Privacy & Security Overview
Last Updated: November 25, 2025
As an indie developer, I build tools for Notion consultants and workspace administrators. I understand that your Notion workspace can contain important projects, notes, and strategies.
Trust is central to our Service. Before you connect your workspace to Notion Health Check, we want to be transparent about how our system works, what data we touch (and do not touch), and how we keep it secure.
1. Our "Zero Content" Policy
The most important thing you need to know is that we do not read your notes.
Our algorithms are designed to analyze the structure of your workspace, not the substance. We look for "health issues" like orphan pages, duplicate clusters, or stale databases based purely on metadata.
What We DO Analyze (Metadata)
- Page Properties: Page Titles, Page IDs, Created By, Last Edited By.
- Timestamps: When a page was created or last modified.
- Structure: Parent-child relationships (to help identify orphan pages).
- Schema: Database property names and types.
What We DO NOT Touch (Content)
- Block Content: We do not read the body text, paragraphs, code blocks, or to-do lists inside your pages.
- Files & Media: We do not access or download images, PDFs, or other file attachments.
- Page Comments: We do not read discussions or comments on your pages.
Our backend is designed to focus on metadata endpoints of the Notion API and to avoid block content whenever possible, so your proprietary information remains private.
2. Strictly Read-Only Access
Our current "Health Check" tool acts as a passive auditor. It is designed to be non-intrusive with respect to your data.
- No Write Permissions: We do not request or use permissions to delete, move, or edit your pages.
- You Are in Control: Our reports provide recommendations (for example, "This page appears to be stale"). We do not automatically archive or delete anything. You make the final decision and perform any cleanup actions yourself within Notion.
- Safe for Live Workspaces: Because we do not write to your workspace, you can run a health check on a live workspace without the Service changing your data.
3. How We Secure Your Connection
When you connect Notion to Notion Health Check, we prioritize the security of that connection.
- Encrypted Access Tokens: The OAuth Access Token provided by Notion is the key to your workspace. We store this token using AES-256–level encryption in our database. It is only decrypted within our secure server environment when you actively trigger a scan.
- Server-Side Processing: All scanning logic runs on our servers (hosted via reputable cloud providers such as AWS and Vercel). We do not expose your tokens or sensitive metadata to client-side code beyond what is necessary to display results to you.
- Isolated Environments: Scanning tasks are processed in isolated worker environments to reduce the risk of data leakage between users.
4. Data Retention: Limited and Purpose-Driven
We believe that once a report has served its purpose, the underlying data should not be kept longer than necessary.
- Temporary Storage: We store your workspace metadata and health reports only long enough to display them to you and allow you to track progress over time. In general, we retain reports for a limited period of 7 days, after which the detailed metadata is deleted or anonymized.
- Easy Disconnection: If you decide to stop using Notion Health Check, you can disconnect your workspace via our settings or through Notion's "My Connections" page.
- Account Deletion and Disconnection: When you disconnect your Notion Workspace or delete your account, we start a process to remove your Access Tokens and associated metadata from our active databases as soon as reasonably practicable and aim to complete this process within 7 days.
5. Built for Admins & Consultants
I am an independent developer and Notion user. I built this tool because I have faced similar challenges: growing workspaces that become hard to maintain.
Our business model is based on providing value through analytics and utility. We do not sell your data to advertisers or use your private notes to train unrelated third-party AI models.
Learn More
This overview is intended to provide a plain-language explanation of our practices. For the full legal details regarding your rights and obligations, please refer to our formal documents:
- **Privacy Policy** – Detailed information on data collection and your rights.
- **Terms of Service** – The rules governing the use of our platform.
- **Legal Disclaimer**
If you have specific security questions, feel free to reach out to our team at support@kunflow.com.
If you have any questions about this document, please contact us at support@kunflow.com