SlackDesk← Back to Home

Privacy Policy

Last updated: October 1, 2025

Who we are

SlackDesk ("we", "us", "our") provides a Slack-native helpdesk application. This policy explains what we collect, why, and how we protect it.

Contact: privacy@slackdesk.co

What we collect (data minimization)

We collect only what's needed to operate the app and site.

From the Slack App (required to function)

  • Workspace metadata: Slack team ID, team name, bot token (encrypted), install timestamps.
  • Ticket data: ticket ID, department, status, requester and assignee Slack user IDs, channel ID, thread timestamp, message permalinks, timestamps, SLA flags.
  • Content you submit in forms: the text you enter in ticket modals or when you explicitly attach a message/file to a ticket.
  • Internal notes: marked as internal; visible only to permitted agents/admins.
  • Integrations metadata (optional): external issue IDs/URLs (e.g., Jira key & link), configured API keys (encrypted), Google Sheet IDs.
  • Operational logs: event IDs, response times, error codes (no message bodies or secrets).

From optional features (only if you enable them)

  • Email-in: sender address, subject, sanitized body, threading headers (Message-ID, In-Reply-To), attachment metadata; we store attachments only if enabled.
  • Users' emails: Slack users:read.email scope (if enabled) to map accounts or send email notifications.
  • Files: Slack files:write scope (if enabled) to associate screenshots/docs to tickets (we store file IDs/links, not the raw bytes).

From the marketing site

  • Usage analytics: page views, referrers, device/browser (via Vercel Analytics/GA4).
  • Cookies: strictly necessary (session, CSRF, install flow) and analytics cookies (optional).
  • Contact/newsletter forms: name, email, and any message you submit.

Why we collect it (lawful bases)

  • Provide the service (contract): create/route/resolve tickets, DM notifications, App Home views.
  • Improve and secure (legitimate interests): performance metrics, abuse prevention, error diagnostics.
  • Comply with law (legal obligation): retain minimal records where required.
  • With consent (where required): marketing emails, non-essential cookies.

How we process & retain data

  • Processing: all Slack webhooks are verified; we acknowledge within 3s and process heavy work asynchronously.
  • Retention: default 180 days for ticket content and logs; workspace admins can change this (shorter/longer) or request deletion.
  • Deletion: uninstall stops processing immediately; upon admin request we delete workspace data within 30 days (unless legally required to retain).

Sharing & sub-processors

We use vetted providers under DPAs/SCCs, only to operate SlackDesk:

  • • Vercel (hosting)
  • • Supabase (PostgreSQL + encryption at rest)
  • • Slack (platform and APIs)
  • • Email provider (Resend/Postmark) for email-in/out (if enabled)
  • • Analytics (Vercel Analytics/GA4) for site metrics
  • • Error monitoring Sentry

We don't sell personal data. We disclose data only: (i) to sub-processors above, (ii) at your instruction, or (iii) to comply with law.

Security

  • • TLS in transit; encryption at rest (DB & secrets).
  • • Slack request signing verification; CSRF on OAuth.
  • • Principle of least privilege; RLS on data; service role keys server-only.
  • • Rate limiting, input sanitization, secret redaction in logs.

International transfers

Data may be processed in the United States and other regions where our sub-processors operate. We rely on DPAs and standard contractual clauses where required.

Your rights

Depending on your region (e.g., GDPR/CCPA), you may request access, correction, deletion, restriction, or portability.

Workspace admins control and may request export/deletion of workspace data: privacy@slackdesk.co

Changes

We'll post changes here and update the "Last updated" date. Material changes will be communicated to workspace admins.