Granola's $125M Series C and the Hidden Cost of 'Bot-Free': Your Notes Still Live in the Cloud

If you've signed up for an AI notetaker in 2026, there's a good chance someone told you Granola was the "private" option. No bot joins your call. Audio is captured locally. The pitch is clean: meet without surveillance friction, walk away with smart notes. That story is also incomplete. After Granola's $125 million Series C in March 2026, which pushed its valuation to $1.5 billion and funded a deliberate pivot from prosumer notetaker to enterprise context layer, the architecture that powers Granola has moved decisively in the opposite direction of where bot-free buyers usually think they're heading. Your transcripts still live in the cloud. Your meeting data still trains an AI by default. And the opt-out you probably want is locked behind the Enterprise plan.

This piece is a careful look at what changed after the round, what the actual data flow looks like today, and how that compares with a fully on-device alternative. It is not an attack on Granola — it is a popular product built by capable people — but it is an argument that "no bot" and "on-device" are not synonyms, and that confusing them is the single most common privacy mistake buyers are making in 2026.

The Series C reshaped the product, not just the cap table

The headline from TechCrunch's reporting is that Granola closed a $125 million round led by Danny Rimer at Index Ventures, with Mamoon Hamid at Kleiner Perkins co-leading and Lightspeed, Spark, and NFDG following on. The valuation jumped from $250 million to $1.5 billion in under a year, and total funding hit $192 million.

What matters for privacy is what the round paid for. Granola simultaneously launched Spaces — team workspaces with folders and granular access controls — and introduced both a personal API and an enterprise API. The enterprise API followed a February 2026 release of an MCP (Model Context Protocol) server. The strategic intent is explicit in the company's own enterprise marketing: Granola wants to be a data processor that touches every conversation involving customers, candidates, and internal strategy. Vanta, Gusto, Thumbtack, Asana, Cursor, Lovable, Decagon, and Mistral AI are named customers.

The architectural consequence is straightforward. A prosumer app that puts "audio capture is local" on a landing page is a single-user tool with a small data footprint. A platform that exposes APIs, MCP integrations, team workspaces, and admin controls is, by necessity, a centralized data store. You cannot give an admin org-wide visibility into transcripts and also keep those transcripts only on individual employee laptops.

Where your Granola data actually lives

This is the part the marketing tends to underplay. Per independent product documentation aggregated by Tooliverse, Granola "stores notes in a US-hosted AWS Virtual Private Cloud with encryption at rest and in transit." That is — to be clear — a cloud service. It is encrypted, it is in a VPC, and it is operated competently. But the transcripts of your meetings, the notes you typed, and the AI-enhanced summaries are sitting on AWS, not on your device.

Granola's own participant-privacy guide confirms the lifecycle: "Granola does not store audio at any point: it transcribes in real time and deletes the audio immediately. Transcripts can be configured for org-wide auto-deletion on a defined schedule through Enterprise admin controls." Audio deletion is a real privacy win — there is no recording to subpoena, breach, or feed into a future training run. But the transcript is the part most enterprise lawyers actually worry about, because it is the searchable, indexable, durable artifact, and it lives in Granola's infrastructure on a retention schedule you only fully control if you pay for Enterprise.

The training default that buyers keep missing

The most consistent point of confusion among Granola users is whether their meetings train AI. The honest answer has two parts.

Third-party providers — the OpenAI and Anthropic models that power the summarization layer — are contractually prohibited from training on your data. That commitment is documented in Granola's compliance blog. That is the easy part, and it is genuinely better than the cloud-first competition.

The harder part is that Granola itself trains on customer data by default. As Itsconvo's 2026 product review documents after three months of testing, the AI-training opt-out is gated behind the Enterprise plan if you want it applied org-wide: "meeting data is used to train Granola's AI models by default (individual opt-out in settings, organization-wide opt-out only on the $35 Enterprise plan)." The tl;dv comparison review reaches the same conclusion: Enterprise "lets you opt out of model training for everyone in your team," and the equivalent control simply does not exist on the cheaper tiers.

