Granola

Correction to earlier profile draft

An earlier draft of this profile incorrectly described Granola as Mac-only and as having "raw audio that never leaves the user's device." Both statements are inaccurate. Granola supports macOS and Windows as of early 2026 (iOS uses temporarily cached audio for post-meeting processing). Audio is captured locally on the user's device, then transmitted to Granola's cloud for transcription, then deleted after transcription. The architecture is meaningfully better than Otter.ai or Fathom because no visible bot joins meetings and audio is not persistently stored — but it is not a fully local-first model. This corrected profile reflects the accurate architecture.

Plain-English risk rating: 3 of 5 (Individual/Business) / 2 of 5 (Enterprise with no-training)

Granola is a fast-growing AI meeting-notes tool (1M+ users by late 2025; $125M Series C at $1.5B valuation early 2026) that has carved out a privacy-positioning niche by avoiding the visible-bot architecture that has put Otter.ai, Fireflies.ai, and others into class-action litigation. The architecture is bot-free — Granola captures system audio directly from the user's device rather than joining the meeting as a participant — which structurally avoids the consent-disclosure question that drives the Otter/Fireflies litigation. Audio is transmitted to Granola's cloud for transcription and then discarded; no audio recordings persist.

The risk picture is less straightforward than the marketing implies. Training on customer data is on by default on Individual and Business plans, with opt-out only available at the Enterprise tier. SOC 2 Type 2 certification (achieved July 2025) is meaningful baseline assurance. The bot-free architecture is genuinely a structural privacy improvement but it introduces a separate disclosure question: meeting participants on the other side of the call have no visible indicator that AI transcription is happening, which shifts the consent compliance burden onto the Granola user rather than the platform.

Recommended for

  • Sole proprietor on Mac or Windows: Free tier (25 lifetime meetings) for evaluation, Individual at $18/month for regular use. Disclose to meeting participants that you are using AI transcription before recording starts.
  • Small team (2-10 people): Business at $14/user/month for team features and shared notes. Recognise that training opt-out is not available at this tier — your team's transcripts contribute to Granola's model improvement.
  • Regulated industry: Enterprise tier (starting $35/user/month) with model training opt-out, custom data residency negotiation, and explicit policy on which meeting types are appropriate for Granola transcription. The SOC 2 Type 2 certification is the floor; sector-specific regulatory review is still required.
  • The honest answer for most 1-10 employee businesses: Granola is a genuine privacy improvement over Otter.ai for individual professionals who can disclose AI use to their meeting counterparts. The bot-free architecture is the differentiator. For teams handling client-sensitive content where training opt-out matters, the Enterprise tier at $35+/user/month is the right floor — the Business tier at $14/user/month is comparable in cost but does not include the training opt-out.

Critical pre-deployment warning (silent recording disclosure)

This is the structurally important fact about Granola's bot-free architecture: because no visible bot joins the meeting, your meeting counterparts have no indicator that AI transcription is happening. This is a privacy advantage for the Granola user (no awkward "recording bot has joined" notification, more natural conversation flow) but a disclosure compliance challenge.

In two-party-consent jurisdictions (California, Washington, Florida, Illinois, Maryland, Massachusetts, Montana, Nevada, New Hampshire, Pennsylvania in the US; the EU under GDPR; New Zealand under the Privacy Act 2020), all-party consent is required for recording. Granola's silent operation does not absolve the user from this obligation — it shifts the compliance burden entirely onto the user. The right practice for any external meeting: verbal disclosure at the start ("I'm using an AI tool to take notes during our call") plus a meeting-invite line item disclosing AI use.

For internal meetings within your own organisation, your employee handbook should cover AI transcription in meetings. For external client meetings, disclosure is both ethical practice and likely legally required.

Data retention default

  • Audio recordings: Captured locally, transmitted to Granola's cloud for transcription, deleted after transcription. Granola does not persistently store meeting audio.
  • Text transcripts and AI summaries: Stored in Granola's infrastructure under standard data retention
  • LLM provider retention: Per Granola's contracts with model providers (Anthropic primary; specifics evolve)
  • Account deletion: Removes notes and transcripts; given the no-persistent-audio architecture, there is no parallel audio deletion required (a structural advantage over cloud-transcription competitors)
  • GDPR right to erasure: Supported via individual note deletion combined with the no-persistent-audio architecture

Training opt-out

Free, Individual, Business — TRAINING ON BY DEFAULT. This is a correction to commonly-stated marketing claims. Granola uses customer transcripts to improve its AI features on the non-Enterprise tiers. Opt-out is available only at the Enterprise tier.

