Backup Notion
Get started

Security through architecture

Backup Notion is designed so that a breach of our servers would find no backup data to take. This page lays out what we can access, what we hold, and how to cut us off. It is written for the person who has to review us.

Notion

read-only

We can read the teamspaces you share. We can't change a word.

Backup Notion

in transit only

Exports run in memory and stream to your storage. Nothing is kept at rest.

Your storage

at rest · yours

Drive, S3, OneDrive, or SFTP. Your keys, your region, your retention.

What we can access

Every connection uses the narrowest scope the provider offers. The exact scopes, so you can verify them on the consent screens:

Notion

Read-only integration

You choose which teamspaces and pages to share, per teamspace. The token we receive can read that content and nothing else. It cannot edit, move, or delete anything in your workspace.

Google Drive

drive.file

Google's most restricted Drive scope. We can only see and write files our own app creates, which in practice means the backup folder. The rest of your Drive is invisible to us.

OneDrive

Files.ReadWrite.AppFolder

Microsoft's app-folder scope. Our access is confined to a dedicated folder under Apps in your OneDrive. Your other files and SharePoint content are out of reach by design.

Amazon S3 / SFTP

Scoped by you

You issue the credentials, so you set the boundary. For S3 we recommend a dedicated IAM user with s3:PutObject on a single prefix; for SFTP, a dedicated user with write access to one directory.

What we hold, and what we don't

Backups stream from Notion to your storage and our working copy is deleted once your storage confirms the upload. What remains with us is operational metadata.

We hold

  • Your account email and login identity
  • Workspace names, schedules, and storage settings
  • Backup run history: timestamps, page counts, sizes, outcomes
  • Connection credentials, encrypted in a managed vault

We don't hold

  • Your Notion page content at rest
  • Backup archives after your storage confirms delivery
  • Anything else in your Drive, OneDrive, bucket, or server
  • Card numbers (payments are handled by Stripe)

OAuth tokens and storage credentials are encrypted in a managed vault, separate from application tables, and are read only at the moment a backup runs. They are never written to logs.

The vault you already own

Nothing to breach. Nothing to ransom.

Your backups live in your storage, under your keys. The architecture leaves nothing on our side worth attacking.

Read-only by scope

Our Notion access cannot edit, move, or delete anything. The token itself does not have the permission.

Least-privilege storage

On Google Drive and OneDrive we use the most restricted scopes the platforms offer. We see only the folder we create.

Deleted after delivery

The moment your storage confirms the upload, our working copy is deleted. Every run, every time.

If you cancel tomorrow, every backup stays exactly where it is: in your storage.

Revoking access

You can cut us off at any time, from either side of every connection.

In the dashboard

Disconnect any workspace or storage account from Backup Notion's settings. The stored credential is deleted with it.

From the provider

Revoke the integration in Notion's connection settings, your Google Account's third-party access, or your Microsoft account's app permissions. Revocation takes effect immediately.

By cancelling

Cancelling your subscription stops all runs. Backups already delivered remain in your storage; we have no way to take them back.

Run history

Every backup leaves a record you can check: when it ran, how many pages and files it covered, the archive size, and whether your storage confirmed delivery. Failed runs are recorded the same way, and Enterprise plans can route failure alerts to email or Slack.

Subprocessors

ProviderPurposeLocation
VercelApplication hostingUnited States
SupabaseDatabase, authentication, job queueUnited States
StripePayments and billingUnited States
ResendTransactional email (backup failure alerts)United States
PostHogProduct analytics, cookieless modeUnited States

Your chosen backup storage (Google Drive, Amazon S3, OneDrive, or your own server) receives the backup itself and is under your agreement with that provider, not ours.

Certifications, honestly

We don't hold SOC 2 or ISO 27001 today. We're a small team, and rather than lead with a badge we lead with an architecture you can verify: read-only access, least-privilege scopes, and no backup data at rest. If your review needs a completed security questionnaire, send it to hello@backupnotion.to and we'll turn it around.

Your workspace took years to build. Backing it up takes 2 minutes.

Back up your Notion workspace

14-day free trial. Cancel anytime. Your backups stay in your storage.