The note-taking application also allows AI training by default for non-enterprise users.
The note-taking application also allows AI training by default for non-enterprise users.
If you utilize the AI-assisted note-taking service Granola, it may be wise to revisit your privacy configurations. While Granola states that your notes are “private by default,” it renders them accessible to anyone possessing a link and also incorporates them for internal AI training unless you opt out.
Granola characterizes itself as an “AI notepad for individuals in back-to-back meetings.” It syncs with your calendar to capture audio from meetings, subsequently employing AI to create a bulleted summary of what was discussed, which it refers to as a “note.” You have the option to modify the AI-generated notes, invite other participants to view them, and engage with Granola’s AI assistant to inquire about your notes and review the meeting transcripts they originate from.
However, within the app’s settings menu, Granola notes, “By default, your notes are accessible to anyone with the link.” This implies that anyone online can view your notes if you inadvertently share a link — a significant concern if you’re documenting sensitive meetings. After personally testing this, I discovered that I could retrieve my own note from a private browser window, all without logging into my Granola account. The site even displays the ownership of the note and its creation date.
While I was unable to view the complete transcript associated with the note, I could still access portions of it. Clicking on one of the bullet points produced by Granola reveals a quote from the transcript that the note references, accompanied by an AI-generated summary providing additional context about the discussion.
On its site, Granola mentions that “full transcript access is granted to colleagues who open the same folder or note inside the Granola desktop app.” It remains unclear whether all Granola account holders can view your transcript, or if only those you’ve shared your workspace with can do so. Granola did not provide a response to a request for additional details by the publication time.
You can modify who is able to view your links by opening Granola, clicking on your profile at the bottom-left of the screen, and then selecting “Settings.” From there, go to the “Default link sharing” setting, and adjust “Anyone with the link” to either “Only my company” or “Private.” If you delete your note, those with the link will no longer have access to it.
One user on LinkedIn highlighted the public notes feature last year, stating, “these links aren’t indexed, but if you share or leak one – even accidentally – it’s public to anyone who finds it.” Furthermore, at least one prominent company has prohibited a senior executive from using the tool due to security worries, a source informed The Verge.
In addition, Granola “might utilize anonymized data” to enhance its AI models, as stated on the app’s support page. Enterprise users are excluded from AI training by default, whereas individuals on all other plans are included. You can disable AI training by navigating to the settings menu and turning off the “Use my data to improve models for everyone” option. The company asserts it does not permit third-party entities, like OpenAI or Anthropic, to use your data for AI training if the setting is active.
Granola’s security page states that your notes are stored in a US-based Amazon Web Services private cloud and asserts they are “encrypted both at rest and in transit.” The company also does not retain audio from meetings. It solely keeps meeting notes and transcripts, both of which it processes within the cloud.
