Ask HN: Notion is withholding my company data, what can I do?

479 points by bertdc ↗ HN
I've been a paying customer from https://www.notion.so/ since 2017 with my company. In the early days, I even exchanged emails with the founders giving detailed feedback.

Around 3 months ago, I started having issues with their "Export" feature. Basically, you request to export all your data on Notion, and you're supposed to receive a link to download it. But the link never arrives.

I contacted them about this, and that's what they said at the time:

> Our engineering team is currently working through a large backlog, and there is no immediate fix for this issue...

I explained this wasn't a "nice to have" feature. It was a critical function that locks us with them and goes against their selling message of "you own your data". I was ignored, with the same robotic tone.

So today, 3 months later, I contacted them again to say I'm having the same issue. They replied with the same message:

> Please accept my sincere apologies for the ongoing difficulties with this. Our engineering team is currently working through a large backlog, and there is no immediate fix for this issue. I’ve already alerted them to the issue and told them of your particular situation, and we’ll certainly follow up if there are any developments! Really appreciate your patience with us as we continue to improve. Please let me know if there’s anything else I can help with in the meantime.

I'm again explaining the same thing - If the feature isn't working, this is a critical function that they should at least try to generate manually as per my request.

They are basically locking me in. They, again, replied with scripted messages:

> Unfortunately, our engineering team is working through quite a backlog at the moment, and there isn't an immediate fix for this issue....

Any suggestions on what I can do? Thanks!

206 comments

[ 5.3 ms ] story [ 254 ms ] thread
Are you in the EU or California?
As a product manager, I understand this spiel, but that kind of answer should always be reserved for features that don’t exist yet.

This tells me their marketing dept is writing checks their product team can’t make good on. Not good.

It sounds like a potential GDPR violation, maybe you can open a case with the EU?
Maybe not OP, but someone in the EU should definitely send in a request.
(comment deleted)
(comment deleted)
I'm not sure why you are being downvoted, OP might be in the EU, unless I missed it they didn't specify where they are.
OP is a business customer, not an individual. GDPR rights apply to individuals, not companies.
> Around 3 months ago, I started having issues with their "Export" feature. Basically, you request to export all your data on Notion, and you're supposed to receive a link to download it. But the link never arrives.

Was it ever working? “Having issues” seems to imply the functionality disappeared.

I'm not a Notion customer, but frankly with a response like this I would never, ever be one.

It's one thing to make a new feature request and have the response be "sorry, we'll get to it when we get to it." It's quite another to have a bug in an advertised, previously working feature, with no workaround, and say "sorry, our engineers have a big backlog."

Imagine if a bank said "sorry, we know the withdrawal feature to get your money is broken, but our engineers have a big backlog." Unbelievable!

> Imagine if a bank said "sorry, we know the withdrawal feature to get your money is broken, but our engineers have a big backlog." Unbelievable!

The Mt. Gox story.

(comment deleted)
(comment deleted)
I recently closed a bank account (due to Simple being acquired and the debacle of BBVA and now PNC) and it was quite difficult. I just wanted a "you send me a check with my remaining balance and we're done," and instead they told me I needed to withdraw my cash to zero (with limits that would have taken months), and only then could I close my account.

Eventually, I was told a workaround where I could "Bill Pay" my own credit card for an unlimited amount and then close the account. But it's not like banks are strictly easy in comparison.

Which is incredibly sad because PNC is really a great bank compared to the usual suspects (BoA, JPMC, Wells, etc).
Heartily agree. Been using them for about 10 years and never had an issue.
But two points on this:

1. First off, the Simple/BBVA debacle did receive so much press because the switchover was so royally f'd. The very fact that this bad of a screwup was something so unexpected/unusual is a big reason it received so much press.

2. They did provide (eventually) a workaround. Given the current top comment it looks like Notion may have a workaround as well, but regardless, the answer from support for a bug like this should always be "we'll get you a fix ASAP, even if we need to manually work around it", not "sorry but our engineers have a big backlog".

> they told me I needed to withdraw my cash to zero (with limits that would have taken months)...

I think that some state or federal banking regulators might have expressed displeasure if you had informed them of that policy.

Something doesn't add up in the story here. It seems like they suggested every other way in the book to withdraw funds other than a regular ACH transfer.
It seems like the guy doesn't want to have a bank account anymore.

If he just is moving to a different bank, then all he has to do is make a ACH transfer.

Also, the Bank may have a reporting requirement for over 10k withdrawals in cash but they will let you take even more than that in cash if you want to. You may have to work it out with them to get enough money on site at the branch if you have hundreds of thousands of dollars, but they will let you withdraw in cash.

