granola-data-handling

Manage Granola data export, retention policies, GDPR/CCPA compliance, and archival workflows. Handle Subject Access Requests and Right to Erasure. Trigger: "granola export", "granola data", "granola GDPR", "granola retention", "granola delete data", "granola compliance".

Quality

75%

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Securityby

Advisory

Suggest reviewing before use

Optimize this skill with Tessl

npx tessl skill review --optimize ./plugins/saas-packs/granola-pack/skills/granola-data-handling/SKILL.md

Granola Data Handling

Overview

Manage data lifecycle for Granola meeting data: export, retention policies, GDPR/CCPA compliance, and long-term archival. Covers individual data rights, organizational policies, and automated archival workflows.

Prerequisites

Granola admin access (for retention policies)
Understanding of applicable regulations (GDPR, CCPA, SOC 2)
Export destination prepared (cloud storage, Notion, local)

Instructions

Step 1 — Understand Data Types and Sensitivity

Data Type	What It Contains	Sensitivity	Storage
Meeting Notes	Your typed notes + AI-enhanced output	Medium	Granola cloud + local cache
Transcripts	Full text transcription of audio	High (verbatim speech)	Granola cloud + local cache
Audio	Raw meeting audio	Critical	Deleted after transcription (not stored)
Attendee Info	Names, emails from calendar events	PII	Granola cloud (People & Companies)
Calendar Metadata	Event titles, times, attendee lists	Low-Medium	Synced from Google/Outlook

Key fact: Granola does not store raw audio after transcription. This is a significant privacy advantage — there is no audio file to leak, export, or subpoena.

Step 2 — Export Meeting Data

Individual note export:

Open the meeting note in Granola
Click the ... menu > Copy (copies as Markdown)
Paste into your target: Notion, Google Doc, text editor

Important limitation: Granola does not currently support bulk export, PDF export, or structured file download (JSON/CSV). The available options are:

Copy individual notes as text/Markdown
Share to Notion (one note at a time via native integration)
Share to Slack (one note at a time)
Enterprise API (read-only access to workspace notes)

Workaround for bulk access — local cache:

#!/usr/bin/env python3
"""Export Granola meetings from local cache to Markdown files."""
import json
from pathlib import Path
from datetime import datetime

CACHE_PATH = Path.home() / "Library/Application Support/Granola/cache-v3.json"
OUTPUT_DIR = Path.home() / "Desktop/granola-export"
OUTPUT_DIR.mkdir(exist_ok=True)

def export_from_cache():
    raw = json.loads(CACHE_PATH.read_text())
    state = json.loads(raw) if isinstance(raw, str) else raw
    data = state.get("state", state)
    docs = data.get("documents", {})

    exported = 0
    for doc_id, doc in docs.items():
        title = doc.get("title", "Untitled").replace("/", "-")
        created = doc.get("created_at", "unknown")[:10]
        content = doc.get("last_viewed_panel", {})

        # Extract text from ProseMirror content (simplified)
        text_parts = []
        if isinstance(content, dict):
            for node in content.get("content", []):
                if node.get("type") == "paragraph":
                    for child in node.get("content", []):
                        text_parts.append(child.get("text", ""))
                elif node.get("type") == "heading":
                    level = node.get("attrs", {}).get("level", 1)
                    prefix = "#" * level
                    for child in node.get("content", []):
                        text_parts.append(f"\n{prefix} {child.get('text', '')}\n")

        filename = f"{created}_{title[:60]}.md"
        filepath = OUTPUT_DIR / filename
        filepath.write_text(f"# {title}\n\nDate: {created}\n\n{''.join(text_parts)}")
        exported += 1

    print(f"Exported {exported} meetings to {OUTPUT_DIR}")

export_from_cache()

Enterprise API export:

# List all accessible notes (Enterprise plan required)
curl -s "https://api.granola.ai/v0/notes" \
  -H "Authorization: Bearer $GRANOLA_API_KEY" \
  -H "Content-Type: application/json" | python3 -c "
import json, sys
notes = json.load(sys.stdin).get('notes', [])
for note in notes[:10]:
    print(f\"{note.get('id', 'N/A')}: {note.get('title', 'Untitled')} ({note.get('created_at', 'N/A')})\")
print(f'Total accessible notes: {len(notes)}')
"

