Short version: Your testimonials stay in your Notion. We store only what we need to render your widgets and bill you. We do not sell your data. You can revoke access in Notion at any time.
What we collect
- Account info: Your name, email, and profile picture as provided by Notion when you sign in.
- An encrypted Notion access token. We use it server-side to read the databases you choose. It is encrypted at rest using AES-256-GCM and never sent to a browser.
- Widget configuration: Which Notion database you connected, which columns map to which fields, your chosen layout and theme, and a unique embed ID.
- Embed view counts: An aggregate count per widget. We do not log individual visitor data.
- Subscription status: Your plan and billing state, synchronized from DodoPayments.
What we do NOT collect
- The actual testimonial content from your Notion database.
- Files or photos in your database.
- Any pages in your Notion workspace other than the database(s) you select.
- IP addresses, browser fingerprints, or analytics data about visitors to your site.
- Cookies set on the embed widget. The widget renders inside a shadow DOM and stores nothing locally.
How testimonials reach your site
When a visitor loads a page containing one of your embeds, our server fetches the latest testimonials from your Notion using your stored access token, caches the result for up to 5 minutes (with up to 60 minutes of stale-while-revalidate), and returns the rendered widget. We never store the testimonial bodies, names, photos, or any other property values in our database — only in the cache, which evicts automatically.
Who we share data with
We use the following sub-processors to operate NotionProof. They each process the minimum data needed to do their job:
- Vercel: hosts our application.
- Railway: hosts our Postgres database.
- Upstash: short-term cache for widget data (5–60 min TTL).
- Notion: the source of truth for your testimonials. We use Notion's official OAuth and API.
- DodoPayments: payment processor for subscriptions.
- Resend: transactional email (welcome, billing notices).
We never sell your data, and we do not share it for advertising.
Your rights
- Revoke access at any time: In Notion, open Settings → Connections → NotionProof → Disconnect. Your widgets will stop updating immediately and our cache for them clears within an hour.
- Delete your account: Email us and we'll wipe everything within 7 days. The encrypted token is deleted first.
- Export your data: Your testimonials are already in your Notion — you have everything. We can also export your widget configurations on request.
Data retention
Account and widget configs are kept while your account is active. Cache entries expire automatically (5–60 min). View counts are kept for 12 months and then anonymized.
Children
NotionProof is not directed at people under 13. If you believe a child has signed up, contact us and we will delete the account.
Changes to this policy
If we make a material change, we will update the "Last updated" date above and notify active users by email at least 14 days before the change takes effect.
Contact
Questions? Email hi@notionproof.com.