Notion

notion.com · facts updated 7 hours ago

Privacy facts at a glance

Retention: The DPA survives until expiration or termination of the Agreement or the return or deletion of Customer Personal Data, whichever is later; specific day counts are not stated in the excerpts.
Transfer mechanism: Restricted Transfers are addressed in the DPA but specific mechanisms (e.g., SCCs) are not named in the provided excerpts.
DPA available: Yes
Certifications: SOC 2 Type 2 · ISO 27001 · ISO 27701 · ISO 27017 · ISO 27018 · HIPAA · BSI C5
GDPR addressed: Yes
CCPA addressed: Yes

Tracked documents

https://www.notion.com/trust/privacy-policy checked 7 hours ago

https://notion.notion.site/master-subscription-agreement checked 7 hours ago

Data processing agreement

https://notion.notion.site/Data-Processing-Addendum-361b540101274b1fa7e16b90402b0d99 checked 7 hours ago

Subprocessor list

https://www.notion.so/Notion-s-List-of-Subprocessors-268fa5bcfa0f46b6bc29436b21676734 checked 7 hours ago

Security / trust page

https://www.notion.so/security checked 7 hours ago

Recent changes

major Subprocessor list 7 hours ago

Notion's subprocessor list page was replaced with a near-empty page, removing all subprocessor entries, definitions, notification procedures, and the full tables listing infrastructure, platform, customer support, and business operations subprocessors.

Document updated.

Subprocessor list 1 day ago

Document updated.

Security / trust page 2 days ago

Document updated.

Subprocessor list 2 days ago

Document updated.

Subprocessor list 3 days ago

Document updated.

Subprocessor list 4 days ago

Document updated.

Subprocessor list 5 days ago

Document updated.

Public summary; per-account review history visible to subscribers tracking this vendor.

Track Notion in your workspace.

Get notified when Notion adds a subprocessor, changes retention, updates their DPA, or quietly amends their privacy posture.

Start tracking — 14-day trial

No card required.