Security & privacy

Your security, safety, and privacy is our top priority — and we build Notion accordingly.


Handshake

Security

Notion takes a security-by-design approach to protecting your data. Our team continues to make investments so you can use Notion with confidence.

Security infrastructure

Notion’s infrastructure is designed with layers of protection to help ensure your data is secure while transmitted, stored, or processed. Protections include but are not limited to encryption, least privilege access, secure software development, and a public bug bounty program.

Operational security

Our information security team continuously implements new security controls and monitors Notion for malicious activity across our infrastructure, networks, and assets.

Product security

Notion provides a robust set of in product data protection and admin controls for greater visibility and control over our data. Enterprise admins can deploy Notion to their organizations with SSO via SAML 2.0, provision users through SCIM, and track activity with the audit log features. Enterprise admins can also fine tune permission controls and guests, and manage team organizations.


Chainlink

Privacy

Notion maintains a comprehensive privacy compliance program and is committed to partnering with its customers and vendors on privacy compliance efforts. This page highlights some of the key aspects of our program.

How we handle your data

At Notion our team is dedicated to developing and implementing data privacy processes and safeguards that meet industry standards and best practices. We conduct ongoing training for our teams to ensure that they are up to speed with developments in legislation and essential privacy and security practices. Every Notion employee and contractor signs up to non-disclosure terms to maintain the confidentiality and security of your data. Notion also holds any vendors that handle personal data to the same data management, security, and privacy practices and standards to which we hold ourselves.

Agreements

At Notion we strive to keep all of our agreements up to date with the latest regulations and industry standards. Our Master Subscription Agreement and Data Processing Addendum describe in detail Notion’s data privacy processes, standards, safeguards and our compliance with data protection legislation. To ensure that our terms track with the GDPR, CCPA and other global privacy standards we continually have our terms assessed by leading privacy experts in multiple jurisdictions.

Data governance

Data governance relates to the policies and procedures that dictate how data is procured and used throughout its life cycle. From creation and collection to processing, distribution, storage and deletion. Notion’s commitment to data governance is key to keeping our users data secure, private, accurate, and accessible.

Policies

At Notion we want to be as transparent as possible with our customers about how we collect, process, store, and use their personal data. In order to achieve this Notion maintains comprehensive and detailed policies regarding how we handle your personal information. These policies describe in detail how our users can exercise their rights with regard to their data.

GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that governs the collection of and use of personal data of EU residents, and that allows data subjects to exercise control over their data. As the GDPR is widely considered to be the most stringent global privacy standard, we have mapped our privacy program to the GDPR and other global privacy regulations.


Notion Compliance Badges

Compliance

We have the SOC 2 Type 2 report and ISO 27001 certification demonstrating our commitments to various regulatory and industry standards. If you’d like a copy, please reach out to [email protected] for our Trust portal.

SOC 2 Type 2

The SOC 2 Type 2 is an audit report performed by an independent third-party certified by the American Institute of Certified Public Accountants (AICPA) to evaluate a service organization's controls related to the Trust Services Criteria (TSC). The SOC 2 Type 2 report assesses the effectiveness of these controls over a period of time and is intended to provide assurance to customers and stakeholders that the organization has implemented adequate controls to protect their data.

ISO 27001

ISO 27001 is an international standard for information security management. It outlines the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). This standard is designed to help organizations manage and protect their sensitive information using a risk management approach.


Lighthouse

Reliability

Notion is relied on from creatives to cooperations - as such, everyone deserves a platform they can count on. With robust uptime guarantees and multi-level redundancy, you can trust Notion will be there when you need it.

Enterprise-grade Infrastructure

We partner with AWS and Cloudflare to build a world-class architecture and to ensure users that Notion is built for maximum business resilience.

High availability & Failover

Notion keeps your data safe by having multiple zones for redundancy, have a comprehensive backup program, and regularly testing our disaster recovery and business continuity program. Notion offers a guaranteed uptime of 99.9%, so users can trust that we’ll be there when you need us. For Notion’s service level terms, please refer here.

Service Status

Notion makes it transparent and easy with a real-time view of Notion’s availability through the status page.


Learn about our enterprise plan

Interested in advanced security and control? Let us know your needs and we can help!

Fields marked with an asterisk (*) are required.