Granola Exposes Your Default Notes: Check Your Settings
Le brief IA que les pros lisent chaque soir
Les 7 actus IA du jour, décryptées en 5 min. Gratuit.
Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.
Choisis ton rythme
Gratuit · Pas de spam · Désabonnement en 1 clic
If you are a user of the AI-powered note-taking app Granola, it is crucial to check your privacy settings. Although Granola claims that your notes are "private by default," they are actually accessible to anyone with a link. Additionally, the app uses these notes for internal AI training unless you choose to opt out.
Granola presents itself as an "AI notebook for people in back-to-back meetings." The app integrates with your calendar to capture the audio of your meetings, then uses AI to generate a bullet-point list of what you heard, which the app refers to as a "note." You can edit the AI-generated notes, invite other collaborators to view them, and use Granola's AI assistant to ask questions about your notes and consult the minutes from the meeting they originated from.
However, in the app's settings menu, Granola states: "By default, your notes are visible to anyone with the link." This means that anyone on the web can see your notes if you accidentally share a link, which could pose a major issue if you record sensitive meetings. After testing this myself, I found that I could access my own note from a private window in my browser without having to log into my Granola account. The site even indicates who owns the note and when it was created.
You can make the links to your notes private or allow only members of your company to view them. While I was unable to see the entire minutes related to the note, I could view certain parts. By selecting one of the points generated by Granola, an excerpt from the minutes that the note references appears, along with an AI-generated summary providing additional context about the conversation.
On its website, Granola specifies that "full access to the minutes is available for collaborators who open the same folder or note in the Granola desktop app." It is unclear whether anyone with a Granola account can access your minutes, or if this is limited only to those with whom you have shared your workspace. Granola did not respond to a request for further information before the publication of this article.
You can change who can see your links by opening Granola, selecting your profile in the bottom left corner of the screen, and then choosing "Settings." From there, navigate to the "Default Link Sharing" option and change "Anyone with the link" to "Only my company" or "Private." If you delete your note, those with the link will no longer be able to access it.
A user on LinkedIn drew attention to the public notes setting last year, stating: "these links are not indexed, but if you share or disclose one – even accidentally – it is public for anyone who finds it." And at least one large company has declined to use the tool for a senior executive due to security concerns, according to a source.
Furthermore, Granola "may use anonymized data" to improve its AI models, according to the app's support page. Enterprise customers are opted out of AI training by default, but users on other plans are not. You can disable AI training by accessing the settings menu and turning off the option "Use my data to improve models for everyone." The company claims it does not allow third-party companies, such as OpenAI or Anthropic, to use your data for AI training if this setting is enabled.
Granola's security page states that the company stores your notes in a private cloud hosted by Amazon Web Services in the United States, and specifies that they are "encrypted at rest and in transit." The company also does not retain the audio from meetings. It only saves the notes and transcripts from meetings, both of which are processed in the cloud.
Brief IA — L'actualité IA en français
L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.