Notion Calendar security practices

Notion Calendar follows Notion’s encryption practices and data is encrypted at rest using AES-256. Customer data is encrypted when on Notion’s internal networks, at rest in Cloud storage, database tables, and backups. Data sent in-transit is encrypted using TLS 1.2 or greater. For further information, please refer to this article →

Notion Calendar is verified by Google to utilize OAuth API verification and does not access any user data categorized as restricted. Learn more here →

Notion Calendar never stores nor sees your Google password. You sign in directly with Google and we carefully chose the scope of requested access to the minimum. For more information, see this article →

Notion Calendar and Notion are on the same infrastructure and hosted on Amazon Web Services (AWS), one of the major cloud service providers. Our instances are located in the United States.

Notion Calendar and Notion follow the same bug bounty process. Please refer to our Responsible Disclosure Policy for more information.

None of your data is edited or deleted without your action. If you use Notion Calendar to delete events or contacts, they will remain in your Google account's trash and can be restored.

If you want to delete your Notion Calendar user account, follow the instructions here →

Calendar also follows Notion’s data handling practices. Please refer to the Data Processing Addendum for more information.

Postmark is one of our email service providers. Notion Calendar uses the domain pstmrk.it to track link opens for aggregate analytics. You can learn more on Postmark’s website.

Users use OAuth with Google to log into Notion Calendar. Google Workspace admins can opt-out of or restrict access to Notion Calendar for all users associated with their company’s domain.

Notion Calendar follows Notion’s Data Processing Addendum.

You can find a list of our sub-processors here.

Notion Calendar will be in scope for Notion’s upcoming SOC 2 attestation in May 2024.