Is Notion safe with your data?
Notion
Notion Labs
Strong disclosure · high confidence
Notion earns an A (73/100) because it discloses its data practices clearly.
#6
of 211 apps ranked
73
score · Productivity avg 53
+20
vs category average
Notion's privacy policy discloses explicit no-training pledges for customer data with contractual safeguards, clear user rights including deletion and access, concrete AI-log retention periods (30 days/zero), and comprehensive security certifications, though international transfer mechanisms and some data-sharing opt-outs lack specificity.
What Notion's privacy policy and terms of service say about your data
AI Training Prohibition
By default, Notion and its AI Subprocessors do not use Customer Data to train any models. We specifically have contractual agreements in place with our AI Subprocessors that prohibit the use of Customer Data to train their models.
User Data Ownership
Notion does not claim ownership of your input or the generated output. When you use Notion AI, Input and Output are your Customer Data... you retain any and all of your rights to your User Content.
AI Log Retention Specifics
By default for all non-Enterprise plan workspaces, LLM providers only retain Customer Data for 30 days or fewer before deletion. For Enterprise plan workspaces, zero data retention.
Security Certifications
SOC 2 Type 2... ISO 27001, ISO 27701, ISO 27017, ISO 27018... encryption in-transit using TLS 1.2 or greater
What the policy is silent or vague on
- Not stated: whether training use differs by plan
- Not stated: automated decisions and a human-review path
- Only partial: keeping user inputs out of model training
- Only partial: data portability
Notion privacy rating
Details
- Category
- Productivity
- Modalities
- text
- Processes biometrics
- No
- Policy last updated
- 2025-09-29
- Region scored
- Global / US-default
- Last assessed
- 2026-07-08
Documents examined
Other productivity apps
Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.