Notion
Certifications & attestations
| Certification | Status | Source | Last verified |
|---|---|---|---|
| SOC 2 Type II Report available on request via Notion's Trust portal (email Notion's security team). | Verified | vendor source ↗ | June 10, 2026 |
| ISO 27001 Also certified for ISO 27701, 27017, and 27018. | Verified | vendor source ↗ | June 10, 2026 |
| HIPAA Requires Enterprise plan security features and a signed BAA. | Verified | vendor source ↗ | June 10, 2026 |
| BSI C5 | Verified | vendor source ↗ | June 10, 2026 |
→ Direct answer: Does Notion have SOC 2?
Subprocessors
Subprocessor extraction for Notion is pending.
Hosting & data residency
- InfrastructureAmazon Web Services, Cloudflare
- Data residencynot yet recorded
Trust documents & links
- Trust centernone found
- Security pagehttps://www.notion.com/security
- DPAnot yet recorded
- Status pagehttps://status.notion.so
Security incidents & disclosures
No incidents on record in the public sources we track, as of June 10, 2026. Absence of a record is not a guarantee — see methodology.
Change history
2026-06-10
Vendor added to StackPosture — initial snapshot from published trust documentation. Verification pass pending.
2026-06-10
Verification pass: SOC 2 Type II, ISO 27001 (plus 27701/27017/27018), HIPAA configurability, and BSI C5 confirmed against Notion's published security page. Cloudflare added as infrastructure partner alongside AWS.