Granola's Note-Taking App Leaves Users' Notes Vulnerable to Public Viewing

Granola, an AI-powered note-taking app designed for busy professionals, has a default setting that could leave users’ notes exposed to public viewing. The app claims that notes are “private by default,” but in reality, anyone with a link can access and view them. This vulnerability has raised concerns about data security and privacy.

Granola’s app allows users to capture audio from meetings and generate AI-powered notes, which can be edited and shared with collaborators. However, the company’s default settings enable AI training for non-enterprise users, which means that anonymized data may be used to improve its AI models. This raises questions about the extent of user consent and the potential risks associated with sharing personal data.

The issue becomes more concerning when considering the app’s ability to make notes viewable to anyone with a link. This means that if a user accidentally shares a link, their sensitive meeting notes could be accessed by anyone on the web. The fact that Granola doesn’t store audio from meetings and only saves meeting notes and transcripts in the cloud adds to the concern.

In an effort to rectify this issue, users can change the default link sharing setting to “Only my company” or “Private” within the app’s settings menu. Additionally, users can opt out of AI training by toggling off the option to use their data to improve models for everyone.

Granola’s lack of transparency and prompt response to concerns have raised questions about the company’s commitment to user privacy. While the app does store notes in a US-hosted Amazon Web Services private cloud and encrypts them at rest and in transit, users may still be concerned about the potential risks associated with sharing their data.

In conclusion, Granola’s default settings for note-taking leave users’ sensitive information vulnerable to public viewing. The company must take steps to rectify this issue and provide greater transparency about its data collection practices.

Analysis based on: https://www.theverge.com/ai-artificial-intelligence/906253/granola-note-links-ai-training-psa