NZ Media News
Back to latest
AI Note-Taking App Exposes Privacy Flaws: A Warning for NZ Marketers
A popular AI-powered note-taking application, Granola, has been found to have default settings that compromise user privacy. Despite claims of 'private by default,' notes are accessible via shareable links and are used for AI training without explicit opt-in, raising significant data security concerns for users and businesses alike.
What Happened
- •AI note-taking app Granola defaults to making user notes viewable by anyone possessing a direct link.
- •The app also automatically uses user data for internal AI model training unless users actively opt out.
- •Granola markets itself as an 'AI notepad for people in back-to-back meetings,' suggesting professional use.
- •The company's 'private by default' claim is contradicted by its actual privacy settings.
- •This vulnerability was highlighted by The Verge on 2 April 2026.
Why It Matters for NZ Marketers
- •NZ marketers frequently use AI tools for content generation, research, and internal communication, making them susceptible to similar vulnerabilities.
- •Handling sensitive customer data or internal strategy documents within such tools could lead to significant breaches and reputational damage.
- •New Zealand's Privacy Act 2020 mandates strict data protection, and non-compliance due to third-party app vulnerabilities carries legal risks.
- •The incident underscores the need for robust due diligence on all third-party AI services adopted by NZ businesses.
- •Public trust in AI tools could erode, impacting adoption rates for beneficial AI applications in the NZ market.
Strategic Implications
- •Implement stringent data governance policies for all AI tools, ensuring default privacy settings are reviewed and adjusted.
- •Educate marketing teams on the risks of using AI tools with sensitive data and the importance of understanding privacy policies.
- •Prioritise AI solutions that offer transparent data handling, robust encryption, and clear opt-in/opt-out mechanisms for data usage.
- •Conduct regular privacy audits of all marketing technology (MarTech) stacks, including AI components.
- •Develop contingency plans for potential data breaches stemming from third-party AI service vulnerabilities.
Future Trend Signals
- •Increased regulatory scrutiny on AI privacy and data security, potentially leading to new compliance requirements.
- •A growing market for 'privacy-by-design' AI solutions and tools that offer enhanced data control.
- •Greater emphasis on user education regarding digital privacy and the implications of AI tool usage.
- •The emergence of AI security specialists and dedicated roles within organisations to manage AI risks.
Sources
Editorial note: This analysis is original, AI-assisted editorial content. All source material is attributed with links. No full articles are reproduced. Short excerpts are used under fair dealing principles.
Related Analysis
More posts sharing similar topics
AI & CommerceData & Privacy
Guardian's Subtle AI Integration Signals New Era for Publisher Engagement
AI & CommerceData & Privacy
Geopolitical Tensions Halt US Rate Cuts, Signalling Prolonged Economic Caution for NZ Marketers
AI & CommerceData & Privacy
Patreon CEO Challenges AI's 'Fair Use' Claims, Advocates for Creator Compensation
AI & CommerceData & Privacy
NZ Economic Outlook Shifts: Marketers Face Persistent Inflation and Stagnant Growth
AI & CommerceData & Privacy