If you are a 10-person team on Business at $14 per seat, each user has to individually toggle off training. One miss, and that user's transcripts flow into Granola's training pipeline. Multiply by every team that adopts the tool, and the practical default for the population of Granola users is that meetings train the model. That is a perfectly legal product design. It is not what most people hear when they hear "bot-free."

Bot-free vs. on-device: the comparison that actually matters

The single most useful frame for evaluating any 2026 notetaker is the difference between bot-free architecture and on-device architecture. They sound like the same idea. They are not.

Bot-free solves the social and consent dynamics — no awkward "who is that?" when a Fireflies or Otter bot pops into a call. On-device solves the data-residency, training, and regulatory questions. Granola does the first. Only true on-device tools do the second. For more on this distinction, our earlier piece on bot-free vs. on-device privacy architecture goes deeper on the technical differences.

Why the enterprise pivot makes the gap wider, not narrower

Granola's investors are betting on context. The strategic case for the Series C, as TechCrunch summarized it, is that "AI meeting notes are becoming a commodity" and Granola wants to differentiate by piping meeting context into broader AI workflows via APIs and MCP. That is a coherent business strategy. It is also a strategy that requires Granola to hold more of your data, in a more queryable form, for longer, with more downstream integration points.

The friction this creates with users showed up publicly earlier in the year. According to TechCrunch, an a16z partner and others were vocal when Granola "locked down its local database and broke on-device AI agent workflows they had set up." Co-founder Chris Pedregal explained that the local cache wasn't designed for AI workflows and the company changed how data was stored — incidentally breaking the local-first workflows users had built. The fix was to ship APIs that let people pull their data back out. That is a reasonable engineering answer. It is also a tell: the system of record is the cloud, and local access is a feature the vendor grants you.

The regulatory environment is tightening, not loosening

Buyers evaluating cloud notetakers in mid-2026 should price in three regulatory currents that all push in the same direction.

The EU AI Act high-risk deadline

Per the European Commission's AI Act portal, the regulation entered into force on 1 August 2024 and becomes fully applicable on 2 August 2026. DLA Piper's analysis of the Digital Omnibus negotiations notes that the second political trilogue on 28 April 2026 ended without agreement, meaning organisations deploying AI in employment contexts "should continue their compliance preparations in line with the existing deadline of 2 August 2026." Worker-monitoring AI sits squarely in Annex III high-risk scope, with fines reaching €15 million or 3% of global annual turnover.

Federal wiretap and BIPA litigation

The Otter.ai class action — In re Otter.AI Privacy Litigation, 5:25-cv-06911 in the Northern District of California — is the bellwether. HR Executive's reporting on the litigation, drawing on Littler Mendelson's February 2026 analysis, lists seven risk areas employers must evaluate when deploying any AI notetaker: consent, biometrics, accuracy, discrimination, attorney-client privilege, data retention, and confidentiality. Cloud notetakers — even bot-free ones — implicate every item on that list because they retain the transcript and may use it for training.

State all-party consent and biometric laws

As Babst Calland's analysis of AI meeting assistants explains, a meeting that includes any participant in an all-party consent state — California, Florida, Illinois, Maryland, Massachusetts, Montana, New Hampshire, Pennsylvania, or Washington — triggers heightened consent requirements for the entire call. Illinois's BIPA adds biometric exposure if voiceprints are generated. A vendor that processes and stores transcripts in the cloud does not eliminate that risk; it just moves the data into its own jurisdiction and infrastructure. Our analysis of employer liability for AI notetakers under BIPA and CIPA covers the vicarious-liability angle in more detail.

What "on-device" actually buys you, technically

On-device is not a marketing word. It is a specific architectural pattern that has gotten dramatically more viable in the last two years. Per Apple's privacy features documentation, the Apple Neural Engine "enables speech recognition models with the same high quality as server-based speech recognition," and audio for Siri and Dictation "is processed entirely on your device unless you choose to share it with Apple."

