Library / Vendor directory

Notion

notion.com · facts updated 1 hour ago

Privacy facts at a glance
Jurisdictions
US · EU · DE · SG · GR · IE · IN · JP · AU · GB · KR
Subprocessors
35
Retention
The DPA survives until expiration or termination of the Agreement or the return or deletion of Customer Personal Data, whichever is later; specific day counts are not stated.
Transfer mechanism
Not explicitly stated in the excerpts provided; DPA references Restricted Transfers under EU GDPR and UK GDPR but does not name the specific mechanism (e.g., SCCs).
DPA available
Yes
Certifications
SOC 2 Type 2 · ISO 27001 · ISO 27701 · ISO 27017 · ISO 27018
GDPR addressed
Yes
CCPA addressed
Yes
Named subprocessors
AWS Anthropic Confluent Cloudflare DeepL Fireworks OpenAI Splunk Turbopuffer Twilio Exa Google LLC

Tracked documents

Privacy policy
https://www.notion.com/trust/privacy-policy checked 1 hour ago
Terms of service
https://notion.notion.site/master-subscription-agreement checked 1 hour ago
Security / trust page
https://www.notion.so/security checked 1 hour ago

Recent changes

major Subprocessor list 1 hour ago

Notion's subprocessor list was published (or substantially replaced), adding numerous new subprocessors including Anthropic, Fireworks, OpenAI, Google LLC, Cerebras Systems Inc., Baseten Labs, Parallel Web Systems, Mathpix Inc., Vercel Inc., Anysource Inc. dba Runlayer, Exa, StarTree Inc., Turbopuffer, Teleperformance, and others across infrastructure, platform, customer support, and business operations categories, spanning multiple jurisdictions including USA, EU, Germany, Singapore, Greece, and Global.

Public summary; per-account review history visible to subscribers tracking this vendor.

Track Notion in your workspace.

Get notified when Notion adds a subprocessor, changes retention, updates their DPA, or quietly amends their privacy posture.

Start tracking — 14-day trial
No card required.