Yeah, if he doesn't want a bank account anymore yet has thousands of dollars in there ... not sure what he's expecting here, or why he's blaming Simple/BBVA specifically for a predicament of his own creation. He complains about "days" of limits for withdrawals, so we're left to believe this is at least mid four figures or higher in balance.

At the time, he may have had issue with walking into a "branch" of Simple. While BBVA was the parent bank for Simple, their branches had zero insight into Simple bank accounts. When the transition happened, BBVA branches were getting hit hard by Simple customers expecting sudden service. However as far as the BBVA branches were concerned officially those customers weren't theirs -- no BBVA account number, just Simple, which they never had insight to when it did exist.

I had another account tied to it already so it was easy for me to transfer funds out to empty Simple. Sucks it was a hard experience for you!
> withdraw my cash to zero

> workaround where I could "Bill Pay" my own credit card

I'm confused on this. When you closed your Simple/BBVA account, did you not have any other checking account to transfer your funds into? Both of these suggestions will drain your account, but neither is the immediately obvious method of simply transferring your money to another checking or savings account.

I closed my account prior to the full BBVA transition, moving to Chime (heartily recommend in concert with YNAB for you folks that miss Simple's savings tools) and had no problem connecting my Chime account and transferring the funds via usual ACH transfer.

Simple was a real bank, backed by BBVA (and before that, Bancorp -- truly Simple's heyday in my opinion) and thus subject to typical banking rules. You could initiate ACH transfers with your Simple account like you could at your local credit union or bank.

> Imagine if a bank said "sorry, we know the withdrawal feature to get your money is broken, but our engineers have a big backlog." Unbelievable!

That happens a bit more than we would want to.

There was an (several?) incident with Mizuho bank in Japan. During system errors they'd swallow clients cards and wouldn't give them back until a the client asks for it in person at the counter (so, a few days later when it happens on the weekend)

(comment deleted)
Digital Ocean does this for VM downloads - you cannot export your VM as an image.

So if you create a snowflake VM there is now way you can move it off Digital Ocean.

We were thinking to switch to using Notion for a sizable project, but this thread changed our mind. It is, indeed, frustrating.
Depending on what you need, they have an API and a pseudo exporter could likely be built: https://developers.notion.com/reference/intro.

Not great, but better than being stuck.

You could ask for them to make the service free for you until it’s resolved. You’re still locked in, but at least you’re not paying for it.
wow, this sounds scary if you don't own your data
Up next: Someone will read this post, write an exporter, immediately find that Notion's system is handling authentication but not authorization, and dump tens of thousand private notion datasets.
You should not only point out that withholding your data is not a nice to have feature, but also that it is illegal.

A lot of gates open up once companies smell the power of the law, and anyone from their support likely _has to_ escalate any issue where a lawyer is plausibly mentioned.

This can backfire. Support is trained to refer to legal anytime a legal threat is made. This results in amicable support ceasing and all communication going forward being done through lawyers. You have to be prepared to actually go after them using the legal system when you do this.
Something tells me that the fix is about to skyrocket to the top of their priority list.
Yep. However it really sucks that you have to out companies like this on social media in order to get them to act on things.
A trend I have noticed is new and upcoming companies lure in customers at a break-neck pace, just shoveling all their money in greedily, all the while providing abysmal or no customer support. Uber, airbnb, robinhood (screw them in particular) and now notion all are all guilty of this.
You know what we should do? Sign up for Notion, add some data, and then ask to export it.

If so many people on Hackernews do that, it would be like hitting them with a GDPR denial of service attack and they’ll be forced to push out this feature ASAP.

> Please let me know if there’s anything else I can help with in the meantime.

This is the part where you ask for them to generate the export on their end and send you a link manually.

It’s “normal” for a feature to stop working, but their support must be able to provide a workaround even if it takes them hours of manually zipping things. If they don’t, you should at the very least receive a refund.

Exactly, I tried that over and over and was ignored.

> I'm again explaining the same thing - If the feature isn't working, this is a critical function that they should at least try to generate manually as per my request.

While it’s definitely not ideal it looks like they have a beta API... can you use it to extract your data? Or at least extract the most important data? If you still have the founders’ contact info in your email somewhere another option is to contact them directly and ask for help. Any good founder would quickly task someone with making a miffed but loyal paying customer happy again.
No data export feature is pretty damning. Many organizations, especially government, have strict record-keeping requirements (e.g. for US federal agencies/departments, it's required by law). Data export isn't nice-to-have, it's critical functionality.
Joplin is a great note taking app with complete authority over your data and has a good subset of the features that Notion provides.
Can you ask for a manual export of some sort? I realize that's annoying, but it seems like it would at least help you out.
This is truly awful, and honestly shouldn't surprise anyone given the modern cloud approach to software.

