My agency was bleeding $1,800/year on contractor Notion seats. The problem: I needed to give contractors access to specific data (CRM, project tracker) but couldn't let them see pricing, margins, or other clients' information.
Notion's native solution doesn't work:
Row-level filtering exists but it's view-only (contractors can't edit)
Column hiding doesn't exist
Guest sharing is read-only
So you either pay $15/mo per seat or duplicate databases (maintenance nightmare)
I built a permissions layer using Notion's OAuth API. It lets contractors see only specific rows and columns, edit data, all without expensive seats.
How it works:
Connect Notion via OAuth
Define roles: "Sales reps see only leads where owner = them, hide pricing column"
Contractors access a clean portal
They view/edit data in real-time (syncs every 5 minutes)
You pay $59/mo flat for unlimited users
The math:
5 contractors × $15/mo = $900/year wasted
20 contractors × $15/mo = $3,600/year wasted
50 contractors × $15/mo = $9,000/year wasted
With this: all of them = $59/mo flat.
Technical:
Frontend: React + TypeScript
Backend: Supabase + PostgreSQL (RLS)
Auth: Notion OAuth 2.0
Current state: 50 beta testers. First 20 customers get $49/month locked-in (launching at $79 after January).
Limitations:
Only Notion databases (not pages)
5-minute sync (not instant)
Requires role definition
No team permissions yet (roadmap)
The ask: If this solves a problem you have, we'd love feedback. Are there permission use cases we're missing? What's your price sensitivity?
Free trial: notionportals.com
I usually read HN through Feedly, which tries to grab an appropriate image for the target of the headline link.
For your site, it returned a product logo with a very, very different name: https://notionportals.com/og-image.png
Lowest-of-low effort AI slop image (how long would it have taken to screenshot a Google Slide?) and the user's post history tells me everything I need to know.
Congrats to creating something you think is valuable. Do you see a risk that your business model is taking away income from an API provider that you 100% depend on - meaning the plug could be pulled at any minute while you have paying customers?
> Real Companies. Real Results.
Are they? They look made up. I looked up TechFlow and the CFO on their website doesn’t match the one listed in the testimonial. Many of the others don’t seem to have a web presence to speak of at all.
Not a chance in the world these are real. The entire page is clearly 100% AI generated.
Great, we also just launched last year started by solving our problems. Now serving 1500+ users.
https://portalwith.com
IMHO1: Notion is a Confluence+SharePoint+Jira with useless "AI" to quickly create templates.
Anyone who uses it for your made-up use-case is silly, and has no sense of 'segregation of duties' (access).
IMHO2: this is a process/procedure problem, not a technical problem (to quote GDPR's phrase) "..technical and organisational measures necessary to ensure.." this is an organisational problem that you are trying to solve as technical.
I have very recently tried to work with Notion staff in applying basic "compliance" controls, and their input/response was next-to-garbage, with a big "we didn't build it for/like this mate" attitude. E.g. complete lack of "canned reports showing inactive users", "canned reports showing failed login attempts", and so on. One will have to drill though the audit logs, extract the lot, and go excel magic. Other 'within-Notion' solutions are (politely) 'inaccurate'.
Overall it is a GRC/Privacy nightmare and I am happy to not be a user of this any more :)