511 (prohibiting interception of wire communications) and §2520 (the civil remedy). These are not contract disputes. They are wiretap cases.

---

Twenty Suits in Five Months

Over eight weeks starting August 27, 2025, fifteen complaints naming Salesforce as a defendant landed in the Northern District of California. By late January 2026, the total exceeded twenty, with additional cases appearing in the Northern District of Illinois. The full roster, with case numbers and filing dates, is in the evidence appendix.

Moran v. Salesforce, filed September 2, is representative. Its docket lists a cause of action under CIPA. Without the full complaint text, Plaintext cannot quote the specific consent language Moran alleges was used on the call, or confirm which Salesforce product is named. That information — the exact IVR wording, the specific module, the statutory counts — will require PACER pulls we have not yet completed. But the shape of the argument is visible across the cluster: Salesforce does not cold-call consumers. It sells software to other businesses, which deploy it on their own customers. The people suing Salesforce are, in many instances, customers of Salesforce's customers — individuals who called a company for service and allege that Salesforce's AI processed their call without meaningful consent.

The argument is that the platform that builds and distributes the analysis infrastructure shares liability for what happens when its clients turn it on. That theory — platform liability for downstream AI analysis — extends a line of reasoning tested in earlier third-party privacy cases, including the wave of lawsuits over "session replay" software and Meta Pixel tracking on websites. Applying it to real-time voice analysis of telephone calls is new territory.

Salesforce and its co-defendants are likely to push back hard. They may argue that Salesforce acts as a service provider at the direction of its business customers, not as an independent interceptor — a distinction that, if a court accepts it, could insulate platform companies from this kind of claim. They may contend that the standard IVR disclosure constitutes adequate consent under CIPA. In the Illinois cases, a threshold question is whether the software captures a "voiceprint" — which would trigger the state's Biometric Information Privacy Act — or merely records and transcribes audio, which might not. Three California plaintiffs, Tatum, Morton, and Yadav, refiled against Salesforce in Northern Illinois in late January 2026, a move that may reflect an effort to access Illinois privacy protections, though we have not reviewed those complaints and cannot confirm what additional claims they contain.

We do not yet know which plaintiffs' firms are behind the Salesforce cluster. Attorney-of-record information was not systematically available through CourtListener, and we have not completed PACER pulls to identify lead counsel. Bloomberg Law has reported that one firm, Tauler Smith, filed 64 CIPA cases in October 2025 alone — not all related to conversation intelligence, but part of a broader wave of privacy litigation driven by the plaintiffs' bar rather than regulators. Whether Tauler Smith or another firm is driving the Salesforce filings specifically is something we are working to confirm before publication.

Plaintext contacted Salesforce for comment on the litigation cluster and its consent architecture. No response had been received at publication time. We also contacted ASAPP, Observe.AI, Otter.ai, Heartland Dental, Rocket Mortgage, and United Wholesale Mortgage. This article will be updated with any responses received.

---

The Law Written for Alligator Clips

Most of the California cases invoke CIPA — the California Invasion of Privacy Act, enacted in 1967 to combat telephone wiretapping. The statute makes it illegal to read or learn the contents of a communication while it is "in transit" without the consent of all parties. The Heartland Dental case, filed in federal court in Chicago, goes further, invoking Title III of the federal Wiretap Act.

The plaintiffs' core claim is that conversation-intelligence software captures audio in real time, transcribes it, and processes it with AI — and that this amounts to an unlawful "interception." Defense lawyers are expected to challenge that characterization head-on. "Interception" is a term of art in wiretap law, and whether a cloud-based API processing an audio stream meets the statutory definition is one of the central disputes these cases will have to resolve. If it doesn't, the suits collapse. If it does, every company selling real-time call analytics has a problem.

CIPA's drafters were thinking about someone with alligator clips splicing into a phone line. California's legislature has not updated the statute for the distance between that image and an AI model processing audio from a dental-office call. A reform bill, SB 690, failed in the 2025 session. In October 2025, Judge Vince Chhabria of the Northern District of California, presiding over a separate CIPA case, characterized the state of the law in terms that, as reported by MediaPost, amounted to calling it "a total mess."

That frustration, paired with CIPA's plaintiff-friendly structure — it allows statutory damages without proof of actual harm — has created an environment where private litigation is doing the work that regulators and legislators have not. The conversation-intelligence suits sit inside a larger wave of CIPA filings, but they are distinctive: they follow a specific product category across every layer of the supply chain.

---

Down the Stack

The lawsuits did not stop at the companies that build or distribute the software. They followed it to the businesses that use it on their customers.

