Is Notion encrypted?

According to Notion’s security page, they use TLS 1.2 to encrypt network traffic between users’ browsers and the Notion platform.

Also, they use AES-256 bit encryption for storing database credentials.

But they don’t use end-to-end encryption when storing the data.

Because according to Notion, E2E encryption would make search functionality even slower and would be impractical.

image1 8

The two main risk factors here are:

  • In case of a data breach, your data will be readable by the hacker or even possibly sold easily.
  • Notion employees have access to your data, although it’d require data access consent.

“People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems.” – Secrets and Lies: Digital Security in a Networked World (Bruce Schneier)

Possibilities of a data breach

Notion is SOC 2 Type 2 compliant and has received the report for the same.

What does that even mean?

image3 9

It is basically a periodic technical and security audit that Notion undergoes.

Although it minimizes the chances of a data breach, it doesn’t provide the same benefits of end-to-end encryption.

Even the companies far bigger than Notion suffered data breaches.

So, how would Notion handle data breaches?

image2 9

According to their privacy policy page, they said – “we do not accept liability for unauthorized disclosure”.

How does Notion compare to other apps?

Notion is not the only popular tool that’s not end-to-end encrypted.

  • Evernote by default won’t offer end-to-end encryption. You need to be using their macOS or Windows app and you need to manually select the text you need to encrypt.
  • Google Drive has 256-bit SSL/TLS encryption for files in transit and 128-bit AES for files at rest. People use services like BoxCryptor to implement E2E in Google Drive.
  • Apple Notes is not in itself E2E encrypted. But, you can make use of its Secure Notes feature that offers end-to-end encryption.
  • Craft app which is a disruptive app in the Apple ecosystem also doesn’t offer end-to-end encryption. But at least enables you to store notes locally.
  • Roam Research – They don’t have system-wide end-to-end encryption, but you can have specific text or blocks encrypted.

What now?

I would refrain from storing highly sensitive and confidential data like bank details, passwords, health records, journals, in Notion – so that even in the event of data breaches – my deepest darkest secrets will not be sold on the dark web.

My recommendations:

  • Use Obsidian for your second brain (or at least knowledge management and journaling) – You’ll be dealing with files stored locally that you can optionally encrypt.
  • Bear app for note-taking – with end to end encryption
  • Use the Day One app for journaling – comes with end-to-end encryption and it is a specialist app in journaling.
  • Use Bitwarden for passwords and confidential documents.

I’m a big advocate of using multiple apps instead of housing your entire second brain in one app.

A note for Notion

I understand implementing system-wide end-to-end encryption is a tricky job for a complex app like Notion.

But having features like the ability to have data stored on our own servers (look at what is doing), and also having features like 2FA should be prioritized.

Or else, I can’t think of using Notion as my complete second brain and it would defeat the benefits of having an all-in-one platform.