Enterprise — NO TRAINING ON CUSTOMER DATA BY DEFAULT per the Enterprise contract terms. This is the structurally important upgrade for any team handling client-sensitive content.

The Phase 2 version of this profile incorrectly stated that no-training was the default across tiers. The corrected position: no-training is only the default at Enterprise.

Zero Data Retention availability

  • Granola operates zero-retention by architecture for raw audio (deleted after transcription)
  • For text transcripts and summaries, the no-training Enterprise contract is the relevant control
  • LLM provider zero-retention contracts in place per Granola's published security documentation

Plan tiers and pricing (as of early 2026)

TierPrice (USD)Training defaultSuitable for
Free$0On by defaultPersonal evaluation; 25 lifetime meetings
Individual$18/monthOn by defaultIndividual professionals (verify opt-out availability per current settings)
Business$14/user/monthOn by defaultSmall teams; training opt-out NOT available
Enterprise$35+/user/monthOff by defaultLarger orgs needing no-training contract

Jurisdiction

  • Primary processor: Granola (UK-based company, London headquarters)
  • Cloud infrastructure: AWS
  • Third-party AI subprocessor: Anthropic primary
  • SOC 2 Type 2 certified (July 2025; audit completed in three months due to the no-persistent-audio architecture reducing scope)
  • GDPR-compliant; UK Data Protection Act 2018 jurisdiction
  • Subject to additional jurisdictional requirements based on user residency

Breach history (public incidents)

No major public breach of Granola infrastructure as of May 2026. The company is relatively young (founded 2023; rapidly growing) and the no-persistent-audio architecture genuinely reduces the breach blast radius compared with vendors that store raw recordings.

Note on the bot-free architecture and the litigation environment: Granola's silent operation has, so far, avoided the class-action litigation affecting Otter.ai (In re Otter.AI Privacy Litigation, consolidated October 2025) and Fireflies.ai (Cruz v. Fireflies.AI Corp., December 2025). The reason is structural: Granola's architecture does not generate biometric voiceprints of non-account-holder meeting participants (because the user-side audio capture is treated as belonging to the user, not as recording-of-third-parties). However, if Judge Lee's ruling in the Otter litigation interprets two-party-consent wiretap statutes broadly, Granola could become exposed by association — the platform's silent operation means the user, not the platform, is the consent-compliance actor, and that user could become a defendant.

Category-level risk: The no-persistent-audio architecture is a meaningful structural improvement over cloud-transcription competitors. The remaining risks are: (a) training defaults on non-Enterprise tiers, (b) the silent-recording disclosure compliance burden falling on users, and (c) the general category risk that AI notetakers face during the ongoing legal uncertainty about two-party consent.

What this means in plain English for SMB owners

Three honest takeaways:

  1. Granola's bot-free architecture is genuinely better than Otter.ai's for privacy-conscious individuals — but the disclosure compliance burden is real. No visible bot means no automatic disclosure to your meeting counterparts. In two-party-consent jurisdictions including New Zealand, you (not Granola) are responsible for ensuring all participants consent to AI transcription. Verbal disclosure at meeting start plus an invite line item is the baseline practice.
  1. Training opt-out is paywalled at the Enterprise tier. Free, Individual, and Business tiers train on your transcripts by default. For sole proprietors using Granola for personal note-taking, this may be acceptable. For any team handling client-sensitive content where no-training matters, the Enterprise tier at $35+/user/month is the right floor — do not assume the cheaper Business tier has no-training defaults.
  1. The no-persistent-audio architecture is the strongest structural privacy claim in the meeting-AI category. Combined with the SOC 2 Type 2 certification (achieved July 2025), Granola is one of the most defensible meeting-AI choices for individual professionals on macOS or Windows. The migration path from Otter.ai during the Otter litigation pendency is straightforward; budget for the disclosure-discipline change as part of the migration.

Sources

  • Granola privacy and security documentation (granola.ai/security, verified 2026-05-24)
  • Granola blog: AI notetaker privacy compliance for product research SOC 2 and GDPR (March 31, 2026)
  • Granola Series C funding announcements (early 2026)
  • TL;DV: Granola AI Review (May 2026)
  • Max Productive: Granola AI Review 2026 (February 2026)
  • Textify Analytics: Granola AI Future of Meeting Notetaking (March 2026)
  • BuildBetter: Best Granola Alternatives for Private Meeting Notes 2026 (March 2026)
  • MeetJamie: Granola AI Pricing 2026 (December 2025)
  • MeetingNotes: Fellow vs Granola AI comparison (January 2026)
  • Feisworld: Granola AI Review 2026 (January 2026)

Related on AI Leakage