On June 26, 2025, Allison v. United Wholesale Mortgage was filed in Northern California. On July 3, Lisota v. Heartland Dental landed in Chicago — the case invoking the federal Wiretap Act. In January 2026, Fedoroff v. Rocket Mortgage and Winston v. Safelite Group followed in quick succession. These are not technology companies. United Wholesale Mortgage and Rocket are two of the largest home lenders in the United States. Safelite fixes windshields. Heartland Dental supports more than 1,700 affiliated practices in 38 states. What they share is a dependence on high-volume phone calls — exactly the kind of interaction conversation-intelligence software is designed to analyze.

In the logic of the lawsuits, these end-user companies may face the most direct liability, because they controlled the customer relationship and chose to deploy the tools. But the three-tier structure is what gives the litigation wave its breadth. When a dental patient alleges that AI analyzed their call without consent, the question of who is responsible fractures across the supply chain. Did the AI vendor build consent mechanisms into the product? Did the platform enable or require adequate disclosure? Did the dental chain configure it properly?

The dockets show plaintiffs are filing against all three tiers, sometimes on the same day: on January 22, Fedoroff v. Rocket Mortgage and Cooke v. Salesforce both appeared on the docket. Winston v. Safelite arrived the next morning.

---

The Otter.ai Consolidation

On August 15, 2025, the Northern District of California opened a master docket: In re Otter.AI Privacy Litigation, assigned to Judge Eumi K. Lee. Three subsequent suits — Walker, Theus, and Winston v. Otter.ai, filed over the next four weeks — were related into the consolidated proceeding.

Otter.ai is a meeting assistant. It joins video calls, records them, and generates searchable transcripts. The lawsuits allege it does so without adequate consent from all participants. The consolidation signals that the court expects to manage these cases together over time — a different trajectory from the quick terminations of the ASAPP and Cresta cases, and one that positions the court to address whether meeting-transcription AI qualifies as an "interception" under state and federal privacy law. Whether a motion-to-dismiss briefing schedule has been set is not reflected in the docket information we reviewed.

---

The Disclosure Question

Salesforce filed its quarterly report — a 10-Q — on December 4, 2025, covering the fiscal quarter that ended October 31. By that date, at least fifteen of the conversation-intelligence privacy suits had been filed against the company. Under SEC rules, companies must disclose material pending legal proceedings in Part II, Item 1 of the 10-Q.

Plaintext has not yet completed a review of the specific language in that section of the filing. Salesforce may have described the cases individually, grouped them, or folded the risk into standard boilerplate about litigation. We are not in a position to say whether the company met its disclosure obligations — that is a legal and materiality judgment that depends on assessments we cannot make from the outside. What we can say is that by the end of the reporting period, more than a dozen related cases were pending, all grounded in similar legal theories. How Salesforce framed that risk in Item 1 — or whether it addressed it at all — will be a key indicator of how the company's lawyers assess the exposure. We will report what the filing says once our review is complete.

This sits alongside another legal front. A data-breach multidistrict litigation, In re Salesforce, Inc., Customer Data Security Breach Litigation, was consolidated by the Judicial Panel on Multidistrict Litigation in late August 2025. That case involves customer data security — a different product and a different theory. That both are moving through federal courts simultaneously is a measure of how many legal fronts the company is defending.

The Salesforce annual report — a 10-K covering fiscal year 2026 — will be due this spring, encompassing a period in which more than twenty conversation-intelligence privacy lawsuits were filed. It will be a public document. Plaintext will be reading it.

---

What Comes Next

California's CIPA reform failed in 2025. The statute a federal judge called "a total mess" remains the primary vehicle for challenging AI call analysis in the state where most of the technology is built and sold. Until the legislature acts, the courtroom is the only forum — and the plaintiffs' bar, which filed dozens of CIPA cases in the final months of 2025, shows no sign of slowing down.

The tension at the center of these cases is a product-design problem as much as a legal one. The most capable conversation-intelligence tools capture everything — word choice, tone, silence, hesitation. The clearest consent disclosures are specific, detailed, and give callers a genuine option to decline. Those two imperatives are in direct conflict. It is not obvious that a five-second IVR recording can bridge the gap between them — and it is not obvious that companies will volunteer to slow down their calls with longer disclosures unless a court or a legislature tells them to.

Somewhere today, a patient is calling a dental office to reschedule a cleaning. A mortgage applicant is asking about rates. A customer is dialing a service line about a cracked windshield. Thirty-one federal complaints, filed over eight months and counting, allege that what happens to those calls after the beep is an unresolved legal question — one that no court has yet decided and that the next round of motions to dismiss may begin to answer.