Always-On AI Wearables — The Hidden Recording Devices in Your Workplace
Always-on AI wearables like the Plaud NotePin, Friend pendant, and Limitless Pendant look like jewellery or fitness trackers but are constantly recording audio and uploading it to cloud servers. This creates a consent gap — everyone in earshot is recorded without knowledge or permission. Under Australian state surveillance device laws (NSW, VIC, QLD) and the federal Privacy Act 1988 (APP 3 and APP 8), unauthorised recording of private workplace conversations carries criminal and civil exposure. The data sovereignty question adds another layer: Plaud is a Hong Kong-based company with infrastructure spanning the US, Germany, Japan, and Singapore, raising questions about China PIPL cross-border data access. Organisations need to update their technology policies immediately — before someone wears one into your next confidential meeting.
The Device Nobody Noticed
Sarah walks into the quarterly strategy review. Twelve people around a boardroom table. Pricing models, personnel decisions, an acquisition target that hasn't been announced to the market. Everyone's phone is face-down on the table, as company policy requires. No laptops are open except the presenter's.
Nobody notices the small silver capsule clipped to the lapel of the new operations manager's blazer. It's about the size of a USB stick, maybe smaller. It could be a fitness tracker. It could be a fashion pin. It could be, and is, a Plaud NotePin — an AI wearable that has been recording every word spoken in this room for the last ninety minutes, uploading audio to cloud servers for real-time transcription and summarisation.
Nobody consented. Nobody knew. And the data is now on servers in jurisdictions that no one in the room understands or has vetted.
This is not a hypothetical. This is the present.
The Devices That Don't Look Like Devices
A new category of consumer AI hardware has arrived, and it is purpose-built to blend in. These are not the chunky voice recorders of the 1990s with their red blinking lights and cassette compartments. These are sleek, diminutive wearables designed to be worn all day, capturing everything.
Plaud NotePin ($159 USD). A capsule-shaped wearable available in black, silver, charcoal grey, metallic purple, and other colours. It clips to a shirt collar, lapel, or pocket. It records hands-free audio continuously, uploads to Plaud's cloud infrastructure, and produces AI-generated transcripts, summaries, and action items. Plaud advertises it for "hands-free, in-person conversations" and ships with accessories including a magnetic clip, wristband, and pendant chain. The NotePin S model ($179) adds four accessories in the box. Plaud claims over two million users globally and "The World's No.1 AI Note-taking Brand."
Friend Pendant. Created by Avi Schiffmann, this is an always-listening AI companion worn as a necklace pendant. It uses Bluetooth to connect to a phone and processes audio through cloud-based AI. Unlike Plaud's productivity framing, Friend is marketed as an emotional companion — "a new kind of companion" and "your new roommate is waiting." But the underlying technology is the same: a microphone on your chest, always listening, sending data to the cloud.
Limitless Pendant. Previously sold as a wearable AI recorder capturing conversations throughout the day, Limitless was acquired by Meta in late 2025. The Pendant is no longer sold to new customers, but existing users retain access through 2026 with a free unlimited plan. Meta's acquisition signals exactly where this technology is heading — into the ecosystem of the world's largest social media and advertising company. Limitless co-founder Dan Siroker described the acquisition as bringing "personal superintelligence to everyone" through "AI-enabled wearables."
What unites these devices: they all look like accessories, not recording equipment. A Plaud NotePin in charcoal grey clipped to a blazer is indistinguishable from a lapel pin. A Friend pendant looks like jewellery. None of them display a visible recording indicator that a third party would recognise as such. The Plaud NotePin has a small LED indicator, but it's easily missed — and easily covered by a collar or scarf.
The Consent Gap
Consent in recording conversations has traditionally been a two-party or all-party question, defined by jurisdiction. In most Australian states, recording a private conversation without the consent of all parties is an offence. But these laws were written for visible recording devices — tape recorders, dictaphones, phones held up obviously to capture audio.
