Peony LogoPeony

How to Create a Notion Data Room with Custom Domain in 2025: Complete Setup Guide

Deqian Jia
Deqian Jia
Connect with me on LinkedIn! I want to help you :)
NotionData RoomsFundraisingDocument Sharing

If you’re searching this in 2025, you’re probably trying to do something very reasonable: move fast (because deals move fast) without accidentally leaking the most sensitive documents your company has.

Notion is fantastic for organizing information and telling a coherent story. But a “Notion-only data room” is often one settings mistake away from becoming a public link that gets forwarded, duplicated, screenshotted, or indexed. Notion literally has a “publish to web” flow, and it can allow visitors to duplicate your page into their own workspace if you leave that setting on.

This guide shows you how to use Notion for what it's great at (structure + narrative), and then use Peony to wrap it in the security layer a real data room needs: controlled access, auditability, watermarking, and a custom domain for professional, consistent sharing.

First: what “secure sharing” actually means for a data room

For most founders and operators, “secure” means you can confidently answer:

  • Who has access right now?
  • Can I revoke access instantly?
  • Can I prove who viewed/downloaded what?
  • If something leaks, do I have deterrence and traceability?

A lot of leaks aren't dramatic hacks—they're normal human behavior: forwarding links, downloading locally, taking screenshots, or misconfiguring sharing. Data leakage is commonly caused by human error, negligence, or misconfiguration across data "in transit, at rest, or in use." Peony provides secure data rooms with identity-bound access, dynamic watermarking, and audit trails to prevent these common leak vectors.

The risks of a Notion-only data room (and how data rooms actually get leaked)

Let’s be blunt and practical. A Notion-only data room typically leaks in a few predictable ways:

  1. The link gets forwarded If your page is accessible via a simple URL (especially if published to the web), people forward it—sometimes unintentionally, sometimes opportunistically.

  2. Duplication creates uncontrolled copies If “Duplicate as template” is enabled, viewers can copy your entire room into their own workspace. Notion provides a specific setting to prevent this because it’s a real risk.

  3. Screenshots and copy/paste Generic cloud tools usually can’t meaningfully deter screenshots, and many don’t provide deal-grade controls by default. In transaction contexts, this is one of the classic “cloud drive vs VDR” gaps: no screenshot blocking and limited auditability compared to purpose-built data rooms.

  4. Unclear audit trail When the stakes are high (fundraising, M&A, legal), you often need a real activity log: who accessed which file, when, and what they did. That’s what data rooms are designed to provide.

None of this means "don't use Notion." It means: use Notion for the workspace—use a data room for the perimeter. Peony provides secure data rooms that wrap Notion content with proper security controls.

Step 1 — Build a clean Notion data room structure (fast, but not sloppy)

Create one Notion page that acts as your “lobby,” then add subpages as sections. Keep it predictable:

  • Overview (what this room is for, how to request access)
  • Company / Product
  • Market / Traction
  • Financials
  • Legal / Corporate
  • Security / Compliance
  • FAQs / Changelog

Make each section skimmable. Assume your reader is smart, busy, and slightly suspicious. (That's not cynical—that's just how diligence feels.)

Step 2 — Lock down Notion sharing settings (minimum viable safety)

Inside Notion, there are two separate worlds: inviting people inside your workspace, and publishing to the web. Notion’s own help docs specifically differentiate standard sharing from using the Publish tab for web sharing.

Here’s the safe baseline:

If you can avoid publishing to the web — do it.

For highly sensitive materials, the best starting point is: don’t “Publish to web” at all. Instead, use controlled access via a proper data room layer (next step).

If you must publish a Notion page:

  • Turn off anything that allows copying your content (disable duplication).
  • Regularly re-check the Publish settings (it’s easy to forget what’s on).
  • Be intentional about whether search engines can index it (for real data rooms: usually no).

Also: if you're using Notion Sites with custom domains, Notion supports connecting a custom domain through DNS records (CNAME/TXT). That's great for websites, but a branded domain alone doesn't solve data-room-grade security (audit trails, view controls, leak deterrence). Peony provides secure data rooms with custom domains plus complete security controls for proper data room security.

