We know you've entrusted us with valuable data, and we take its security very seriously. Below, we've provided a deep dive into our security practices, protocols and tooling. But we're always available to answer questions on this topic. Just send us a note at email@example.com. 🔐
The following list was last updated
- We use SSL everywhere, within the data center and out.
- Your data is encrypted at rest and in transit.
- We run 100% on the cloud using AWS within a virtual private network that cannot be accessed via the public internet, except via our public-facing proxy servers.
- We have Amazon CloudTrail turned on at all times.
- We perform quarterly independent security audits using established security firms.
- We'll notify you within 72 hours of learning about a data breach.
- All employees receive regular security training.
- We're in the process of obtaining our SOC2 certificate.
We work with the following companies and tool systems to store, analyze, and transmit data for our users. They've been carefully vetted for best-in-class security practices.
- SSL (Secure Sockets Layer) is the industry standard for customer protection on the web. It instantly encrypts plain text (your data, including passwords and credit card numbers) that only you can decrypt. Here's a video explainer in case it's helpful.
- Amazon VPC (Virtual Private Cloud) allows Notion to implement granular network control and security measures.
- Amazon CloudTrail helps Notion with the governance, compliance, operational auditing, and risk auditing of our AWS account.
- The folks we work with at NCC Group are the global experts in cyber security and risk mitigation. They help us with services such as penetration testing, overall software security, security training, and vulnerability protection.
- SOC 2 is a security report based on AICPA's Trust Services Criteria.
Will other people be able to see my private notes and data?Your data is safe in Notion! Only you will have access to your private notes.If someone tries to navigate to your workspace without having access, they'll see an error message like this:Worth noting:
- If you enable
Public Accessin the
Sharemenu at the top right of a page, it will publish that page to the web so that anyone with the link can access it. This is always turned off by default.
- If you're sharing a workspace with others, any notes in the
Workspacesection of your sidebar will be visible to everyone in the workspace. You can store your private notes in the
Privatesection of the sidebar for shared workspaces — no one else will be able to access these pages, even admins. If your sidebar doesn't have those sections, you're the only person in your workspace, and all your notes are private!
- If you enable
Can I opt out of Notion's tracking/analytics?Yes you can! This will also disable Intercom, who powers our in-app support chat, but you can still reach out to us for help at firstname.lastname@example.org.Just send a message to our support team at that address and we'll opt you out.
Why can I still access my uploaded files via the AWS URL without being logged in?Your files are secure! You're looking at a signed URL that will expire after 24 hours.Any files uploaded to Notion will remain secure private files. You'll notice they point to a URL that has
Something we didn't cover? Message us in the app by clicking
?at the bottom right on desktop (or in your sidebar on mobile). Or email us at email@example.com ✌️