AI wearables break this framework in two ways. First, they are covert by design — not because they are hidden in a pen or a button camera, but because their entire industrial design language is "not a recorder." They use the visual vocabulary of wellness trackers, jewellery, and lapel accessories. Second, the wearer themselves may not fully grasp what is happening to the data. Plaud's privacy policy states that audio is sent to "LLM service providers" for transcription and summarisation. The locations of those providers are not enumerated. The policy says servers are in the United States, Germany, Japan, and Singapore — but the AI processing pipeline may route data elsewhere.
The consent problem is not just about the wearer's choice. It is about everyone within earshot. In a meeting of twelve people, the wearer's consent covers only themselves. The other eleven people — plus any mentioned third parties, clients, or counterparties — have had their voices, opinions, and potentially confidential information captured, transcribed, and stored in cloud infrastructure they never authorised.
Intellectual Property and Trade Secrets — The Asset You Can’t Get Back
Privacy and consent are the obvious problems. The less obvious one, and arguably the more commercially devastating, is what happens to your intellectual property.
Board meetings, product roadmap discussions, M&A negotiations, R&D brainstorms, client strategy sessions — these conversations contain the most valuable assets a company owns. Trade secrets. Unreleased product specifications. Pricing models. Client confidential information. Competitive strategy. When an AI wearable captures and transcribes these conversations, that data leaves your control the moment it hits a cloud server.
Under Australian law, trade secrets and confidential information are protected through the equitable duty of confidence and, increasingly, through statutory protections. But the law imposes an expectation: the owner must take reasonable measures to maintain secrecy. A company that allows employees to wear always-on recording devices into sensitive meetings — without detection, without policy, and without technical controls — is arguably failing that test. If a trade secret leaks and your organisation had no controls over AI wearables in the workplace, a court may find you did not take reasonable steps to protect it. That can void the protection entirely.
The Plaud NotePin data flow makes this concrete. Audio is captured on-device, sent to Plaud’s cloud infrastructure for transcription, and stored on servers in the United States, Germany, Japan, or Singapore. But Plaud itself is a Hong Kong-based company whose privacy policy acknowledges using third-party large language model providers at undisclosed locations. Your product roadmap discussion is now a text file sitting on a server in a jurisdiction you did not choose, processed by an AI model provider you cannot name, under a legal framework you cannot audit.
For Australian companies subject to the Security of Critical Infrastructure Act or those handling defence-related intellectual property, the exposure is even more acute. The Defence Trade Controls Act 2012 regulates the transfer of controlled technology and information. A wearable AI device uploading meeting audio to infrastructure in China or Hong Kong could constitute an unauthorised export of controlled information — a criminal offence carrying up to 10 years imprisonment.
The trade secret problem does not end when the employee takes the device off. The data is gone. You cannot negotiate its return. You cannot assert legal privilege over a conversation that has been transcribed and stored by a third party. You cannot claim confidentiality over information that now exists on a server outside your jurisdiction. The recording is irreversible.
Australian Legal Exposure
Australian law does not treat all recording equally, and the patchwork of state and federal legislation creates genuine criminal and civil exposure for organisations that fail to address these devices.
State surveillance device legislation. Each state has its own act governing the recording of private conversations:
- NSW: The Surveillance Devices Act 2007 (NSW) makes it an offence to use a listening device to record a private conversation without the consent of all parties. Maximum penalties include imprisonment.
- Victoria: The Surveillance Devices Act 1999 (VIC) similarly prohibits recording private conversations without consent.
- Queensland: The Invasion of Privacy Act 1971 (QLD) covers listening devices and private conversations.
The critical question for AI wearables is whether they constitute a "listening device" under these acts. The statutory definitions are broad — typically "any instrument, apparatus, equipment, or device capable of being used to listen to or record a private conversation." A Plaud NotePin clipped to a lapel clearly meets this definition. The fact that it doesn't look like a traditional recorder is legally irrelevant. The fact that the wearer might argue they were using it for their own note-taking does not override the requirement for all-party consent.
