Skip to main content
Screenshot of Granola notes interface, showing publicly accessible notes via a shared link, no login needed.

Editorial illustration for Granola notes are publicly accessible via link, even without login

Granola Notes Leak: Public Access Without Login

Granola notes are publicly accessible via link, even without login

Updated: 4 min read

Your Granola notes are not as private as you might think. By default, anyone with the link, even without an account or login, can open them, read the content, and see your name. A quick test from a private browser window confirms it: no sign-in required, and the note’s author and creation date are displayed.

That bullet point summary you trusted to be confidential? It’s accessible to anyone who stumbles upon a link, and the linked transcript snippet isn’t fully hidden either.

After testing this out for myself, I found that I could access my own note from a private window in my browser, all without signing into my Granola account. The site even tells you who the note belongs to and when it was created. While I couldn't view the entire transcript linked to the note, I could still view parts of it.

Selecting one of the bullet points generated by Granola pulls up a quote from the transcript that the note is referring to, along with an AI-generated summary with additional context about the conversation. On its website, Granola says "full transcript access is available to collaborators who open the same folder or note inside the Granola desktop app." It's not clear whether anyone with a Granola account can access your transcript, or if it's just people you've shared your workspace with. Granola didn't respond to a request for more information by the time of publication.

You can change who can view your links by opening Granola, selecting your profile in the bottom-left corner of the screen, and then choosing "Settings." From there, navigate to the "Default link sharing" option, and change "Anyone with the link" to either "Only my company" or "Private." If you delete your note, people with the link will no longer be able to access it. One user on LinkedIn called attention to the public notes setting last year, saying, "these links aren't indexed, but if you share or leak one - even accidentally - it's public to whoever finds it." And at least one major company has denied use of the tool to a senior executive due to security concerns, a source tells The Verge. Additionally, Granola "may use anonymized data" to improve its AI models, according to the app's support page.

The default setting is a trapdoor, not a feature. Granola hands you a link, and with it, the keys to a stranger’s meeting notes, AI summaries, and partial transcripts, all without a login. The fix exists, buried in a settings menu, but most users will never find it until it’s too late.

A single shared link, a misplaced email, a Slack message sent to the wrong channel, that’s all it takes. One company has already banned the tool. Others will follow.

The lesson is brutally simple: assume every link you create is public until you prove otherwise. Check your settings. Delete what you don’t need.

Or watch your conversations become someone else’s data point.

Common Questions Answered

How do Granola's note sharing links compromise user privacy?

Granola's sharing links allow anyone to access basic note details like the author's name and creation timestamp without requiring login credentials. Even in a private browsing session, users can view parts of the note's content and selected bullet points, potentially exposing sensitive information to unintended viewers.

What content remains visible when accessing a Granola note via a shared link?

When accessing a Granola note through a shared link, users can see the note's author, creation timestamp, and selected bullet points or quotes from the transcript. However, the full transcript remains hidden, providing partial but potentially revealing content about the note's subject matter.

What privacy concerns arise from Granola's default note sharing settings?

Granola's default sharing mechanism allows anyone with a note's URL to access basic information and content fragments without authentication. This raises significant privacy concerns, as users may inadvertently expose note details to unauthorized individuals, potentially compromising the confidentiality of their notes.

Further Reading

LIVE03:21OpenAI's Miles Wang in Talks for USD 2B AI Drug Discovery Startup