Artificial IntelligencePrivacy & Data ProtectionRegulatory & Compliance

Granola AI's Default Settings Spark Privacy Concerns

2 min readSources: The Verge

Granola AI exposes user notes publicly, risking legal issues over data privacy.

Why it matters: Exposed data can break client confidentiality and breach privacy laws like GDPR. Legal professionals need to secure client data rigorously.

  • Default setting allows public access to user notes unless users change it.
  • Internal AI uses notes for training unless users opt out, risking privacy.
  • Past API vulnerability exposed user data in test versions, fixed now.
  • Granola states no third-party data sharing, but internal data use persists.

The Verge highlighted that Granola AI's default public link-sharing for user notes poses privacy risks, especially for legal professionals handling client data. By default, notes are accessible to anyone with the link unless users manually update the privacy settings.

This configuration not only risks breaching client confidentiality agreements but may also violate privacy regulations such as the GDPR or California Consumer Privacy Act (CCPA), which require stringent data protection practices.

Further complicating matters, user notes contribute to internal AI training unless an opt-out is exercised, which may not be universally known or applied. Granola's policy clarifies that while they don't share data with external AI, internal use of this data persists, raising potential privacy concerns.

Even though Granola employs encryption using AWS servers based in the U.S., earlier issues like a security breach due to an API key have raised alarms about their data protection measures. Although rectified, such vulnerabilities highlight the necessity for ongoing vigilance.

It's imperative for legal professionals to adjust Granola's default settings to prevent unauthorized access. Additionally, they need to ensure compliance with applicable privacy legislation, given the potentially widespread data disclosures.

Yes, but: Legal professionals can mitigate risks by adjusting privacy settings and staying informed on data use policies.

What's next: Granola may need to revise its privacy settings and policies to enhance data protection.

Based on reporting from

PSA: Anyone with a link can view your Granola notes by default
The Verge · Apr 2, 2026

Sponsors

Legal.io

Legal.io is a technology company building a connected network for legal professionals. Their platform enables lawyers and legal teams to collaborate, discover opportunities, and leverage technology to improve the practice of law.

Visit website →

Related articles

Regulatory & Compliance

Filmmaker Files War Crimes Suit Against Israel in France

Ali Cherri, a filmmaker, files a war crimes complaint in France against Israel for a 2023 airstrike, pushing the boundaries of international justice and universal jurisdiction.

Apr 6, 20262 min read
Regulatory & Compliance

UN Declares Slave Trade a Crime Against Humanity, Spurs Legal Implications

The UN's declaration of the slave trade as a crime against humanity could impact reparations claims and legal practices worldwide.

Apr 6, 20263 min read
Regulatory & Compliance

UN Declares Slave Trade a Crime Against Humanity

The UN's declaration of the transatlantic slave trade as a crime against humanity may prompt global legal and policy changes.

Apr 6, 20262 min read
Artificial IntelligenceRegulatory & Compliance

Stanford's AI Principles Target Legal Compliance and Ethics

Stanford's AI Life Cycle Core Principles offer a framework for AI governance, emphasizing compliance and ethics within legal operations.

Apr 6, 20262 min read