Federal privacy law. Under the Privacy Act 1988 (Cth), APP 3 restricts the collection of personal information — including voice recordings, which are biometric data — to what is reasonably necessary and collected by lawful and fair means. Covert recording of colleagues without their knowledge or consent fails this test. APP 8 governs cross-border disclosure of personal information. An Australian employer that becomes aware an employee is using an AI wearable to record meetings and upload data to overseas servers may be in breach of its own APP obligations if it fails to act.
The OAIC has not yet issued specific guidance on AI wearables in the workplace, but the existing framework applies. Organisations waiting for a wearable-specific fact sheet are waiting for something that may never arrive — and that will not protect them in the interim.
Where Your Data Goes — The Sovereignty Problem
This is where the risk profile escalates beyond domestic consent law into national security and data sovereignty territory.
Plaud's data infrastructure. Plaud's privacy policy states that personal data is stored on servers in the United States, Germany, Japan, and Singapore, with routing determined by the user's location. However, Plaud is fundamentally a Hong Kong-based company with deep operational ties to mainland China. Its supply chain runs through Shenzhen. The company operates dedicated storefronts for Hong Kong (hk.plaud.ai), Taiwan (tw.plaud.ai), and mainland China markets. Its privacy policy includes specific disclosures for Japanese users under Japan's APPI — acknowledging cross-border data transfers — but does not explicitly address whether data or metadata flows through its Hong Kong or mainland China operations.
China's PIPL and cross-border data transfer. China's Personal Information Protection Law (PIPL), effective 1 November 2021, governs the processing of personal information and imposes strict requirements on cross-border data transfers. Chapter III (Articles 38-40) requires that personal information processors transferring data outside China must pass a security assessment administered by the Cyberspace Administration of China (CAC), enter into standard contracts with the foreign recipient, or obtain certification from a recognised institution. Article 39 requires separate, specific consent from individuals for cross-border transfers.
For Australian organisations, the chain of concern is this: if an employee's Plaud device routes audio or transcription data through servers or processing pipelines that are accessible from Plaud's Hong Kong or mainland China operations — and Plaud's privacy policy does not rule this out — then confidential Australian workplace conversations are potentially accessible under Chinese law. Under the PIPL, Chinese authorities have legal mechanisms to compel data access from personal information processors operating within China's jurisdiction.
Meta and Limitless. The Meta acquisition of Limitless adds another layer. Limitless Pendant users' historical conversation data — meetings, phone calls, daily interactions — is now held by Meta, a company whose core business model is data monetisation. While Meta has stated it will support existing customers through 2026, the privacy policy has been updated, and users must agree to new terms to continue using the service. The data retention and processing implications for workplace conversations captured on Limitless devices are now governed by Meta's data infrastructure, which is subject to US law — including the CLOUD Act, which enables US law enforcement to compel US-based technology companies to produce data regardless of where it is stored.
What Your Corporate Policy Needs
Most Australian workplace technology policies were written for a world where recording devices were obvious. They cover mobile phones, laptops, and maybe USB drives. They do not explicitly address wearable AI devices that look like jewellery or fitness trackers. This gap is dangerous.
A policy that adequately addresses this risk should include at minimum:
- An explicit prohibition on the use of any recording device — including wearable AI devices, smart glasses with recording capability, and always-listening pendants — in meetings, on company premises, or during any conversation involving confidential or personal information, unless all parties have given prior written consent.
- A definitional update that lists AI wearables by category and names specific examples (Plaud NotePin, Friend pendant, Limitless, and similar devices) so there is no ambiguity about what is covered.
- Consent protocols modelled on all-party consent requirements under the relevant state surveillance device legislation. Even if someone has a legitimate note-taking need, they must obtain consent from every person present before recording.
