Granola, an AI-powered note-taking application that has gained traction among productivity-focused users, has come under fire for privacy practices that contradict its stated commitment to user protection. Despite marketing itself as offering "private by default" notes, the service actually makes all notes viewable to anyone who possesses a shareable link—a significant distinction that many users may not fully understand. This default configuration means that sensitive information could potentially be accessed by unintended parties if links are leaked or shared inadvertently, raising concerns about how the company defines and implements privacy protections.
The privacy issues extend beyond accessibility concerns. Granola also uses user notes for internal AI training purposes unless users explicitly opt out—a practice that requires affirmative action rather than obtaining explicit consent upfront. This opt-out model represents a growing trend among AI companies that prioritize data collection for model improvement over transparent user consent. The approach has become increasingly contentious as users and privacy advocates argue that companies should require explicit opt-in rather than defaulting to data usage and requiring users to navigate settings to prevent it.
The Granola controversy highlights a broader tension in the AI industry between innovation and privacy protection. As AI applications become more embedded in daily workflows, users face mounting pressure to scrutinize the fine print of privacy policies and actively manage their data preferences. For companies building AI-powered tools, particularly those relying on user data for training, the challenge lies in balancing legitimate business needs with transparent communication and genuine respect for user privacy expectations. The incident underscores why users should regularly audit their privacy settings across all AI-powered applications they use.