Last updated: Dec 17, 2019
Data security is a top priority for Notion, and Notion believes that working with skilled security researchers can identify weaknesses in any technology.
If you believe you've found a security vulnerability in Notion's service, please notify us; we will work with you to resolve the issue promptly.
Disclosure Policy
- Let us know as soon as possible when you've discovered a potential vulnerability by emailing us at
security@makenotion.com. We vow to acknowledge your email within 24 hours.
- Provide us a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one week of disclosure.
- Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Notion service. Please only interact with domains you own or for which you have explicit permission from the account holder.
Targets
- www.notion.so
- Notion Web Clipper
- Notion for Mac & Windows
- Notion for iOS and Android
Notion does not accept vulnerabilities in third-party services, unless specific mitigations from Notion are required to remediate the issue.
Exclusions
While researching, we'd like you to refrain from:
- Denial of service
- Spamming
- Social engineering or phishing of Notion employees or contractors
- Any attacks against Notion's physical property or data centers
- Any attacks against Notion's users