// Trust & Security Report
Notion Labs, Inc.
Notion Calendar - a standalone calendar application for desktop (macOS, Windows) and mobile (iOS, Android) that integrates with Notion workspaces and external calendar services (Google Calendar, Outlook, Apple Calendar, Zoom).
Certifications held
8
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on notion.com“The SOC 2 Type 2 is an audit report performed by an independent third-party certified by the American Institute of Certified Public Accountants (AICPA)”
Verify on notion.com“Notion holds certifications for ISO 27001, ISO 27017, ISO 27018, and ISO 27701, which outline requirements for establishing, implementing, and continuously improving Notion's Information Security Management System (ISMS) and Privacy Information Management System (PIMS).”
Verify on notion.com“Notion holds certifications for ISO 27001, ISO 27017, ISO 27018, and ISO 27701”
Verify on notion.com“Notion holds certifications for ISO 27001, ISO 27017, ISO 27018, and ISO 27701”
Verify on notion.com“Notion holds certifications for ISO 27001, ISO 27017, ISO 27018, and ISO 27701”
Verify on notion.com“Notion has a Data Processing Addendum (DPA) that applies to the extent Notion processes Personal Data subject to the GDPR on a customer's behalf. Notion's Data Processing Addendum incorporates both the EU and UK Standard Contractual Clauses (SCCs).”
Verify on notion.com“To enable HIPAA compliance for Notion Calendar, you must enable HIPAA compliance with Google Workspace. Notion Calendar can support HIPAA compliance, but with specific requirements and Enterprise Plan subscription with Business Associate Agreement.”
> Show 2 unconfirmed / not-held certifications
source: notion.comNo public evidence of FedRAMP certification found in Notion's official security documentation
source: notion.comNo public evidence of PCI DSS certification found in Notion's official security documentation
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Notion does not publicly specify default data residency regions, though they support GDPR-compliant data transfers with Standard Contractual Clauses for EU/UK data.
By default, Notion and its AI Subprocessors do not use Customer Data to train any models. AI Subprocessors are prohibited from using Customer Data to train models. Notion Calendar data is not used for model training purposes.
// Security controls
Third-party calendar integration
Calendar data stored and managed via third-party APIs (Google Calendar, Outlook, Apple). Notion stores userID and authorization tokens to facilitate API access. Third-party providers are Non-Notion Services subject to their own security policies.
notion.comGoogle API compliance
Notion Calendar's use of Google APIs adheres to the Google API Services User Data Policy, including Limited Use requirements
notion.comData access controls
Workspace-level access controls. Workspace admins control member permissions and data sharing.
notion.com// Products & data scope
data: Calendar events, meeting details, scheduling information, task deadlines, project timelines, participant data. Integrations with third-party calendar services (Google Calendar, Outlook, Apple Calendar) and conferencing tools (Google Meet, Zoom).
Available as standalone app (macOS, Windows, iOS, Android). Free tier available. Enterprise plan required for HIPAA compliance. Fully integrated with Notion workspace to view database items (deadlines, timelines) alongside calendar events.
// What to watch
- Notion Calendar relies on third-party calendar integrations (Google Calendar, Outlook, Apple) for core functionality. Compliance and security depend partly on those providers' own security posture.
- HIPAA support requires Google Workspace HIPAA compliance. Customers must verify that their Google Workspace configuration meets HIPAA requirements separately.
- Calendar data integrations with third-party services are classified as 'Non-Notion Services' in the privacy policy. Notion is transparent about this boundary but customers should understand the shared responsibility model.
- No explicit mention of Notion Calendar in the SOC 2 Type 2 audit report scope, though Calendar is a first-party Notion product tightly integrated with core infrastructure and covered under Notion's privacy policy. Organizations requiring explicit Calendar inclusion in audit scope should contact Notion directly.
// At a glance
Pricing model
Freemium - free tier available; enterprise plans available for organizations needing HIPAA compliance and advanced security features
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Notion Labs, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trustcenter.notion.com