Step 3 — Configure Retention Policies

Settings > Data Retention (Business/Enterprise):

Data Type	Recommended Retention	Rationale
Meeting notes	1-2 years	Long-term reference value
Transcripts	90 days	Storage efficiency, lower PII risk
Audio	Deleted after processing	Granola default, not configurable
Attendee info	Retained with notes	Needed for People & Companies CRM

Per-workspace overrides (Enterprise):

HR workspace: 90-day notes, 30-day transcripts
Executive workspace: Custom (legal hold capable)
Sales workspace: 1-year notes, 90-day transcripts
Engineering workspace: 2-year notes, 90-day transcripts

Step 4 — GDPR Compliance

Required controls:

GDPR Right	Granola Implementation
Right of Access (Art. 15)	Export user's data via Settings > Data > Export or Enterprise API
Right to Erasure (Art. 17)	Delete individual notes; request account deletion from Granola
Right to Data Portability (Art. 20)	Copy notes as text, or use local cache export
Right to Object (Art. 21)	AI training opt-out (Business/Enterprise)
Lawful Basis	Consent (recording notice) or Legitimate Interest (employer's business ops)

Subject Access Request (SAR) handling:

## SAR Response Procedure

1. Receive SAR from data subject (30-day response deadline)
2. Verify identity of the requester
3. Search Granola for all notes containing the requester
   - People view: search by name/email
   - Enterprise API: query notes by attendee email
4. Export relevant notes (copy as text)
5. Redact third-party PII from the export
6. Deliver export to requester within 30 days
7. Document the SAR and response in compliance log

Data Processing Agreement:

Request DPA from Granola at security@granola.ai or via Settings
Required for any organization processing EU personal data
DPA covers Granola as a Data Processor

Step 5 — CCPA Compliance

For California consumer data:

Disclosure: Update your privacy policy to mention Granola as a meeting recording tool
Opt-out: Provide mechanism for meeting participants to opt out of recording
Deletion: Honor deletion requests by removing notes containing the individual

Step 6 — Archival Workflow

For long-term retention beyond Granola:

# Monthly archival via Zapier
Trigger: Schedule by Zapier — 1st of month

Step 1 — Granola: List notes from past month
  (via Enterprise API or folder trigger accumulation)

Step 2 — Google Drive: Create folder
  Name: "Meeting Archives / YYYY-MM"

Step 3 — Google Drive: Upload files
  Content: Note markdown for each meeting

Step 4 — Slack: Notify admin
  Message: "Monthly meeting archive created: X notes archived"

Alternative: local cache backup

# Backup local cache monthly
BACKUP_DIR="$HOME/backups/granola"
mkdir -p "$BACKUP_DIR"
cp "$HOME/Library/Application Support/Granola/cache-v3.json" \
   "$BACKUP_DIR/cache-v3-$(date +%Y%m%d).json"
echo "Granola cache backed up"

Output

Data export procedures documented and tested
Retention policies configured per workspace and data type
GDPR/CCPA compliance controls implemented
SAR handling procedure established
Archival workflow automated (monthly)

Error Handling

Error	Cause	Fix
Cannot export notes	No bulk export feature	Use local cache export script or Enterprise API
SAR deadline at risk	No process owner	Assign dedicated compliance contact
Retention policy not applied	Enterprise feature required	Upgrade to Enterprise, or manually manage
Archive missing notes	Cache didn't contain all notes	Use Enterprise API for complete workspace data
Deletion incomplete	Backup retention period	Allow 30 days for Granola to purge from all backups

Resources

Next Steps

Proceed to granola-enterprise-rbac for role-based access control configuration.

Repository: jeremylongshore/claude-code-plugins-plus-skills
Commit: 3e83543

Last updated: 3 days ago
Created: 3 days ago

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.