For full details see Grain's Privacy Policy, Security page, or contact security@grain.com or privacy@grain.co.
Data security
Grain uses the following measures to protect your data:
Encryption: all data is encrypted in transit using HTTPS and TLS, and encrypted at rest. Recording files are stored encrypted in AWS S3. All metadata is stored in an AWS database with encryption at rest on AWS EBS, with backups encrypted in AWS S3.
Access controls: only engineers with operational need have access to production services. User access within Grain is role-based. Single sign-on (SSO) integration is available on the Enterprise plan.
Infrastructure: Grain's infrastructure runs on AWS and is hosted on secure servers with multiple layers of protection.
Audits and monitoring: Grain conducts regular security audits and continuously monitors for suspicious activity.
Compliance: Grain complies with industry regulations including GDPR, HIPAA, and SOC 2 where applicable. Grain is SOC 2 Type II accredited. Further information on data protection can be found on our security page.
What data Grain collects
Grain collects the following categories of data:
Recordings: video and audio recordings of your meetings.
Transcripts and metadata: the transcript generated from each recording, plus associated metadata including timestamps, participants, and tags. This metadata helps organize and categorize your recordings for easy retrieval and sharing.
Account information: name, email address, and preferences provided at signup. This information is used to create and manage your Grain account and to provide personalized services.
Usage data: how you interact with the platform, features used, and preferences, which is used to improve Grain's services, provide customer support, and develop new features.
Integration data: if you connect Grain to third-party services such as your calendar or CRM, Grain collects data from those integrations solely to facilitate the connection
AI and third-party data sharing
Does Grain share my data with LLM providers?
Grain uses LLM providers to generate meeting summaries, key points, and action items. No customer data is retained in this process. For a full list of our sub-processors see grain.com/grain-subprocessors.
Does Grain sell my data?
No. Grain does not sell your data to third parties. Data is only shared with third parties as necessary to provide Grain's services or as required by law.
Recording consent
Bot recordings
When the Grain bot joins a meeting:
If you are the host: participants see a disclaimer modal stating the meeting is being recorded. They can choose to consent and stay or leave the meeting.
If you are not the host: the Grain bot sends a permission request to the meeting host. The host sees a modal asking whether to allow recording. The bot cannot record without the host granting permission.
Desktop Capture
Desktop Capture records locally from your computer with no bot in the meeting. There is no in-meeting consent mechanism, you are responsible for informing participants and obtaining consent. See Desktop capture for legal guidance and best practices.
User control over data
You control your data in Grain:
Choose which recordings to keep, share, or delete
Configure who can access recordings via link access settings and team sharing rules
Set workspace-wide auto-deletion policies to automatically delete recordings after a defined period. See Workspace settings for more information on setup.
Delete individual recordings at any time from the recording page
SSO
Single sign-on (SAML-based SSO) is available on the Enterprise plan. Contact your dedicated customer success manager or help@grain.com to configure SSO for your workspace.
What Grain controls
Grain does not have a self-serve SAML configuration page. There is no SSO settings panel, Service Provider metadata page, or SAML dashboard inside the Grain app. All SAML configuration (ACS URL, Entity ID, certificates, attribute mapping, enforcement rules) is managed in your identity provider, not in Grain.
The only workspace-level controls relevant to SSO enforcement in Grain are:
Allowed domains: controls which email domains can join your workspace
Joining this workspace: set this to 'Request to join workspace' to prevent non-SSO users from joining via email sign-up. Find this setting in Workspace settings → General.