Independent reporting from Fora Soft's 2026 iOS speech recognition guide confirms the practical state of the art: "on-device speech recognition is now accurate enough for most real applications — OpenAI's Whisper and Apple's own neural models deliver 2–8% word-error-rate on clean English audio, running entirely on the Neural Engine." The cost of going on-device — historically lower accuracy — has essentially been paid down. The remaining trade-offs are application-level: rich team collaboration features that genuinely require shared cloud storage are harder to build on a pure-device architecture. But meeting capture, transcription, and summarization for an individual professional are not those features.

The data flow, side by side

A Granola meeting in 2026 looks like this: audio captured locally, audio deleted after transcription, transcript transmitted to AWS, summary generated using a third-party LLM call, transcript and notes stored in AWS VPC, optionally pulled into your CRM via the API or piped into Claude/ChatGPT via MCP. A Basil AI meeting looks like this: audio captured locally, transcription performed on the Neural Engine, transcript stored in your device's encrypted storage and optionally synced to your personal iCloud, summary generated on-device, notes exported to Apple Notes. The difference is not whether a bot joins the call. It is whether the durable record of your conversation ever crosses an organizational boundary.

Where Granola is still the right answer

Fairness matters. Granola is a well-built product, and there are use cases where its trade-offs are correct. If you run a Mac-and-Google-Workspace team, you need shared workspaces, you want CRM integrations, you are comfortable with US cloud storage, and your meetings are not subject to HIPAA, attorney-client privilege, or strict GDPR scrutiny — Granola is a credible choice. The Itsconvo review describes it accurately as "better for solo users today, despite Granola's enterprise pivot," with weak speaker attribution at three or more participants and a Google Workspace dependency.

The argument is not that Granola is bad. It is that buyers who chose Granola specifically because they wanted privacy — not because they wanted a particular feature set — picked the wrong proxy. "No bot in my call" feels private. It is not, in itself, privacy. Privacy is about where the durable record of the conversation ends up.

How Basil AI solves this

Basil AI was built on a single architectural commitment: nothing leaves your device. We use Apple's Speech framework and the Neural Engine for transcription, store transcripts in your device's encrypted storage, and integrate with Apple Notes through your personal iCloud account. There is no Basil server holding your meetings. There is no AWS VPC with your transcripts in it. There is no training pipeline, opt-in or opt-out, because there is no data flow that could feed one. There is no "Enterprise tier" that unlocks privacy — privacy is the only tier.

The trade-offs are honest. Basil does not offer team workspaces with central admin controls, because those features require centralized storage we have deliberately chosen not to build. We do not have an enterprise API for piping meeting context into shared AI workflows, because doing so would require us to hold your transcripts. For solo professionals, executives, lawyers, clinicians, and anyone whose meeting content cannot legally or ethically live on a vendor's servers, that trade is the right one. For more on the technical foundation, our deep dive on the Apple Neural Engine walks through how this actually works at the chip level.

What to ask before you pick a 2026 notetaker

Whatever tool you choose, the right questions are the same. Where is the transcript stored after the meeting ends? Is model training on or off by default, and is org-wide opt-out gated behind a higher tier? Is there a BAA available for HIPAA-covered conversations? What happens to my data if I cancel? Does the vendor's roadmap point toward more centralization or less? Fisher Phillips's seven-step guidance for businesses after the Otter litigation puts it cleanly: ask direct questions about how data is stored, retained, and used for AI training, and seek contractual assurances that sensitive data won't be repurposed.

If you ask Granola those questions, you will get clear, well-documented answers — and you will discover that the answers describe a cloud service. If you ask Basil AI, you will discover that most of the questions do not apply, because the architecture removes the data flow they assume.

That is the actual choice in 2026. Not bot or no bot. Cloud or device.

Take your meetings off the cloud entirely

Basil AI is a fully on-device AI notetaker for iPhone, iPad, and Mac. No bot in your call. No transcript on a vendor's server. No training pipeline. Just private capture and smart notes that live on your device.