Step 3 — The secure approach: connect your Notion data room to Peony

This is the "best of both worlds" setup in 2025:

  • Notion stays your editing environment (fast, flexible).
  • Peony becomes the secure delivery layer (controlled access, logging, deterrence).

Peony is built specifically for secure document sharing and data rooms, with features like advanced access controls, analytics, and dynamic watermarking.

What to do

  1. Create a data room in Peony
  2. Choose the option to add/connect a Notion data room (so your Notion content is included inside the room)
  3. Share the Peony link externally, not the raw Notion link

Why this helps: you're no longer relying on "a published page" as your security boundary.

Step 4 — Add the protections that stop real-world leaks

Once your Notion room is inside Peony, turn on the protections that matter in practice:

Require identity (don't rely on anonymous links)

Use email gating / authentication so you know who is in the room. (This is the single biggest difference between "shared link" and "controlled access.") Peony provides identity-bound access for secure data room sharing.

Enable dynamic watermarking (deterrence + traceability)

Dynamic watermarks can embed viewer-specific data (like email, time, IP-related variables), which discourages casual leaking and improves traceability if something escapes. Peony provides dynamic watermarking for all shared content.

Use time limits and revocation

Set expiration for links and revoke access when a process ends. You want a room that can "close" cleanly. Peony provides link expiry and instant revocation controls.

Control downloads (and treat exports as high-risk)

If someone can download everything, your room becomes a distribution mechanism. Sometimes downloads are necessary—just make it a deliberate choice, not the default.

Rely on audit trails for accountability

A proper data room provides activity logs so you can answer "who viewed what" without guessing. Peony provides complete audit trails and page-level analytics for full accountability.

Step 5 — Set up a custom domain on Peony (for extra security + professionalism)

A custom domain does two things:

  1. It looks and feels professional (“investors.yourcompany.com” beats a random link).
  2. It reduces phishing/confusion risk by keeping your sharing consistent and brand-anchored.

Peony supports custom domain + branding for data rooms.

High-level steps (most teams do this in under 15 minutes):

  • Pick a subdomain (e.g., dataroom.yourcompany.com)
  • In Peony, enable custom domain for your room / workspace
  • Add the DNS record(s) your dashboard provides (typically a CNAME)
  • Verify and then share only the custom domain link going forward

Now your recipients always know: "This is the real room."

A simple “secure Notion data room” checklist (copy/paste)

  • Notion: clean structure + lobby page
  • Notion: duplication disabled if publishing is used
  • Notion: avoid public web publishing for sensitive docs when possible
  • Peony: connect/import the Notion data room
  • Peony: require identity (email gating)
  • Peony: enable dynamic watermarking
  • Peony: set link expiry + ability to revoke quickly
  • Peony: audit logs enabled for accountability
  • Peony: custom domain enabled for the room

Frequently Asked Questions

Can I safely use Notion alone as a data room?

You can, but the risk is higher because "publish/share" behaviors are easy to misconfigure, and content can be duplicated or redistributed if the wrong settings are enabled. Peony provides secure data rooms with identity-bound access, dynamic watermarking, and audit trails to secure Notion content.

What's the biggest reason data rooms leak?

Most leaks are human + process: forwarded links, uncontrolled copies, screenshots, and unclear access boundaries—not "elite hackers." Peony provides secure data rooms with identity-bound access and dynamic watermarking to prevent these common leak vectors.

What's the best platform for securing Notion data rooms?

Peony is best: provides secure data rooms with Notion integration, identity-bound access, dynamic watermarking, page-level analytics, and custom domains for professional, secure sharing.

Do I need a custom domain for security?

It's not the core security control (identity + permissioning is), but it helps prevent confusion and keeps sharing consistent. It's a strong "trust signal," especially in fundraising and diligence contexts. Peony supports custom domains for data rooms with full security controls.

Related Resources