The AI-powered note-taking app, Granola, allows anyone with a link to view user notes by default, raising significant privacy concerns. The platform, marketed as a tool for capturing meeting audio and generating AI-summarized notes, exposes potentially sensitive information unless users manually adjust their privacy settings.
Default Public Access
Granola’s settings clearly state that notes are “viewable to anyone with the link.” This means that even without an account, individuals can access notes if a link is shared or leaked, presenting a major security risk for confidential meetings. Testing confirms that notes can be accessed from a private browser window without logging in, revealing both note content and creation details.
Limited Transcript Access
While full transcripts are accessible only to collaborators within the Granola app, partial transcript excerpts are visible through the bulleted notes. Selecting a note point displays corresponding quotes and AI-generated summaries, offering additional context from the conversation. The extent of access for users with a Granola account is unclear, as the company has not clarified whether all account holders can view transcripts.
Data Usage for AI Training
Granola reserves the right to use anonymized user data to improve its AI models unless explicitly disabled in settings. Enterprise customers are excluded from AI training by default, but all other users remain opted in. Disabling this feature requires manual adjustment in the app’s settings. The company asserts that third-party AI providers like OpenAI or Anthropic do not access user data if this setting is off.
Security Measures and Storage
Granola stores notes in an Amazon Web Services private cloud, with encryption at rest and in transit. The company claims it does not retain audio recordings, only saving notes and transcripts for cloud processing. Despite these measures, the default public link setting remains a critical vulnerability.
To secure your Granola notes, users must navigate to the settings menu (profile > Settings > Default link sharing) and change the setting from “Anyone with the link” to either “Only my company” or “Private.” Deleting notes also removes access for those with links.
The incident highlights a broader trend of AI tools prioritizing ease of use over default privacy. Users must actively manage settings to prevent unintended data exposure, and companies must prioritize transparency and security by default.
