If you use the AI-powered note-taking app Granola, you might want to double-check your privacy settings. Though Granola says your notes are โprivate by default,โ it makes them viewable to anyone with a link, and also uses them for internal AI training unless you opt out.
Granola describes itself as an โAI notepad for people in back-to-back meetings.โ It integrates with your calendar to capture audio from your meetings, and then uses AI to generate a bulleted list of what youโve heard, which it calls a โnote.โ You can edit the AI-generated notes, invite other collaborators to view them, and use Granolaโs AI assistant to ask questions about your notes and review the meeting transcript theyโre based on.
But in the appโs settings menu, Granola says, โBy default, your notes are viewable to anyone with the link.โ That means anyone on the web can see your notes if you accidentally share a link โ potentially a major issue if youโre recording sensitive meetings. After testing this out for myself, I found that I could access my own note from a private window in my browser, all without signing into my Granola account. The site even tells you who the note belongs to and when it was created.
While I couldnโt view the entire transcript linked to the note, I could still view parts of it. Selecting one of the bullet points generated by Granola pulls up a quote from the transcript that the note is referring to, along with an AI-generated summary with additional context about the conversation.
On its website, Granola says โfull transcript access is available to collaborators who open the same folder or note inside the Granola desktop app.โ Itโs not clear whether anyone with a Granola account can access your transcript, or if itโs just people youโve shared your workspace with. Granola didnโt respond to a request for more information by the time of publication.
You can change who can view your links by opening Granola, selecting your profile in the bottom-left corner of the screen, and then choosing โSettings.โ From there, navigate to the โDefault link sharingโ option, and change โAnyone with the linkโ to either โOnly my companyโ or โPrivate.โ If you delete your note, people with the link will no longer be able to access it.
One user on LinkedIn called attention to the public notes setting last year, saying, โthese links arenโt indexed, but if you share or leak one โ even accidentally โ itโs public to whoever finds it.โ And at least one major company has denied use of the tool to a senior executive due to security concerns, a source tells The Verge.
Additionally, Granola โmay use anonymized dataโ to improve its AI models, according to the appโs support page. Enterprise customers are opted out of AI training by default, but people on all other plans arenโt. You can disable AI training by going to the settings menu and toggling off the โUse my data to improve models for everyoneโ option. The company says it doesnโt allow third-party companies, like OpenAI or Anthropic, to use your data for AI training if the setting is enabled.
Granolaโs security page says the company stores your notes in a US-hosted Amazon Web Services private cloud, and says they are โencrypted at rest and in transit.โ The company doesnโt store audio from meetings, either. It only saves meeting notes and transcripts, both of which it processes in the cloud.
