If you use the AI-powered note-taking app Granola, you may want to double-check your privacy settings. Although Granola says your notes are “private by default,” it makes them viewable to anyone with the link, and they also use them for internal AI training unless you opt out.
Granola describes itself as “an AI notepad for people in back-to-back meetings.” It integrates with your calendar to capture audio from your meetings, and then uses AI to generate a bulleted list of what you heard, which it calls “notes.” You can edit AI-generated notes, invite other colleagues to view them, and use Granola’s AI assistant to ask questions about your notes and review the meeting transcript on which they are based.
But in the app’s Settings menu, Granola says, “By default, your notes are viewable by anyone with the link.” This means that anyone on the web can see your notes if you accidentally share a link – potentially a big issue if you’re recording sensitive meetings. After testing it myself, I found that I can access my notes from a private window in my browser, without having to sign in to my Granola account. The site also tells you who the note is from and when it was made.
Although I couldn’t see the entire transcript attached to the note, I could see parts of it. Selecting one of the bullet points generated by Granola brings up a quote from the transcript the note is referring to, as well as an AI-generated summary with additional context about the conversation.
On its website, Granola says, “Full transcript access is available to collaborators who open the same folder or note inside the Granola desktop app.” It’s not clear whether anyone with a Granola account can access your transcript, or whether it’s only people you’ve shared your workspace with. Granola did not respond to a request for more information by the time of publication.
You can change who can see your links by opening Granola, selecting your profile in the bottom-left corner of the screen, and then choosing “Settings.” From there, go to the “Default link sharing” option, and change “Anyone with the link” to “Only my company” or “Private.” If you delete your note, people with the link won’t be able to access it.
One user on LinkedIn drew attention to the public notes setting last year, saying, “These links are not indexed, but if you share or leak something to someone – even accidentally – it’s public to the person who finds it.” At least one major company has denied access to the tool to a senior executive due to security concerns, one source said. The Verge.
Additionally, according to the app’s support page, Granola “may use anonymized data” to improve its AI models. Enterprise customers are excluded from AI training by default, but those on all other plans are not. You can disable AI training by going to the Settings menu and turning off the “Use my data to make models better for everyone” option. The company says that if the setting is enabled it doesn’t allow third-party companies like OpenAI or Anthropic to use your data for AI training.
Granola’s security page says the company stores your notes in a US-hosted Amazon Web Services private cloud, and says they are “encrypted at rest and in transit.” The company also does not store the audio of the meetings. It only saves meeting notes and transcripts, both of which it processes in the cloud.
<a href