I'm concerned about the privacy of this service. Do company employees have (or are able to get) access to users' private data? Is there any data mining in use?
They encrypt your data at rest, have their stuff audited by a third party quarterly, and give the employees some amount of security training.
The thing I am curious about is that to log in, you don't have a password. Rather, then send a temporary login code to your email address. Not sure how I feel about that.
It's safer than email + password. Every email + password combination I'm familiar with allows you to reset password by having a link sent to your email, which means that access to email is always considered the ultimate association of identity.
This just removes the email + password altogether and requires that you have explicit access to the email. So it takes the end-all-be-all access criteria of the other solution, but removes the possibility of them being able to have a weak password, and also removes the issue of them having to store and transport passwords.
It's less safe than email + password. Someone can break into your email with email + password, or you can forget it logged in and they have your Notion automatically, so it has the same problems email + password have, plus some more.
