Notion Backups
Log in Sign up

Security

Our security practices are guided by the NIST Cybersecurity Framework.

General practices

  • We stay on top of software security updates
  • Access to third-party services are secured with two-factor authentication
  • Passwords are hashed with a strong hashing algorithm
  • Servers are accessed via SSH using only a password-protected key
  • Firewalls blocking unauthorized access
  • Backups are encrypted at rest and in transit
  • All connections going in and out of Notion Backups are encrypted with SSL/TLS
  • Two-factor authentication capability for user accounts
  • Payment information is transmitted and processed securely in a PCI-compliant manner

Data center security

Our server is located at Hetzner's Falkenstein data center. Hetzner Online GmbH is ISO 27001 certified, ensuring high standards in information security management. This data center employs strict physical access controls and 24/7 surveillance.

Notion workspace data

Your Notion data is stored on our servers only during the backup process. Once the backup is complete and uploaded to a cloud storage provider of your choice, your data is permanently deleted from our servers.

Cloud storage accounts

You must connect to one of the available cloud storage providers to retain your backups. Currently, you can store your backups in Google Drive, Microsoft OneDrive, Dropbox, Amazon S3, Backblaze B2, and SFTP server.

Google Drive integration can only access the files and folders it has created, whereas Dropbox and OneDrive integrations have access only to a specific folder and nothing else. With Amazon S3, you can restrict your IAM user's access to specific buckets only.

Disconnecting your Google Drive or Dropbox account will revoke Notion Backups' access tokens, preventing future access to your accounts. Deleting your Notion Backups account will automatically revoke access to your Google Drive and Dropbox accounts.

Access keys for Amazon S3 and Backblaze B2 are both encrypted at rest with a separate layer of encryption.

Disclosures

To report a security vulnerability, please reach out to [email protected].