Privacy Policy

Scope

This policy describes how Notion State (operator of Notion Scan) collects, uses, and protects information when you use the Notion Scan product. It applies to data we receive through our Notion integration, our website, and our customer support channels.

What we collect

Workspace metadata. Through your authorized Notion integration, we read structural metadata about pages, databases, and users: titles, IDs, page URLs, schema definitions, edit timestamps, creator/editor identifiers, parentage, and relations. We do not extract or store page body text, comments, or non-title database entry values.

User identifiers. For each workspace user, we capture three fields returned by the Notion users API: user ID, display name, and user type (person or bot). We do not capture Notion workspace user email addresses, profile photos, or workspace roles.

Account information. When an administrator creates an account on our platform, we store email, name, and authentication metadata via our auth provider.

Onboarding submissions. When you submit a workspace through our onboarding form, we receive your name, email, company name, workspace URL, workspace ID, integration token, and consent timestamp. The integration token is encrypted before it is stored. We also use the source IP address to derive a rate-limit key for abuse prevention. If a duplicate or conflicting submission is detected, the source IP address may be included in an internal alert for manual review.

Operational logs. Standard request logs (timestamps, route paths, response codes, and source IP addresses) are generated and held by our hosting and infrastructure providers (Vercel, Railway, and Supabase), and expire on each provider's own retention schedule; we do not keep a separate copy. These logs do not include workspace content. The only request-IP-derived records we store ourselves are onboarding rate-limit keys; raw source IP addresses may also appear in duplicate or conflict alerts as noted above.

How we use it

• To produce workspace analysis, scoring, and recommendations for the authorized client.
• To detect and respond to abuse, security incidents, and operational issues.
• To communicate with you about your account, our service, and material changes to this policy.

We do not sell personal information. We do not use customer workspace data to train machine learning models.

How we share it

We share data only with subprocessors who help us deliver the service. The current list, including purpose and data handled, is at Subprocessors. We do not share workspace data with advertisers, data brokers, or third parties outside this list.

Privacy rights

Depending on where you live and the nature of our relationship with you, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information.

To exercise a privacy right, email privacy@notionscan.com. We may need to verify your identity or coordinate with the customer organization that controls the workspace data. We respond within the timeframe required by applicable law.

International transfers

Customer data is stored in the United States via Supabase-managed infrastructure, and background scans run in the United States on Railway. The web application is hosted on Vercel, which provides serverless application hosting, edge delivery, and request routing through its infrastructure and global network. If you access Notion Scan from outside the US, or if an approved subprocessor processes data outside the US, those transfers are handled under appropriate safeguards, including Standard Contractual Clauses where required.

Children's privacy

Notion Scan is a business product. We do not knowingly collect information from children under 13.

Changes to this policy

We update this policy when our practices change. Material changes are surfaced via the Trust Center and, where appropriate, communicated directly to customers. The Last updated date at the top of this page reflects the most recent revision.

Contact

For privacy questions: privacy@notionscan.com.