For your site, it returned a product logo with a very, very different name: https://notionportals.com/og-image.png

https://portalwith.com

Are they? They look made up. I looked up TechFlow and the CFO on their website doesn’t match the one listed in the testimonial. Many of the others don’t seem to have a web presence to speak of at all.

Anyone who uses it for your made-up use-case is silly, and has no sense of 'segregation of duties' (access).

IMHO2: this is a process/procedure problem, not a technical problem (to quote GDPR's phrase) "..technical and organisational measures necessary to ensure.." this is an organisational problem that you are trying to solve as technical.

I have very recently tried to work with Notion staff in applying basic "compliance" controls, and their input/response was next-to-garbage, with a big "we didn't build it for/like this mate" attitude. E.g. complete lack of "canned reports showing inactive users", "canned reports showing failed login attempts", and so on. One will have to drill though the audit logs, extract the lot, and go excel magic. Other 'within-Notion' solutions are (politely) 'inaccurate'.

Overall it is a GRC/Privacy nightmare and I am happy to not be a user of this any more :)