// Trust & Security Report

    Notion Labs, Inc. logo

    Notion Labs, Inc.

    Notion Calendar - a standalone calendar application for desktop (macOS, Windows) and mobile (iOS, Android) that integrates with Notion workspaces and external calendar services (Google Calendar, Outlook, Apple Calendar, Zoom).

    Certifications held

    8

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    The SOC 2 Type 2 is an audit report performed by an independent third-party certified by the American Institute of Certified Public Accountants (AICPA)

    Verify on notion.com
    ISO 27001
    HELD

    Notion holds certifications for ISO 27001, ISO 27017, ISO 27018, and ISO 27701, which outline requirements for establishing, implementing, and continuously improving Notion's Information Security Management System (ISMS) and Privacy Information Management System (PIMS).

    Verify on notion.com
    ISO 27017
    HELD

    Notion holds certifications for ISO 27001, ISO 27017, ISO 27018, and ISO 27701

    Verify on notion.com
    ISO 27018
    HELD

    Notion holds certifications for ISO 27001, ISO 27017, ISO 27018, and ISO 27701

    Verify on notion.com
    ISO 27701
    HELD

    Notion holds certifications for ISO 27001, ISO 27017, ISO 27018, and ISO 27701

    Verify on notion.com
    BSI C5
    HELD

    Notion is certified under this German cloud security standard

    Verify on notion.com
    GDPR
    HELD

    Notion has a Data Processing Addendum (DPA) that applies to the extent Notion processes Personal Data subject to the GDPR on a customer's behalf. Notion's Data Processing Addendum incorporates both the EU and UK Standard Contractual Clauses (SCCs).

    Verify on notion.com
    HIPAA
    HELD

    To enable HIPAA compliance for Notion Calendar, you must enable HIPAA compliance with Google Workspace. Notion Calendar can support HIPAA compliance, but with specific requirements and Enterprise Plan subscription with Business Associate Agreement.

    Verify on notion.com
    > Show 2 unconfirmed / not-held certifications
    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP certification found in Notion's official security documentation

    source: notion.com
    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification found in Notion's official security documentation

    source: notion.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Notion does not publicly specify default data residency regions, though they support GDPR-compliant data transfers with Standard Contractual Clauses for EU/UK data.

    By default, Notion and its AI Subprocessors do not use Customer Data to train any models. AI Subprocessors are prohibited from using Customer Data to train models. Notion Calendar data is not used for model training purposes.

    // Security controls

    Encryption in transit

    Yes - industry standard TLS/SSL encryption for all data in transit

    notion.com

    Encryption at rest

    Yes - customer data encrypted at rest

    notion.com

    Third-party calendar integration

    Calendar data stored and managed via third-party APIs (Google Calendar, Outlook, Apple). Notion stores userID and authorization tokens to facilitate API access. Third-party providers are Non-Notion Services subject to their own security policies.

    notion.com

    Google API compliance

    Notion Calendar's use of Google APIs adheres to the Google API Services User Data Policy, including Limited Use requirements

    notion.com

    Data access controls

    Workspace-level access controls. Workspace admins control member permissions and data sharing.

    notion.com

    // Products & data scope

    Notion CalendarProductivity / Calendar Management

    data: Calendar events, meeting details, scheduling information, task deadlines, project timelines, participant data. Integrations with third-party calendar services (Google Calendar, Outlook, Apple Calendar) and conferencing tools (Google Meet, Zoom).

    Available as standalone app (macOS, Windows, iOS, Android). Free tier available. Enterprise plan required for HIPAA compliance. Fully integrated with Notion workspace to view database items (deadlines, timelines) alongside calendar events.

    // What to watch

    • Notion Calendar relies on third-party calendar integrations (Google Calendar, Outlook, Apple) for core functionality. Compliance and security depend partly on those providers' own security posture.
    • HIPAA support requires Google Workspace HIPAA compliance. Customers must verify that their Google Workspace configuration meets HIPAA requirements separately.
    • Calendar data integrations with third-party services are classified as 'Non-Notion Services' in the privacy policy. Notion is transparent about this boundary but customers should understand the shared responsibility model.
    • No explicit mention of Notion Calendar in the SOC 2 Type 2 audit report scope, though Calendar is a first-party Notion product tightly integrated with core infrastructure and covered under Notion's privacy policy. Organizations requiring explicit Calendar inclusion in audit scope should contact Notion directly.

    // At a glance

    Pricing model

    Freemium - free tier available; enterprise plans available for organizations needing HIPAA compliance and advanced security features

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Notion Labs, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trustcenter.notion.com

    > Browse all vendor trust reports