granola-security-basics

# Granola Security Basics

## Overview
Implement security best practices for protecting meeting data in Granola.

## Data Flow & Security

### How Granola Handles Data
```
Audio Capture (Local Device)
        ↓
Encrypted Transmission (TLS 1.3)
        ↓
Processing Server (Transient)
        ↓
Encrypted Storage (AES-256)
        ↓
Access via App (Auth Required)
```

### Key Security Features
| Feature | Status | Details |
|---------|--------|---------|
| Encryption at rest | Yes | AES-256 |
| Encryption in transit | Yes | TLS 1.3 |
| SOC 2 Type II | Yes | Certified |
| GDPR compliant | Yes | EU data options |
| Audio retention | Configurable | Delete after processing |

## Access Control Best Practices

### Personal Account Security
```markdown
## Checklist
- [ ] Use strong unique password
- [ ] Enable 2FA (two-factor authentication)
- [ ] Review connected apps regularly
- [ ] Log out from shared devices
- [ ] Use SSO if available (Business/Enterprise)
```

### Sharing Permissions
| Share Level | Access | Use Case |
|-------------|--------|----------|
| Private | Owner only | Sensitive meetings |
| Team | Workspace members | Internal meetings |
| Link (View) | Anyone with link | Read-only sharing |
| Link (Edit) | Anyone with link | Collaborative notes |

### Configure Sharing Defaults
```
Settings > Privacy > Default Sharing
- New meetings: Private (recommended)
- Auto-share with attendees: Off (for sensitive meetings)
- External sharing: Disabled (for compliance)
```

## Sensitive Meeting Handling

### Pre-Meeting
```markdown
## Sensitive Meeting Checklist
- [ ] Disable auto-recording
- [ ] Confirm attendee list
- [ ] Review sharing settings
- [ ] Check for screen share visibility
- [ ] Consider using "Off the Record" mode
```

### During Meeting
- Announce recording to all participants
- Pause recording for sensitive discussions
- Avoid displaying sensitive documents on screen

### Post-Meeting
- Review notes before sharing
- Redact sensitive information
- Use pri