Notion's Privacy Policy describes what personal data the company collects from users, how it is used, with whom it is shared, and what rights users have regarding their data.
This analysis describes what Notion's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The Privacy Policy is the primary document through which Notion discloses its data collection and processing practices, and it is the basis on which users can exercise data rights including access, deletion, and opt-out under GDPR and CCPA.
Interpretive note: The full text of the Privacy Policy is not reproduced in this index document; all characterizations are inferred from the document's structure and standard industry practice. Specific data categories, sharing arrangements, and user rights mechanisms require review of the linked Privacy Policy.
All Notion users are subject to the Privacy Policy, which governs collection and processing of personal data including account information, usage data, and content data stored in workspaces. Users in the EU, UK, and California have specific rights under GDPR and CCPA respectively that are typically addressed in the Privacy Policy, and they can exercise those rights by contacting Notion through mechanisms described in that document.
How other platforms handle this
American reserves the right to change this Privacy Policy at any time by posting the updated Policy here along with the date on which the Policy was changed. If we make material changes to this Privacy Policy that affect the way we collect, use and/or share your personal information, we will notify ...
Changes to this Privacy Notice
We may update this Privacy Policy from time to time. When we do, we will publish an updated version and effective date at the top of this page, unless another type of notice is legally required. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance o...
Monitoring
Notion has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
(1) REGULATORY LANDSCAPE: The Privacy Policy engages GDPR and UK GDPR for EU and UK users, CCPA and CPRA for California residents, and general FTC Act requirements for US users. The relevant enforcement authorities include the FTC, EU data protection authorities, the UK Information Commissioner's Office, and the California Privacy Protection Agency. Specific provisions and data categories cannot be confirmed from this index page. (2) GOVERNANCE EXPOSURE: High. Privacy policies for SaaS platforms that process user-generated content, usage data, and potentially business-sensitive information are subject to significant regulatory scrutiny. The scope of data collection, third-party sharing arrangements, and AI feature data use are areas of heightened regulatory focus across multiple jurisdictions. (3) JURISDICTION FLAGS: EU and EEA users have GDPR rights including access, rectification, erasure, portability, and objection to processing. California residents have CCPA rights including the right to know, delete, and opt out of sale or sharing of personal information. UK users have analogous rights under UK GDPR. Organizations operating under sector-specific frameworks such as FERPA for education or HIPAA for healthcare should assess whether the Privacy Policy's data practices are compatible with those frameworks. (4) CONTRACT AND VENDOR IMPLICATIONS: Organizations deploying Notion for employee use should review the Privacy Policy to understand what employee data Notion collects and processes, and assess whether this is disclosed in their own employee privacy notices. Vendor risk assessments should include the Privacy Policy alongside any Data Processing Addendum. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should review the Privacy Policy to map data flows, identify third-party processors and sharing arrangements, confirm that consent mechanisms are appropriate for the types of data processed, and ensure that data subject rights request procedures are documented and operable. The Privacy Policy should be reviewed for any provisions relating to AI feature data use, which may implicate additional regulatory considerations.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The Privacy Policy is the primary document through which Notion discloses its data collection and processing practices, and it is the basis on which users can exercise data rights including access, deletion, and opt-out under GDPR and CCPA.
All Notion users are subject to the Privacy Policy, which governs collection and processing of personal data including account information, usage data, and content data stored in workspaces. Users in the EU, UK, and California have specific rights under GDPR and CCPA respectively that are typically addressed in the Privacy Policy, and they can exercise those rights by contacting Notion …
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Notion.