Notion · Notion Privacy Policy

Data Deletion Right

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

You can ask Notion to delete your personal data, but Notion can keep it if it says it needs the data for legal compliance, dispute resolution, or contract enforcement.

Consumer impact (what this means for users)

When you request data deletion, Notion may retain your personal data under broad exception categories, meaning your data may not be fully deleted even after a formal request.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Within 30 days
    Email privacy@notion.so requesting deletion of all personal data associated with your account. Reference any applicable legal rights (GDPR Art. 17, CCPA §1798.105) and request written confirmation that deletion has been completed and that any retained data has a specified legal basis.

Cross-platform context

See how other platforms handle Data Deletion Right and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

The broad exceptions to deletion — including 'resolve disputes' and 'enforce our agreements' — give Notion significant discretion to retain data even after a deletion request, which may frustrate users who expect complete erasure.

View original clause language
You may request that we delete the personal information we have collected from you. We will honor such requests, except as required to maintain the data to comply with our legal obligations, resolve disputes, or enforce our agreements.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision engages GDPR Art. 17 (right to erasure, including legitimate exceptions under Art. 17(3)), CCPA/CPRA §1798.105 (right to delete, with exceptions for legal obligations and security), and UK GDPR Art. 17. The exceptions listed ('legal obligations, resolve disputes, enforce agreements') map broadly but imprecisely onto the GDPR Art. 17(3) exceptions.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC can take action under Section 5 if Notion's deletion exceptions are applied in a manner that is deceptive relative to its stated privacy commitments.
    File a complaint →

Provision details

Document information
Document
Notion Privacy Policy
Entity
Notion
Document last updated
April 29, 2026
Tracking information
First tracked
April 18, 2026
Last verified
April 18, 2026
Record ID
CA-P-002964
Document ID
CA-D-00194
Evidence Provenance
Source URL
https://www.notion.so/Privacy-Policy-3468d120cf614d4c9014c09f6adc9091
Wayback Machine
View archived versions →
SHA-256
19124e500c0301004915f6489b9f4ed5fc2ea18b26806827ad7af6913f2dd772
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Notion | Document: Notion Privacy Policy | Record: CA-P-002964
Captured: 2026-04-18 11:11:47 UTC | SHA-256: 19124e500c030100…
URL: https://conductatlas.com/platform/notion/notion-privacy-policy/data-deletion-right/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document