I've been thinking a lot lately about ownership. If I have a book, I can interact with it the way the publisher expects (I can read it). But being a physical object, I can also do lots of other things with my book. I can burn it. I can give it to a friend. I can sell it. I can draw in it. I can rip it up and use it as wallpaper. I can get the author to sign the front cover and donate it.

Software used to work this way too. If I have a Word document, I can interact with it the way Word expects - open it, edit it, save it and so on. And I can also do things microsoft doesn't expect. I can put it on my website. I can email it. I can back it up. I can delete it. I can reverse engineer the file format and edit it using other programs. I can archive it for 30 years, and know it will still work when I open it using the version of microsoft Word which created it. And so on.

But the new software model with smartphone apps and data in the cloud takes all this away. You can only do with your data what the publisher expects. If Notion doesn't have a working export API, tough luck. If GMail is missing an API for searching by regular expression, tough luck. If Adobe shuts down their activation servers, or a startup fails, or Google kills a product, tough luck. You've lost all your data. There is no backdoor. There are no other ways, by default, for you to have any agency over your own data that a product manager hasn't approved of. Amazon can delete books that they've already sold you. And they have. You can't sell a game you bought on steam. Or get it signed by the author. Or reverse engineer the raw database entries which store a google doc.

And this sucks. Its disempowering. I love the security on my phone, and the operational simplicity of not needing to manage my own backups. But this? I hate this. I hate that there's a good chance Notion will aquihired by a big tech company and shut down. I'm not ok with my own creations being at the whim of market forces like this.

I reject the idea that word and google docs are the only options. Git + Github is the model I want, where the cloud is a convenience but everything is stored locally as well. We need to start fighting for that.

One of the big problems is that software doesn't sell (or at least is really hard to sell). Piracy and that pesky "pay once unless you want to upgrade" problem companies aren't fond of. Services are easy to sell and code on your server is hard to pirate.

Still, there are gems out there, like Obsidian. Your files, put them where you want, how you want. Use the tool however you want, extend it if you want. Every other day someone comes up with some crazy plugin idea I didn't think I needed but now I do. If the company behind it goes poof, it will keep working.

Going along with the software doesn't sell problem, supporting software on customers laptops is a nightmare.

No two environments are identical, you don't know what weird things they've done, this causes all sorts of new bugs.

We don't know how to write bug free software for a reasonable price, and it's a lot easier to debug and update software on a server you control than on a customers computer.

On a server no one complains about auto upgrades, on a customer computer there's going to be a lot of people who don't upgrade but still want support, even if you try and force auto upgrades (which will annoy people) someone will have figured out a way to prevent that from happening.

---

I think for a lot of companies SAAS is unfortunately the responsible financial decision.

> I think for a lot of companies SAAS is unfortunately the responsible financial decision.

Until you're locked out.

Indeed you have a great point here, as I can simplify, you do not own your data, you buy allocation of certain service, like you said about Amazon ebooks.

Indeed I'm a guy who balances more between freedom instead of making it rigidly by laws, however the "Tech World" really needs "foundational directives" where all companies should abide.

Like John Locke defines, as I remember, that you have a "natural right" to Life.

Why not make an analogy here...

Right to Life - Your data is yours.

Right to Liberty - Your data goes where you want.

Right to Property - help me here lol

Idk we really should start to think more about privacy to all people, and where the top ones do with them.

The industry isn't collaborative enough to voluntarily come up with such practices so the most likely avenue seems to be through laws and regulations.
Indeed the problem is how to make an international law which they could abide?!
> Git + Github

You mean, you “own” copies of your data, but unless the person who controls the interface with that popular happy workflow that Everyone Already Knows How To Use lets you store it on their server, a lot of people who might otherwise be willing to collaborate with you will go “eh” and give up, and therefore, since so many marginal things require that to get anywhere, you can still just lose completely if you don't agree to the GitHub Terms of Service?

I imagine you didn't mean that part primarily, of course—but it's another thing to be aware of. There's a lot of potential for SaaSS interface lock-in—I think this is much worse for users with less technical inclination or less mental slack, but even in the realm of “people who are already developers who use Git”, this becomes a large friction source. And with more-social smaller-world flows, the coordination-control aspect has a stronger grip.

That said, it's also worth looking at how the “cloud” model is in a way reifying the folk model many users were already using. People thinking of their documents as being “in” (for instance) Word, and having no idea where they are in a filesystem or what that is in the first place, is already seared into the cultural memory of people who were family tech support in the 1990s. The default consumer cloud model is an easy extension and solidification of this: now it totally is “in” Google Docs rather than being a leakier folk-model weakening of accessing your your hard drive, and now Google Docs is accessible from anywhere. Everything is like you expect! No need to panic when your machine breaks, just get a new one and it's all still there!

