Enterprise-grade compliance meets a high-risk AI interface susceptible to indirect prompt injection.
Notion prohibits AI subprocessors (OpenAI, Anthropic) from training on customer data across all plans (https://www.notion.com/help/security-and-privacy).
A major vulnerability research report by PromptArmor (Jan 2026) demonstrated data exfiltration via indirect prompt injection that triggers before user approval (https://www.promptarmor.com/resources/notion-ai-unpatched-data-exfiltration).
Zero data retention for LLM providers is an Enterprise-only feature; other tiers default to a 30-day safety log (https://www.notion.com/en-gb/pricing).
HIPAA compliance and Business Associate Agreements (BAA) are strictly restricted to the Enterprise plan (https://www.notion.com/en-gb/help/hipaa).