Granola, a popular AI meeting notepad, exposes user notes to anyone with a link by default and trains internal AI models on your transcripts unless you manually opt out.
Here is a privacy setting you probably did not know you needed to check. Granola, an AI-powered note-taking application that has gained significant traction among startup teams and professionals drowning in back-to-back meetings, ships with a critical default configuration that leaves meeting notes accessible to anyone who obtains the share link. The company markets its product as keeping notes private by default, but a closer look at the actual settings tells a slightly different story.
The problem runs deeper than casual link sharing. Granola also feeds your meeting transcripts and generated notes into its internal AI training pipeline unless you explicitly navigate to your account settings and toggle the feature off. This dual oversight, revealed in a recent report by The Verge, highlights a growing and uncomfortable tension in the enterprise software space: the gap between how productivity tools are marketed and how they actually handle sensitive corporate data.
Granola works by integrating directly with your calendar and capturing audio from your meetings. It then uses AI to generate structured, bulleted notes summarizing the conversation. Users can edit those notes, invite collaborators, and query an AI assistant about what was discussed. It is exactly the kind of frictionless tool that busy professionals adopt quickly, often without running it past their IT or security teams first.
Granola is not an isolated case. The broader category of AI productivity and meeting assistant tools, including Otter.ai, Fireflies.ai, and Fellow, has exploded in popularity since early 2023. These platforms operate in a regulatory gray zone that traditional enterprise software has largely moved past. When you record and transcribe a meeting, you are capturing not just your own proprietary strategy discussions but potentially confidential client information, trade secrets, and personal data of employees or partners who never explicitly consented to AI processing.
Most enterprise-grade tools have responded to this pressure by implementing strict data isolation, SOC 2 compliance, and clear opt-in policies for training. Consumer and prosumer AI tools, however, often default to permissive settings that favor feature development and model improvement over locked-down security. The result is a growing class of lightweight, widely adopted applications that quietly collect enormous volumes of sensitive corporate audio data.
The financial incentives are substantial. A June 2024 analysis by PitchBook valued the global AI transcription and meeting intelligence market at $3.5 billion, projecting it to reach $11.8 billion by 2030. Startups operating in this space compete aggressively on speed, accuracy, and feature richness. Data collection for model training is not merely a byproduct of the business model; it is often the engine of competitive advantage. Companies that opt users in by default gain access to larger, more diverse training datasets, which directly improves the accuracy and nuance of their transcription models.
What This Means for Teams Adopting AI Tools
For startup founders and business leaders, this is a practical governance issue that requires immediate attention. The convenience of AI meeting assistants is real, and the productivity gains are measurable. But the risk profile changes dramatically depending on what is being discussed in those meetings and who might gain access through a carelessly shared link or an inadequately secured platform.
If your team uses Granola or any similar AI note-taking tool, take three specific steps right now. First, audit your sharing settings and ensure notes are restricted to explicitly invited collaborators rather than open to anyone with a link. Second, check your data training preferences and opt out if your organization's data governance policy prohibits the use of internal data to train third-party AI models. Third, communicate a clear policy to your entire team about which tools are approved for use in meetings that involve sensitive or confidential information.
The AI productivity category is evolving rapidly, and vendors are under immense pressure to ship features faster than their competitors. Privacy configurations are often treated as secondary considerations rather than foundational design principles. As these tools become embedded in daily workflows across organizations of every size, the responsibility increasingly falls on individual users and teams to verify that the defaults match their actual security requirements. The next twelve months will likely bring sharper regulatory scrutiny to how AI tools handle recorded conversations, but you should not wait for a mandate to check your settings.
