If you are uploading files (pdf, screenshots, images) with sensitive data, these uploads in Roam Research (and Notion) are not protected with your login, meaning if someone gets holds of this uploaded file URL they can view it.

For example - I upload some pdf in Notion the upload goes to amazon cloud. Anyone with this link can access it

Similarly, anything you upload in Roam Research goes to google cloud (, and all links open to public access.


For Roam Research, one way to fix this is by using Google Drive Extension. Any file upload goes to your Google Drive, protected by your Google login. There is no plugin like above for Notion, but you can upload files to your Google Drive and connect using Notion Google Drive app

The funny thing is, in their demo of pdfs, Notion used tax documents as an example to upload and edit.

Other Alternatives

  • Obsidian, if you are using their sync feature, then uploads are encrypted with your password and stored in their servers. If you are using your offline folders, then all uploads are there in your folders (Mostly, in this case, you would be using some sync to copy files to any cloud like Dropbox or Google Drive).
  • Logseq, similar to Obsidian, Logseq gives the option to use local folders. You can use any cloud provider to sync them.
  • Evernote uploads files to their server, and these files are protected with your login.

Bottom line

Don’t upload files with sensitive data in Notion or Roam Research.

– RC