Notion · Notion Privacy Policy

GDPR Data Subject Rights

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

If you are in the EU, UK, or Switzerland, you have legal rights to see what data Notion holds about you, correct it, delete it, or move it to another service.

Consumer impact (what this means for users)

EU and UK users can contact Notion at privacy@notion.so to access, correct, or delete their personal data, and Notion is legally required to respond within one month under GDPR Art. 12.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Export Your Data
    Within 30 days
    If you are in the EU, UK, or Switzerland, email privacy@notion.so to request a copy of your personal data (right of access/portability under GDPR Art. 15/20). State your account email and specify which data you want. Notion must respond within one month.

Cross-platform context

See how other platforms handle GDPR Data Subject Rights and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

These are legally enforceable rights under GDPR — Notion must respond to valid requests within 30 days and cannot charge a fee for most requests, giving EU/UK users meaningful control over their personal data.

View original clause language
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have certain rights under applicable data protection law. These include the right to access personal information we hold about you, to rectify that information, to request erasure of your data, to restrict or object to our processing of your data, and to receive your data in a portable format.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision engages GDPR Arts. 15 (right of access), 16 (right to rectification), 17 (right to erasure), 18 (right to restriction), 20 (right to portability), 21 (right to object), and 77 (right to lodge complaint with supervisory authority); UK GDPR equivalent provisions; Swiss revDSG (in force September 2023). Primary enforcement authority: member state DPAs (likely Irish DPC as lead supervisory authority for Notion's EU operations), ICO for UK, FDPIC for Switzerland.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • State AG
    EU and UK users can lodge complaints with their national data protection authority (DPA) if Notion fails to honor GDPR data subject rights; the naag.org link is a US resource — EU users should contact their national DPA directly.
    File a complaint →

Provision details

Document information
Document
Notion Privacy Policy
Entity
Notion
Document last updated
April 29, 2026
Tracking information
First tracked
April 18, 2026
Last verified
April 18, 2026
Record ID
CA-P-002960
Document ID
CA-D-00194
Evidence Provenance
Source URL
https://www.notion.so/Privacy-Policy-3468d120cf614d4c9014c09f6adc9091
Wayback Machine
View archived versions →
SHA-256
19124e500c0301004915f6489b9f4ed5fc2ea18b26806827ad7af6913f2dd772
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Notion | Document: Notion Privacy Policy | Record: CA-P-002960
Captured: 2026-04-18 11:11:47 UTC | SHA-256: 19124e500c030100…
URL: https://conductatlas.com/platform/notion/notion-privacy-policy/gdpr-data-subject-rights/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document