What are the institutional and regulatory implications of this document?

REGULATORY EXPOSURE: This policy engages GDPR Arts. 5, 6, 13, 17, 20 (EU/EEA, enforced by member state DPAs and the Irish DPC as likely lead supervisory authority given Notion's EU operations), UK GDPR (enforced by the ICO), CCPA/CPRA §§1798.100-1798.199 (enforced by California Privacy Protection Agency and California AG), Brazil LGPD (enforced by ANPD), Canada PIPEDA, Japan APPI, and FTC Act Section 5 for unfair or deceptive practices. The embedded advertising tracker infrastructure (Facebook …

How does Notion's Notion Privacy Policy affect users?

Notion collects a broad range of personal data including workspace content, usage patterns, device identifiers, and location inferences, and shares this data with advertising partners such as Facebook, Google, Twitter, and LinkedIn — a practice that may surprise users who treat Notion as a private productivity tool. Enterprise workspace members should be aware that their workspace administrator (employer or organization) may have independent access to their data and may control deletion and exp…

How often is Notion's Notion Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Notion updates this document?

Yes. Watcher subscribers ($9.99/month) can add Notion to their watchlist and receive same-day email alerts whenever this document or any other Notion document changes.

Notion Privacy Policy — Notion

8 Total

3 High severity

5 Medium severity

0 Low severity

Summary

This is Notion's privacy policy, which explains how the company that makes the Notion workspace app collects and uses your personal data, including your name, email, usage activity, device information, and the content you create in your workspace. The most important thing to know is that Notion shares data with third-party advertising platforms including Facebook, Google, Twitter, and LinkedIn, meaning your usage of a productivity tool may feed advertising profiles. You can request deletion of your personal data or opt out of the sale or sharing of your personal data by emailing privacy@notion.so.

Technical Summary

This document is Notion's global privacy policy governing the collection, use, storage, and disclosure of personal data by Notion Labs, Inc., operating under a consent and legitimate interest legal basis framework that references GDPR, CCPA, and analogous international regimes. The policy obligates Notion to provide data subject rights (access, deletion, correction, portability, opt-out of sale/sharing) and obligates users to provide accurate information, while Notion retains broad discretion to collect usage data, device identifiers, log files, cookies, and inferred data for product improvement and marketing purposes. A notable provision permits Notion to share personal data with 'business partners' and advertising platforms including Facebook, Google, Twitter/X, and LinkedIn — evidenced by the active tracker scripts embedded in the page — creating potential data flows that may exceed user expectations for a productivity workspace tool. The policy engages GDPR (EU/EEA users), UK GDPR, CCPA/CPRA (California residents), LGPD (Brazil), PIPEDA (Canada), and APPI (Japan), with Notion acting as both data controller for end users and data processor for enterprise workspace administrators. Material compliance considerations include the adequacy of consent mechanisms for cross-border data transfers, the sufficiency of DPA agreements with enterprise customers, and whether the advertising tracker infrastructure is disclosed with adequate specificity to satisfy GDPR Art. 13 transparency obligations.

Evidence Provenance

Captured April 18, 2026 07:53 UTC

Document ID CA-D-000194

Version ID CA-V-000605

Source URL https://www.notion.so/Privacy-Policy-3468d120cf614d4c9014c09f6adc9091

Wayback Machine View archived versions →

SHA-256 4fbb77389cefaaac685dd5362a43d2dca7666778bd4bc4725f6391ce3193ebd7

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Institutional Analysis

🔒 Institutional analysis locked

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Upgrade to Professional — $149/mo

Change Timeline

April 18, 2026 — Initial capture

Initial snapshot — monitoring begins

4fbb7738…

View full version history (0 captures) →

High Severity — 3 provisions

Third-Party Advertising Data Sharing

Notion shares your personal data with advertising companies including Facebook, Google, Twitter, and LinkedIn, which means your use of the app can feed into advertising profiles about you across the internet.

Added April 18, 2026
Cross-Border Data Transfers

When you use Notion from outside the US, your personal data is transferred to and stored in the United States, where data protection laws are weaker than in the EU or UK.

Added April 18, 2026
Cookie and Tracking Technology Use

Notion and its advertising partners use cookies and tracking pixels on its website to monitor your behavior, including the advertising tracker scripts from Facebook, Google, LinkedIn, and Twitter that are embedded on the site.

Added April 18, 2026

Medium Severity — 5 provisions

Enterprise Administrator Access Rights

If you use Notion through your employer or school, your workspace administrator (e.g., your employer) may be able to see, access, and share your Notion content.

Added April 18, 2026
CCPA/CPRA Right to Opt Out of Sale and Sharing

If you live in California, you have the legal right to tell Notion to stop selling or sharing your personal data with third parties, and you can exercise this right by emailing privacy@notion.so.

Added April 18, 2026
GDPR Data Subject Rights

If you are in the EU, UK, or Switzerland, you have legal rights to see what data Notion holds about you, correct it, delete it, or move it to another service.

Added April 18, 2026
Data Retention Policy

Notion keeps your personal data for as long as it decides is necessary, which could be indefinitely unless you request deletion.

Added April 18, 2026
Data Deletion Right

You can ask Notion to delete your personal data, but Notion can keep it if it says it needs the data for legal compliance, dispute resolution, or contract enforcement.

Added April 18, 2026