Notion AI

Name: Notion AI (A-) — Security & Privacy Review
Item: Notion AI
Rating: 4.1
Author: Limpid

AI Assistant

A-

Overall score: 4.1Reviewed April 15, 2026

Enterprise-grade compliance meets a high-risk AI interface susceptible to indirect prompt injection.

Claim Accuracy5/5

Data & Privacy4/5

Security Posture3/5

Transparency5/5

›Notion prohibits AI subprocessors (OpenAI, Anthropic) from training on customer data across all plans (https://www.notion.com/help/security-and-privacy).
›A major vulnerability research report by PromptArmor (Jan 2026) demonstrated data exfiltration via indirect prompt injection that triggers before user approval (https://www.promptarmor.com/resources/notion-ai-unpatched-data-exfiltration).
›Zero data retention for LLM providers is an Enterprise-only feature; other tiers default to a 30-day safety log (https://www.notion.com/en-gb/pricing).
›HIPAA compliance and Business Associate Agreements (BAA) are strictly restricted to the Enterprise plan (https://www.notion.com/en-gb/help/hipaa).