From my perspective, Notion is the first integration we shipped where the data exposure is decided twice. Once by the admin who enables the workspace-level connection, and once again — more importantly — by the user who is actually working in Notion and picks which specific pages or databases the integration can see. Most tools do not work this way. Most OAuth flows are a single "allow all" checkbox. Notion quietly changed the default a while ago, and it is the thing I like most about building on top of it.
I believe per-resource consent is the model other tools should move towards, not away from, specially as Ai assistants start to sit inside knowledge bases where the difference between "the company wiki" and "HR discipline records" is a single parent page. An assistant that can see the wiki is useful. An assistant that accidentally sees performance reviews is a problem. Notion lets the user draw that line page by page, and we designed our integration to work with that line, not around it.
What consent actually looks like in Notion
When a user connects Other Me to Notion, they first land on Notion's own consent screen, not ours. That screen asks two questions in order. First, which workspace do you want to connect? If the user is in multiple Notion workspaces, they pick one. Second, which pages and databases do you want to give this integration access to? The answer is explicit. The user picks the "Meeting Notes" parent page, or the "Sprint Planning" database, or a folder called "Public Docs", and everything inside that selection becomes accessible to the integration. Everything outside it does not exist from our point of view.
This is a meaningfully different contract from what the user signs on Google Drive or Dropbox. On those tools the default is full-workspace access, sometimes with a per-file sharing-rules layer on top. On Notion the default is no access, and the user has to opt specific pages in. Our Ai genuinely cannot read a page unless the user shared it. It is not a promise we make, it is a property of the API Notion gave us, and that is a stronger guarantee than any policy document.
The second layer
Per-page consent is strong, but it is set user-by-user. Most enterprise deployments want a third layer, the kind that a security lead can flip for the whole organisation without touching individual consent. That is what SCRS Docs scope is. It lives in our admin UI. When it is enabled, every Notion tool call goes through. When it is disabled, every Notion tool call returns a blocked message with an audit row attached, regardless of what the user shared with the integration on Notion's side.
The two layers compose rather than duplicate. The user layer protects against the Ai reading pages the user did not intend to share. The organisation layer protects against the Ai being used on Notion at all, which is the control a CISO wants when the company is evaluating Ai boundaries and has not finished the review yet. I tend to focus on this combination when I explain SCRS to enterprise evaluators because it answers the two versions of the same question — "can this assistant see our HR pages", yes answered at the user level, and "can anyone in this company use this assistant on Notion at all", yes answered at the organisation level.
What we learned from Notion's token model
Most OAuth integrations involve a token that expires every hour and a refresh token that rotates every time it is used. Notion does not work like that. When a user grants access, the access token they produce does not expire. It stays valid until the user removes the integration from their workspace. We had to design around this, which sounds like a simplification and is actually a more serious responsibility. If a user deletes their Other Me account, the Notion token on our side gets purged but the consent on Notion's side remains, and the user has to go to Notion and remove the integration manually. We log that gap loudly so our audit reviewers can see it, and we flag it inside the account deletion flow so the user knows to do the cleanup.
Apart from this, the never-expiring token affects how we handle revocation inside the integration's lifetime. When a user removes Other Me from a single page in Notion — not a whole-workspace revoke, just a page-level untrust — Notion returns a 403 on our next call on that page. The first version of the integration conflated that 403 with a 401 and marked the entire integration as expired, which was wrong. A per-page revocation is not a full disconnect. The user still wants the integration active on the other pages they shared. We now distinguish the two, which sounds technical and is actually about giving the user the right message — "please share this page if you want me to read it" is a different sentence from "please reconnect Notion entirely".
A scenario that prove to be fruitful
One of our customers is a five-person product team running a product roadmap inside Notion. Before connecting to Other Me, the team used the roadmap as the source of truth but spent most of their Monday all-hands reading it out loud to each other and arguing about which initiative was actually blocked. After connecting, the Monday meeting starts with a chat message — summarise the status of every Now initiative and flag anything marked Blocked or At Risk. The assistant reads the granted database, pulls the relevant rows, and returns a one-paragraph summary. The team then spends the hour talking about the blocked work, which is the conversation they always wanted to have and used to lose in a recital of the board.
The product lead tells me the shift is not about saving time, although they do save time. It is that the Monday meeting now starts from a shared picture of the state of things, instead of constructing that picture from scratch by reading the board together. The assistant is the thing that builds the picture before the meeting begins.
Where this sits in the bigger picture
I believe the per-resource consent model is going to be the thing every serious tool ships in the next two years, specially as more users notice that "allow all" is a bigger ask than they realised. Notion is early to it and Other Me is designed to respect it. If your team uses Notion for genuinely sensitive content alongside the everyday content, share the everyday content with Other Me, keep the sensitive content to yourselves, and rely on the organisation-level Docs scope if your security lead wants a single switch.
The assistant is most useful when the contract between it and your workspace is explicit, not implicit. Notion gave us the tools to make that contract explicit, we built on top of them rather than around them, and the resulting integration is the one I have the fewest reservations about when a security reviewer asks me what the Ai actually sees. The answer is only the pages you shared, and that is a sentence I can say without qualification.