And those upsides are real in their own way. But a number of downsides which are also real are less obvious and immediate.

In the case of GitHub and any other similar service the lockin is the number of services they added to the plain repository. Pull requests, issues, wiki, API for third party services, etc. You get back some of them if you self host with GitLab but every service supports GitHub, maybe not GitLab.

In this case, I don't even know what they get when they export from Notion but how are they going to collaborate on those data?

Yeah, I wish PRs, issues, wiki and all that was also stored in the git repository. I understand there's no incentive for github to do so, but it would make interoperability so much easier.

> how are they going to collaborate on those data?

CRDTs make collaboration possible and work well, without needing a central source of truth. For example, Yjs.

The wiki is a git repository of markdown files (maybe some other format too.) I edit locally, commit and push to GitHub. The name of the repository is user/project.wiki The file for the sidebar is _Sidebar.md

No idea if other services can import those files into their wikis.

We can't even export Google Docs in its native format. If one day Google shutdown Google Docs, you probably loses your documents forever.
That's why I become a software engineer. I would like to host the services and use cloud as backup.

Right now, the only thing bothers me is the email service. For a selfhosted email service, there might be some problems.

For example, I would like to sign up FB by my custom domain email address, but after roughly two days they treat me as bot and ask for cellphone which I don't want to give them. Because there is no way to delete the cellphone later. The function on their setting is not working. Even if you deleted the cellphone on setting page, you could still get targeted AD by hashed cellphone information. It seems like they use hashed information as the way to against user deleting.

I don’t see where you asked them to manually generate you a link.
Well this makes the "should I start using Notion" question easy. 3 months of captive data and stonewalling from support -- wouldn't touch it with ___ foot pole.
Report them to your state's Attorney General. Have a lawyer send them a letter reminding them that you paid for a service that wasn't provided and that it's costing your business money.
A threat of legal action will probably go a long way. I might be wrong, but I think it is actually illegal to withhold people's data upon request, especially if you claim to offer the feature. Also false advertising.

I can see how they would try to skirt around it though, they'd probably say that it is a temporary glitch but the functionality is available. That way it wouldn't be them withholding your data or false advertising per se, but rather a temporary incapacitation.

Another option would be to find other Notion customers who have the same issue or who can reproduce the same issue. That is, find other customers who you can ask to try to download their own data as well. If the issue is not isolated to you, then you can take class action against them and they would either have to take the feature down or issue a customer wide notice of of service/feature downtime. Either of these can be deemed a violation of the SLA on their part and give you a legal path for recourse.

In the mean time, you should probably reply to that email telling them to do it manually. Tell them that it is the feature you even got the subscription for. So if they said at the time of contract it is doable, then they ought to be able to do it manually if not via the feature.

Their backlog is none of your concern, they took your money and should deliver otherwise refund you.

Hope that helps.

Yes. Have your lawyer review and draft a letter referencing the approptiate laws. I'm sure they'll give you a manual export then.
IANAL but would the GPDR apply here? Gut feeling is that Notion needs to have a way for customers to export their personal data to comply.
I‘d assume company data (that OP talks about) is not personal data.
Only if @bertdc is an EU resident. The company is a US company, so GDPR does not apply to US customers. And even if @bertdc was in the EU, applicability can still hinge on whether the company “profiles” customer behavior and/or advertises specifically to EU residents.

Also GDPR can’t compel a company to not write bugs. If they’re legitimately trying to fix it - and they might be - then they might not be out of compliance were the GDPR to be applicable. Threatening legal action might have the unintended consequence of slowing things down rather than fixing anything.

* Oh, and TIL GDPR does not apply to company data https://news.ycombinator.com/item?id=27613213

This is such stunningly bad advice. Threatening legal action may get you a quicker response, if the company believes you have standing and the wherewithal to actually sue them. In most cases, however, threatening legal action is going to get you put into a queue where anything they say to you gets vetted by legal, if not just outright ignored until you actually serve them or have your own lawyer reach out.

"Go form a class action lawsuit against Notion" is just a wild thing to casually suggest as a remedy here.

(comment deleted)
(comment deleted)
there's a lesson in here somewhere....
From a technical perspective, why can't they manually create an export? How many man hours are needed to do this?

Or, does this mean their backend development breaks their export code, so heavy rewrite the export code is required to make export work again?

Much like you posted your story on HN, make a twitter/linkedIn post and let it go viral. More viral it goes, more chances that the features will be requested by others and more chances of it getting due love by the engineering team. I am not a fan of social shaming, but sometimes that is the last resort and that's what you are doing.