Skip to content
N

Notionalysis

Sign in
Privacy & Security

How Notionalysis stores, protects, and removes your data.

This guide summarizes token handling, anonymous event collection, retention controls, and the operational security posture of the product.

Full privacy policyContact security

Token state

Encrypted

OAuth credentials are stored at rest with server-side encryption.

IP storage

None

Country data is derived from infrastructure headers without retaining raw IPs.

Deletion path

Manual

Workspace and account deletion remain explicit user-controlled actions.

Token storage

Access and refresh tokens stay on the server and are protected at rest.

  • Your Notion OAuth access token is encrypted at rest in the database and never stored in plaintext.
  • If Notion provides a refresh token, it is encrypted and stored alongside the access token.
  • Tokens are decrypted only on the server when making authorized Notion API requests on your behalf.

Least-privilege access

The product is designed around explicit, workspace-scoped permissioning.

  • Notionalysis requests only the minimum Notion OAuth scopes required to list and identify the pages you choose to track.
  • Only pages you explicitly enable are tracked. Everything else remains untouched.
  • Notion workspace content is never copied or stored beyond what you authorize for the feature flow.

Data collected per event

Event payloads are small and oriented around anonymous analytics rather than identity.

For each page view or reaction event recorded by the embed widget, Notionalysis stores:

  • Page URL for the tracked Notion page.
  • Event type such as page_view or reaction.
  • Session identifier stored in session storage and reset on each new browser session.
  • User identifier hash stored anonymously in local storage and not linked to a real identity.
  • Country code derived from infrastructure-level request headers. IP addresses are not stored or logged by Notionalysis.
  • Timestamp, optional referrer URL, and browser user agent.

Data retention

Retention follows workspace lifecycle unless you explicitly delete earlier.

  • Analytics events are retained until you delete the workspace.
  • Daily rollup aggregates are stored alongside raw events and removed together.
  • There is no automatic expiry period. You control retention by managing your workspace.

Data deletion

Deletion remains explicit and destructive, with both workspace-level and account-level paths.

  • Delete a workspace from Settings / Advanced to permanently remove pages, events, and analytics data.
  • Delete your account from Profile / Delete profile to remove the account and all owned workspaces.

For manual deletion requests, contact support@notionalysis.com.

Security practices

The operational model is intentionally conservative for a lightweight analytics product.

  • All traffic is served over HTTPS.
  • Access tokens are encrypted at rest using server-managed keys.
  • IP addresses are not stored or logged by the application.
  • Session and user identifiers are anonymous and cannot directly identify a real person.
  • Country data is derived from hosting-layer headers before requests reach the application runtime.

On this page

Token storageLeast-privilege accessData collectedRetentionDeletionSecurity practices
Jump to top

Related reading

Open privacy policyTerms of service