If you’re using Granola to capture meeting notes, there’s a privacy problem you need to know about right now. The AI-powered note-taking app claims your notes are “private by default,” but they’re actually viewable to anyone with a link – and the company’s using them to train its AI models unless you manually opt out. It’s the kind of default setting that could expose sensitive business conversations, client details, and internal strategy discussions to anyone who stumbles across a shared link.

Granola is facing a privacy reckoning. The AI note-taking app, which markets itself as an “AI notepad for people in back-to-back meetings,” has a glaring disconnect between what it promises and what it actually does with your data.

According to The Verge’s investigation, while Granola’s security page explicitly states that notes are “private by default,” the reality is quite different. Every note you create is automatically shareable via link, meaning anyone who gets their hands on that URL can read your meeting transcripts, action items, and whatever else the AI captured during your calls.

It gets worse. The company is also using those notes – potentially containing confidential business information, client details, and strategic discussions – to train its internal AI models. You can opt out, but it’s buried in the settings, and most users won’t know to look for it.

The app works by integrating with your calendar and capturing audio from meetings. It then uses AI to generate bulleted summaries of what was discussed, which users can edit and share with collaborators. There’s also an AI assistant feature that lets you ask questions about your meeting history. It’s convenient, sure, but that convenience comes with a privacy trade-off that many users likely didn’t realize they were making.

This isn’t just a theoretical concern. In enterprise environments, meetings routinely cover sensitive topics – unreleased product plans, M&A discussions, personnel issues, client negotiations, and financial projections. If those notes are accessible to anyone with a link, it creates a potential data leak that could have serious business consequences.