At Notion, we're committed to the success of our customers and the protection of their data through complying with the General Data Protection Regulation (GDPR) and other privacy-related regulations.

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that regulates the use of EU residents’ personal data, providing individuals rights to exercise control over their data and requiring organizations that process personal data to meet certain obligations.

Data Processing Addendum

The terms of the data processing addendum ("Notion DPA") available below are hereby incorporated by reference and shall apply to the extent Notion processes any Personal Data (as defined in the Notion DPA) that is subject to the GDPR on Customer’s behalf.

Data Processing Addendum

Data Portability & Management Tools

Data transfers

In light of the recent Schrems II ruling, we rely on standard contractual clauses (SCCs) to ensure appropriate safeguards for personal data transfers from the EU to countries outside of the EU. For more information about our technical security measures, please see our Security and Privacy Page.


We work with certain companies and tool systems to provide our services to you. They've been carefully vetted for best-in-class security practices. For more information, see our List of Subprocessors.

This page is for informational purposes only.  Notion may update or change this page at any time.

Last updated: August 4, 2022