Security

General practices

• We stay on top of software security updates
• Access to servers and third-party tools are secured with two-factor authentication
• Passwords are hashed with a strong hashing algorithm
• Servers are accessed via SSH with a password-protected key only
• Multiple firewalls blocking unauthorized access
• Database and server backups are encrypted
• All connections going in and out of Notion Backups are encrypted
• Payment information is transmitted and processed securely in a PCI-compliant manner

Backups

Your Notion data is stored on our servers only during the backup process. Once the backup is complete and uploaded to a cloud storage provider of your choice, your data is permanently deleted from our servers.

Cloud storage accounts

You must connect to one of the available cloud storage providers to retain your backups. Currently, you can store your backups in Google Drive, Dropbox, Amazon S3, and Backblaze B2.

Google Drive integration can only access the files and folders it has created, while Dropbox integration only has access to a specific folder and nothing else. With Amazon S3, you can restrict your IAM user's access to specific buckets only.

Disconnecting your Google Drive or Dropbox account will revoke Notion Backups' access tokens, preventing future access to your accounts. Deleting your Notion Backups account will automatically revoke access to your Google Drive and Dropbox accounts.

Access keys for Amazon S3 and Backblaze B2 are both encrypted at rest with a separate layer of encryption.

Disclosures

To report a security vulnerability, please reach out to security@notionbackups.com.