Article image📷 Photo by Tech&Space
- ★The story centers on Granola’s ‘private by default’ notes are public by link.
- ★The practical test is whether the claim survives deployment, cost and independent verification.
- ★The wider impact depends on adoption, regulation and follow-up data from real-world use.
Granola’s marketing insists your notes are "private by default," but the fine print reveals a less reassuring truth: anyone with a link can view them. This isn’t a bug—it’s the default setting, buried under a veneer of AI-powered convenience. The app, which positions itself as an "AI notepad for people", also enrolls users in internal AI training unless they manually opt out.
The Verge’s PSA isn’t just a warning—it’s a reality check for the ‘privacy-first’ branding so many AI tools lean on. Granola’s approach mirrors a broader pattern: startups trade user trust for data liquidity, then frame opt-outs as user empowerment. The real question isn’t whether this is legal (it likely is, via terms of service), but whether it’s ethical to call something ‘private’ when it’s one URL away from public.
This isn’t the first time an AI app has played fast and loose with privacy defaults. Notion’s early link-sharing debates and Obsidian’s sync controversies prove users rarely audit settings until a crisis hits. Granola’s sin isn’t uniqueness—it’s the audacity to market privacy while requiring users to dig for it.
The gap between ‘private by default’ and ‘public by URL’
Secondary visual angle showing the practical mechanism behind "The gap between ‘private by default’ and ‘public by URL’".📷 AI-generated / Tech&Space editorial composite
The competitive angle here is brutal: Granola’s model lets it harvest more training data than rivals who default to true privacy. For a startup, that’s a moat; for users, it’s a tax. The AI training opt-out is tucked behind layers of settings, a classic dark pattern disguised as customization. Even if you disable it, Granola admits to retaining notes for ‘service improvement’—a catch-all that could mean anything.
Developers on Hacker News flagged this weeks ago, but the lack of outrage suggests fatigue. Privacy erosion in AI tools has become background noise, normalized by incremental betrayals. The real signal isn’t Granola’s behavior—it’s that users now expect this. The bar for ‘private by default’ has been lowered to ‘not actively malicious.’
Granola’s playbook is textbook growth-over-guardrails: exploit defaults, frame criticism as user error, and let the terms of service do the heavy lifting. The only surprise is how unoriginal it is.
