Security, Privacy & Compliance
We treat your data with the same discipline we bring to your threads. Transparency is our default setting.
Infrastructure & Architecture
Minimal Content Retention
We cache only the last 50 messages per channel for AI context (90-day auto-expiry). All data is deleted immediately when you uninstall.
Encryption
All data is encrypted in transit via TLS 1.2+ and at rest using AWS KMS. Enterprise plans support Customer Managed Keys (CMK).
Cloud Security
Hosted on AWS (EU regions) using serverless architecture (Lambda) for strict isolation. All data is handled and processed in the EU.
Least Privilege
We request minimal Slack scopes. Admins can audit and revoke access at any time via the Slack dashboard.
Compliance & Certifications
We offer a standard Data Processing Addendum (DPA) for all customers.
View DPASub-processors
| Name | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Hosting & Infrastructure | EU (Frankfurt / Dublin) |
| Google (Gemini API) | Semantic Analysis (LLM) | EU (Belgium) |
| Stripe | Payment Processing | Global |
Least Privilege
We request only the minimum permissions needed. No invasive scopes.
Minimal Data Retention
Only last 50 messages cached per channel. 90-day auto-expiry. Instant deletion on uninstall.
Compliance Ready
GDPR & CCPA compliant with EU SCCs and DPIA templates.
Questions About Security?
Our security team is here to help with any questions about our privacy practices or compliance.