- A data sovereignty clause that prohibits the upload of company or client information to cloud services that route data through jurisdictions outside Australia's adequate-protection framework — specifically naming China, Hong Kong, and any jurisdiction where the company cannot verify the data protection regime.
- Consequences that are clearly stated. Unauthorised recording of workplace conversations should be treated as a serious breach with disciplinary consequences up to and including termination and referral to law enforcement.
Detection and Response
What do you do if you discover someone in your workplace is using one of these devices? The first step is not to panic — but it is to act methodically.
If you identify a wearable AI device in use without consent, document what you observed: the device make and model if identifiable, the date and time, who was present, and the nature of the conversation being recorded. Do not attempt to seize or destroy the device — that creates its own legal exposure. Escalate to HR and legal counsel. Determine whether the recording captured personal information (which triggers Privacy Act obligations) and whether the recording occurred in a jurisdiction with all-party consent surveillance laws.
If the recording captured third-party information — client data, commercially sensitive material, or legally privileged communications — you may have notification obligations under the Privacy Act's Notifiable Data Breaches scheme. The OAIC requires notification where a data breach is likely to result in serious harm. An unauthorised recording of a confidential board meeting uploaded to servers in four countries, processed by AI models of unknown provenance, and potentially accessible to foreign government agencies meets that threshold comfortably.
The devices are small, affordable, and marketed as productivity tools. They are also, depending on how and where they are used, potentially illegal surveillance devices. The gap between those two descriptions is where your risk lives.
Frequently asked questions
What are always-on AI wearables?
Always-on AI wearables are small, accessory-like devices — such as the Plaud NotePin, Friend pendant, and Limitless Pendant — that continuously record audio, upload it to cloud servers, and use AI to produce transcripts and summaries. They are designed to look like lapel pins, jewellery, or fitness trackers, making them difficult to identify as recording devices.
Is it legal to record workplace conversations with an AI wearable in Australia?
In most cases, no. Australian state surveillance device laws (NSW Surveillance Devices Act 2007, VIC Surveillance Devices Act 1999, QLD Invasion of Privacy Act 1971) generally require all-party consent to record private conversations. Using a wearable AI device to record a meeting without informing everyone present and obtaining their consent is likely an offence. Additionally, the federal Privacy Act 1988 (APP 3 and APP 8) restricts the collection and cross-border disclosure of personal information, including voice recordings.
Where does the data from Plaud NotePin devices go?
Plaud stores personal data on servers in the United States, Germany, Japan, and Singapore based on the user's location. However, Plaud is a Hong Kong-based company with operational ties to mainland China, and its AI processing (transcription and summarisation) is handled by third-party LLM providers whose server locations are not fully disclosed. This creates potential exposure to China's Personal Information Protection Law (PIPL) and Chinese government data access mechanisms.
What happened to the Limitless Pendant?
Limitless was acquired by Meta in late 2025. The Pendant is no longer sold to new customers, but existing users can continue using it through 2026 with a free unlimited plan. Meta's acquisition means historical conversation data captured by Limitless Pendants is now held by Meta, subject to US law including the CLOUD Act, which enables US law enforcement to compel data production.
What should our corporate policy say about AI wearables?
Your policy should explicitly prohibit recording via wearable AI devices in meetings and on company premises without all-party written consent; name specific devices like Plaud NotePin and Friend pendant to remove ambiguity; include a data sovereignty clause restricting upload to jurisdictions outside Australia's adequate-protection framework; and state clear consequences for breaches, up to and including termination.
What should I do if I discover someone using an AI wearable to record at work?
Document what you observed (device type, date, time, who was present, nature of the conversation). Do not seize or destroy the device. Escalate immediately to HR and legal counsel. Assess whether the recording captured personal information triggering Privacy Act obligations, and whether it occurred in an all-party consent jurisdiction. If third-party confidential data was captured, you may have mandatory notification obligations under the Notifiable Data Breaches scheme.


