Get AI summaries of any video or article — Sign up free
Notion Security & more with Notion COO Akshay Kothari thumbnail

Notion Security & more with Notion COO Akshay Kothari

August Bradley·
5 min read

Based on August Bradley's video on YouTube. If you like this content, support the original creators by watching, liking and subscribing to their content.

TL;DR

Notion’s platform ambitions depend on widespread real usage; adoption grew after focusing on notes, wikis, and tasks rather than a platform-first pitch.

Briefing

Notion’s long-term bet is that software becomes something people can build for themselves—but only after the product earns trust through real usage and solves everyday work problems. Akshay Kothari, Notion’s COO, frames the company’s early years as a “platform-first” approach that didn’t take off; adoption surged only when the focus shifted to the simplest units of work: notes, wikis, and tasks. That usage base, he says, is what now makes it possible to gradually introduce the platform layer that lets creators build end-to-end systems on top of Notion.

The most urgent platform request is the API, which would connect Notion’s internal objects to external tools and enable automation across a broader software ecosystem. Kothari describes the API as the “meta block” needed to move from a wiki-and-task product into a truly open platform. He also offers a timeline: the API is expected to be close, with initial testing planned with a small set of customers and general availability likely “a few months out,” as the quarter ends in October. Templates are positioned as the foundation that already makes platform-like behavior possible, but he flags a missing capability for serious platform building: upgradeability. If creators build comprehensive template-based systems, users need a way to receive improvements without manually downloading new templates, migrating data, or re-porting changes.

Security and privacy are treated as a non-negotiable prerequisite for hosting “life data” and sensitive business information in the cloud. Kothari emphasizes that Notion’s business is built on trust, and security/privacy is prioritized as a P0—something the company invests in continuously rather than treating as a one-time checklist. The company uses state-of-the-art internal protections, runs quarterly audits, and works with a dedicated security firm that actively tries to break the system. It also operates a bug bounty program to incentivize researchers to report vulnerabilities.

On top of that, Notion is moving toward tighter controls over employee access to user data. Kothari describes an audit-log model where employees can access data only when users explicitly request help in a workspace; the company plans to turn this into a user-facing feature—effectively a “press a button” mechanism that unlocks data on Notion’s side, while keeping it locked otherwise. He also notes that encryption is already in place and that end-to-end encryption remains a dream, though it’s difficult—especially because features like search would degrade if Notion can’t access content. Still, he argues convenience and security don’t have to be a trade-off, aiming for a platform that stays usable while security keeps improving.

Cornell Notes

Notion’s COO Akshay Kothari ties the company’s platform ambitions to real-world adoption: people build tools when they’re solving problems, not when a platform is merely promised. After early years focused on “platform view,” usage grew once Notion centered notes, wikis, and tasks—simple units everyone needs. The API is the key next step toward an open ecosystem, with initial testing expected soon and general availability likely a few months later. Security and privacy are treated as P0, supported by quarterly audits, a security firm that hunts vulnerabilities, and a bug bounty program. A planned user-controlled “unlock” feature would limit when employees can access workspace data, reinforcing trust while Notion continues pushing toward stronger encryption.

Why did Notion’s “platform-first” strategy take time to translate into adoption?

Kothari says the company spent the first four years trying to get people to build new software on the platform, but adoption didn’t follow because people “wake up to solve their problems.” Usage increased when Notion shifted attention to notes, wikis, and tasks—work primitives that fit marketing, sales, recruiting, and essentially any role. Once those became widely used, the platform layer could be introduced gradually.

What role does the API play in turning Notion into an open platform?

The API is described as the central “meta block” for connecting Notion objects inside the product to tools outside it. That connectivity would enable automation across the broader software ecosystem, letting creators build end-to-end organizational systems that integrate with other platforms. Kothari indicates the API is close: testing with a few customers could begin in the next few weeks, while general availability is likely “a few months out.”

What capability is missing for templates to support serious platform building?

Templates are already foundational, but Kothari highlights upgradeability as the big missing piece. If someone builds a comprehensive template-based system, improvements later should be distributable to existing users without forcing manual downloads, data migration, or laborious change-porting. Without upgrade paths, templates can’t reliably function like software operating on top of Notion.

How does Notion approach security and privacy as a cloud platform?

Kothari frames security and privacy as P0 because Notion’s business depends on trust. The company uses state-of-the-art internal protections, runs quarterly audits, and works with a security firm that actively tries to find vulnerabilities. It also maintains a bug bounty program so researchers can report loopholes and receive rewards.

What is the planned change to employee access controls for user data?

Kothari describes an audit-log model where employee access is limited to situations where a user makes a written request for help in a workspace. The company plans to make this more explicit as a feature: users would be able to unlock data on Notion’s side via a setting/button, while data remains locked otherwise. The goal is to reduce access to only what’s authorized and necessary.

Why is end-to-end encryption difficult for Notion’s feature set?

Kothari says end-to-end encryption is a dream but hard to implement because it would limit Notion’s ability to access content for functions like search. If Notion can’t tap into data, search and other capabilities would deteriorate. The company’s aim is to keep security strong without sacrificing usability.

Review Questions

  1. What conditions does Kothari say must be met before a platform strategy can succeed, and how did Notion’s shift to notes/wikis/tasks change adoption?
  2. How does the API change what creators can build, and what timeline does Kothari give for testing versus general availability?
  3. What specific mechanisms does Notion use to maintain security and privacy, and how would the planned “unlock” feature alter access behavior?

Key Points

  1. 1

    Notion’s platform ambitions depend on widespread real usage; adoption grew after focusing on notes, wikis, and tasks rather than a platform-first pitch.

  2. 2

    The API is positioned as the key step toward an open ecosystem that enables automation between Notion and external tools.

  3. 3

    Initial API testing is expected soon, with general availability likely a few months later, as the quarter ends in October.

  4. 4

    Templates are foundational, but upgradeability is essential for creators to deliver evolving “software-like” systems without forcing manual migration.

  5. 5

    Security and privacy are treated as P0, supported by quarterly audits, active vulnerability testing, and a bug bounty program.

  6. 6

    Employee access to user data is constrained and moving toward a user-controlled “unlock” model that keeps data locked unless explicitly authorized.

  7. 7

    End-to-end encryption is a long-term goal, but search and other features may suffer if Notion can’t access content.

Highlights

Adoption accelerated only after Notion centered the simplest work units—notes, wikis, and tasks—because people build around problems, not platform promises.
The API is framed as the missing ingredient for an open platform, with testing planned soon and general availability likely months away.
Notion plans to turn limited employee access into a user-facing feature: a button that unlocks data on Notion’s side while keeping it locked otherwise.
Security work is continuous: quarterly audits, an external security team that hunts flaws, and a bug bounty program.
End-to-end encryption remains a goal, but it’s constrained by how search works when the service can’t access content.

Topics

  • Notion Platform Vision
  • Notion API Timeline
  • Template Upgradeability
  • Notion Security & Privacy
  • End-to-End Encryption

Mentioned

Get summaries like this for any content

Videos, articles, research papers — all summarized by AI and searchable in one place.

Start building your library