name: granola-security-basics description: | Security best practices for Granola meeting data. Use when implementing security controls, reviewing data handling, or ensuring compliance with security policies. Trigger with phrases like "granola security", "granola privacy", "granola data protection", "secure granola", "granola compliance". allowed-tools: Read, Write, Edit version: 1.0.0 license: MIT author: Jeremy Longshore jeremy@intentsolutions.io

Granola Security Basics

Overview

Implement security best practices for protecting meeting data in Granola.

Data Flow & Security

How Granola Handles Data

Audio Capture (Local Device)
        ↓
Encrypted Transmission (TLS 1.3)
        ↓
Processing Server (Transient)
        ↓
Encrypted Storage (AES-256)
        ↓
Access via App (Auth Required)

Key Security Features

Access Control Best Practices

Personal Account Security

## Checklist
- [ ] Use strong unique password
- [ ] Enable 2FA (two-factor authentication)
- [ ] Review connected apps regularly
- [ ] Log out from shared devices
- [ ] Use SSO if available (Business/Enterprise)

Sharing Permissions

Configure Sharing Defaults

Settings > Privacy > Default Sharing
- New meetings: Private (recommended)
- Auto-share with attendees: Off (for sensitive meetings)
- External sharing: Disabled (for compliance)

Sensitive Meeting Handling

Pre-Meeting

## Sensitive Meeting Checklist
- [ ] Disable auto-recording
- [ ] Confirm attendee list
- [ ] Review sharing settings
- [ ] Check for screen share visibility
- [ ] Consider using "Off the Record" mode

During Meeting

• Announce recording to all participants
• Pause recording for sensitive discussions
• Avoid displaying sensitive documents on screen

Post-Meeting

• Review notes before sharing
• Redact sensitive information
• Use private sharing link
• Set expiration on shared links

Data Retention & Deletion

Retention Settings

Settings > Privacy > Data Retention

Options:
- Keep forever (default)
- Delete audio after 30 days
- Delete audio after 7 days
- Delete audio immediately after processing

Recommendation: Delete audio after processing
(Notes are retained, raw audio is deleted)

Manual Deletion

## Delete Meeting Data

1. Open meeting in Granola
2. Click ... menu > Delete
3. Confirm deletion
4. Note: Deletion is permanent

## Bulk Deletion
1. Settings > Data
2. Export data (backup)
3. Select date range
4. Click "Delete meetings in range"

Export & Portability

## Data Export Options

Formats:
- Markdown (.md)
- PDF
- Word (.docx)
- JSON (full data)

Export includes:
- Meeting notes
- Transcripts
- Action items
- Metadata

Does NOT include:
- Raw audio files
- AI model data

Compliance Considerations

GDPR (EU Users)

HIPAA (Healthcare)

• Standard plans: Not HIPAA compliant
• Enterprise: BAA available on request
• Recommendation: Use only for non-PHI meetings

SOC 2 Type II

• Granola is SOC 2 Type II certified
• Audit reports available for Enterprise customers
• Covers security, availability, confidentiality

Team Security (Business Plans)

Admin Controls

## Available Controls
- [ ] Enforce SSO login
- [ ] Set password policies
- [ ] Manage user permissions
- [ ] View audit logs
- [ ] Control external sharing
- [ ] Enforce 2FA
- [ ] IP allowlisting

Audit Logging

Available Events:
- User login/logout
- Meeting recorded
- Notes shared
- Data exported
- Settings changed
- User added/removed

Security Incident Response

If Account Compromised

1. Immediately change password
2. Revoke all sessions (Settings > Security > Sign out everywhere)
3. Review recent activity
4. Check shared notes
5. Enable 2FA if not already
6. Contact support if data exposed

Reporting Security Issues

• Email: security@granola.ai
• Include: Detailed description, steps to reproduce
• Response: Within 24 hours

Resources

• Granola Security
• Privacy Policy
• Trust Center

Next Steps

Proceed to granola-prod-checklist for production deployment preparation.