Privacy Policy

1.1 Account Information

When you create an account, we collect your email address, display name, and profile picture (if provided via your authentication provider).

1.2 Notion Workspace Data

When you connect your Notion workspace via OAuth, we access and temporarily cache:

• Database structures and schema (property names and types)
• Page titles and selected properties (status, tags, assignees)
• Relation property values (links between pages)
• Notion workspace ID and bot/integration identifiers

We do not access or store the full body content of your Notion pages. We only read the metadata necessary to build the graph visualization (titles, statuses, and relation links).

1.3 OAuth Tokens

We store your Notion OAuth access token to maintain the connection to your workspace. Tokens are encrypted at rest and are never exposed to the client side.

1.4 Usage Data

We may collect anonymized usage analytics, including pages visited, features used, graph sizes, and refresh frequency. This data helps us improve the Service and is never linked to your Notion content.

1.5 Cookies and Local Storage

We use essential cookies for authentication sessions and theme preferences. We do not use third-party advertising cookies. You may disable cookies in your browser settings, though this may affect functionality.

We use the information we collect to:

• Provide the Service — Build and render interactive graph views of your Notion databases
• Maintain your connection — Authenticate with Notion's API and refresh your graph data on schedule
• Enable sharing — Generate public or private share links and embeddable views as configured by you
• Improve the product — Analyze aggregated usage patterns to prioritize features and optimize performance
• Communicate with you — Send account-related notifications, service updates, and respond to support requests
• Enforce our Terms — Detect and prevent abuse, fraud, or violations of our Terms and Conditions

3.1 Graph Snapshots

We cache graph snapshots (nodes and edges as JSON) to avoid repeatedly querying the Notion API. Snapshots are refreshed based on your plan:

• Free Plan: manual refresh with slower scheduled cadence
• Pro/Team Plans: faster automated refresh intervals

Cached snapshots contain only page IDs, titles, selected properties, and relationship edges — not full page content.

3.2 Data Retention

• Active accounts: Data is retained as long as your account is active
• Deleted accounts: All data (account info, OAuth tokens, cached snapshots) is permanently deleted within 30 days of account termination
• Disconnected workspaces: If you revoke the Notion integration, cached data for that workspace is deleted within 7 days

We do not sell, rent, or trade your personal information or Notion data. We may share limited information with:

• Infrastructure providers — Our hosting (Vercel), database (PostgreSQL via Supabase/Neon), and optional caching (Upstash Redis) providers process data on our behalf under strict data processing agreements
• Notion's API — We interact with Notion's public API using your authorized OAuth token. Notion's own privacy policy governs their handling of API requests
• Legal authorities — We may disclose information if required by law, subpoena, or government request

When you create a public share link or embed a graph view:

• The graph visualization (node titles, statuses, and relationship structure) becomes visible to anyone with access to the link or embedded page
• Viewers of public graphs do not gain access to your Notion workspace or any data beyond what is displayed in the graph
• You can revoke share links at any time, immediately removing public access
• Optional expiration dates can be set on share links for time-limited sharing

We implement industry-standard security measures including:

• Encryption of OAuth tokens at rest
• HTTPS for all data in transit
• Secure, httpOnly session cookies
• Regular dependency audits and security updates
• Access controls and principle of least privilege for internal systems

While we take security seriously, no system is 100% secure. If you discover a vulnerability, please contact us at security@notionvisualizer.com.

Depending on your jurisdiction, you may have the right to:

• Access — Request a copy of the personal data we hold about you
• Correction — Request correction of inaccurate data
• Deletion — Request deletion of your account and associated data
• Portability — Request your data in a machine-readable format
• Objection — Object to certain processing of your data
• Withdraw consent — Revoke the Notion OAuth connection at any time through your account settings or directly through Notion

To exercise any of these rights, contact us at privacy@notionvisualizer.com. We will respond within 30 days.

Your data may be processed and stored in servers located in Canada and the United States. By using the Service, you consent to the transfer of your data to these jurisdictions. We ensure appropriate safeguards are in place to protect your data regardless of where it is processed.

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice in the Service at least 14 days before taking effect. We encourage you to review this page periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at:

• Email: privacy@notionvisualizer.com
• General inquiries: hello@notionvisualizer.com