# PSA: Anyone with a link can view your Granola notes by default

If you’re using Granola for your note-taking workflow, there’s an important privacy consideration you should be aware of. Despite marketing itself as having “private by default” notes, Granola’s actual default behavior makes your notes accessible to anyone who has the shareable link—similar to how Google Docs or Notion work with public sharing. While link-based sharing is a common pattern in modern SaaS applications, the concern here is that users might assume “private by default” means their notes are truly isolated unless they explicitly share them, when in reality the opposite is the default behavior.

What makes this situation more critical is Granola’s secondary data practice: your notes are automatically used for internal AI training unless you actively opt out. This is a common monetization strategy for AI-powered applications, but it’s worth understanding if you’re storing sensitive information, debugging notes, code snippets, or any proprietary technical details in Granola. If you’ve been syncing notes containing credentials, API keys, or architecture decisions, these could be incorporated into Granola’s training datasets.

For those already using Granola, the fix is straightforward: review your privacy settings immediately and change the default sharing behavior, then opt out of AI training if you haven’t already. Going forward, treat any “AI-powered” productivity tool with the same scrutiny you’d apply to any third-party service handling your data. Even well-intentioned companies sometimes make UX choices that don’t align with user expectations around privacy. As technical professionals, we should advocate for clearer defaults and explicit consent models—especially when data is used for training purposes.