Subprocessors
The third-party services we use to deliver Notion Scan, what each does, and where data is processed.
Last updated May 29, 2026·Download PDF
What is a subprocessor
A subprocessor is a third-party service we use to help deliver Notion Scan. Subprocessors process customer data on our behalf, under our instructions, and subject to contractual confidentiality, security, and data protection obligations.
Current subprocessors
| Provider | Purpose | Data processed | Location | Compliance |
|---|---|---|---|---|
| Vercel, Inc. | Application hosting, edge delivery, request routing | Application traffic, HTTP request metadata, and customer data returned through authenticated application responses | Global edge network; serverless functions use the Vercel project region configuration | SOC 2 Type II, ISO 27001 |
| Railway Corporation | Background scan-worker hosting (compute for the scan pipeline) | Workspace metadata processed transiently during a scan; the Notion integration token is decrypted in memory only for the duration of a scan. No persistent storage. | United States (US West, California) | SOC 2 Type II, SOC 3 |
| Supabase, Inc. | PostgreSQL database, authentication, file storage | Workspace metadata, encrypted integration tokens, account and onboarding data, scan snapshots, derived analysis, and diagnostic scan logs | United States (via AWS) | SOC 2 Type II |
| Amazon Web Services | Underlying compute, storage, network (via Supabase) | Encrypted database and storage contents at rest | United States | SOC 2 Type II, ISO 27001, ISO 27017, ISO 27018 |
| Anthropic, PBC | Conditional LLM-assisted redundancy review | Database titles, property names and types, and entry counts needed for redundancy review. No non-title entry values, no page body content, no comments, and no Notion user table records. | United States | SOC 2 Type II |
| Slack Technologies | Internal team notifications for onboarding submissions, abuse review, and scan operations | Contact and onboarding form details, workspace identifiers, abuse-review metadata for duplicate or conflicting submissions, aggregate scan status metrics, and diagnostic error details. No workspace content, no per-page metadata, no non-title entry values, no database schemas, and no integration tokens. | United States | SOC 2 Type II, ISO 27001 |
How data flows
- Notion API is the source of workspace metadata. Notion is not a subprocessor; it is your data source. We act on your behalf via your authorized integration.
- Vercel serves the application, routes API traffic, and provides edge delivery. Vercel may process authenticated request/response traffic and HTTP metadata through its infrastructure and global network.
- Railway hosts the background scan worker, a persistent process that runs the scan pipeline. It decrypts the Notion token in memory only for the duration of a scan, reads workspace metadata via the Notion API, and writes results to Supabase. Railway does not store customer data itself.
- Supabase stores customer data in Postgres and private storage. This includes scan snapshots, derived analysis, encrypted integration tokens, account and onboarding records, and diagnostic scan logs. The database and storage live on AWS infrastructure that Supabase manages.
- Anthropic receives database titles and schema metadata (property names and types, entry counts) only when conditional LLM-assisted redundancy review runs, which happens for ambiguous database groups that deterministic signals do not resolve on their own. Current production type classification is deterministic. No customer data is sent for ML training.
- Slack receives internal team notifications for onboarding submissions, duplicate or conflicting submission review, and scan operations. These notifications may include contact and onboarding form details, workspace identifiers, abuse-review metadata, aggregate scan status metrics, and diagnostic error details. Slack does not receive workspace content, per-page metadata, non-title entry values, database schemas, or integration tokens.
Updates to this list
We update this list when subprocessors are added, removed, or change in scope. The Last updated date at the top of this page reflects the most recent change. For material changes that affect customer data handling, we notify customers via email at least 15 days before the change takes effect.
Questions
For subprocessor or vendor management questions: security@notionscan.com.