Notion · Notion Privacy Policy

Cross-Border Data Transfers

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

When you use Notion from outside the US, your personal data is transferred to and stored in the United States, where data protection laws are weaker than in the EU or UK.

Consumer impact (what this means for users)

EU and UK users' personal data is transferred to US servers, and the policy's reliance on broad 'consent by using the service' for this transfer may not provide legally adequate protection under current GDPR standards.

Cross-platform context

See how other platforms handle Cross-Border Data Transfers and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Relying on user consent as the legal basis for international data transfers is not a valid mechanism under GDPR for routine processing — the EU requires companies to use Standard Contractual Clauses or adequacy decisions for these transfers.

View original clause language
If you are visiting from the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that you are transferring your personal information to the United States and other countries which may not have the same data protection laws as your country. By using the Services, you consent to the transfer of your information to the U.S. and other countries.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision engages GDPR Chapter V (Arts. 44-49) governing international data transfers, specifically Art. 49(1)(a) (derogation by consent — valid only for occasional transfers, not systematic ones) and the EU-US Data Privacy Framework (adequacy decision, July 2023); UK IDTA (International Data Transfer Agreement); Swiss equivalents under revDSG. Enforcement authority: member state DPAs, Irish DPC as likely lead SA.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC enforces EU-US Data Privacy Framework commitments for self-certified US companies and can take action against companies that make false or misleading claims about their data transfer compliance.
    File a complaint →

Provision details

Document information
Document
Notion Privacy Policy
Entity
Notion
Document last updated
April 29, 2026
Tracking information
First tracked
April 18, 2026
Last verified
April 18, 2026
Record ID
CA-P-002962
Document ID
CA-D-00194
Evidence Provenance
Source URL
https://www.notion.so/Privacy-Policy-3468d120cf614d4c9014c09f6adc9091
Wayback Machine
View archived versions →
SHA-256
19124e500c0301004915f6489b9f4ed5fc2ea18b26806827ad7af6913f2dd772
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Notion | Document: Notion Privacy Policy | Record: CA-P-002962
Captured: 2026-04-18 11:11:47 UTC | SHA-256: 19124e500c030100…
URL: https://conductatlas.com/platform/notion/notion-privacy-policy/cross-border-data-transfers/
Accessed: May 2, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document