Workspace admin review

Everything a Slack admin needs before approving the install.

This page is for workspace owners and IT reviewers. It covers what Slash Social can access, what it cannot, which OAuth scopes are requested, data stored, retention, and how to reach us for security questions.

Share with your admin

Send this page to a workspace admin.

The link below opens your email client with a pre-written message that includes what the app does, a link to this review page, pricing, and a support contact. Edit before sending.

Open email to admin

Opens your default email client. Nothing is sent automatically.

OAuth scopes

What the app can access.

These are the Slack permissions the app requests during install. Each scope is listed alongside the plain-English reason it's needed.

chat:write, chat:write.customize, chat:write.public
Post messages and app notifications Used to deliver approval requests, publishing alerts, recovery notices, and command responses to channels the team configures.
channels:read, channels:join, channels:history, channels:manage
Read and join configured channels Used to read channel membership, join approval and inbox routing channels, and read message history in channels the app has been invited to.
groups:read, groups:history
Read private channels the app is invited to Only for private channels where the team explicitly places the app. The app cannot read private channels it has not been invited to.
users:read
Read workspace member list Used to populate assignee, reviewer, and role selectors inside the app. Names and IDs only — no email addresses, phone numbers, or profile fields beyond display name.
im:read, im:write, im:history
Send and receive direct messages Used to send publishing failure alerts, approval notifications, and recovery prompts directly to affected team members.
mpim:read, mpim:write
Send to group DMs Used when a shared channel context is more appropriate than a one-to-one DM for a notification.
files:read, files:write
Read and upload files Used to read media files shared for post creation and to upload rendered preview assets for approval review.
commands
Respond to slash commands Required for commands like /create, /social, and /pillars that team members use to start workflows.
reactions:read, reactions:write
Read and add message reactions Used to capture ideas from messages via emoji reaction and to acknowledge actions with reactions.
lists:read, lists:write
Read and write Slack Lists Used for the pipeline, approval tracking, and scheduling lists that surface content state across the team.
canvases:read, canvases:write
Read and write Slack Canvases Used by the knowledge base feature to store and retrieve brand context, guidelines, and briefs.
links:read, links:write, links.embed:write
Unfurl and embed links Used to show social post previews when links to content items are shared in Slack channels.
bookmarks:read, bookmarks:write
Read and write channel bookmarks Used to pin important workflow links and brand resources to relevant channels.
conversations.connect:read, conversations.connect:write, conversations.connect:manage
Slack Connect for external review Used by the client approval workflow to create shared channels with external reviewers so clients can approve work without accessing the internal workspace.

Boundaries

What the app cannot access.

Slack's permission model gives the app only what is explicitly requested. These things are outside the app's reach regardless of scope.

  • Private channels the app has not been explicitly invited to
  • Direct messages between users that do not involve the app
  • Workspace billing, subscription, or payment data
  • Other installed apps or their data
  • Message history in channels where the app is not a member
  • User email addresses, phone numbers, or extended profile fields
  • Admin logs or audit logs outside the Slash Social product
  • Files or attachments in channels the app has not joined

Data

What is stored and why.

The app stores only what is needed to operate the workflow. No customer data is sold.

Slack workspace and user identifiers Required to route approvals, notifications, and inbox work to the right people and channels.
Channel IDs configured for routing Stored to know which channels receive approval requests, recovery alerts, and inbox items.
Post content drafted through the app Stored as drafts during the planning, approval, and scheduling workflow.
Approval history and audit trail Kept as a record of who reviewed, approved, or requested changes on each piece of content.
Social account connection tokens OAuth refresh tokens for connected accounts, stored encrypted, used only to publish scheduled posts.
Brand and team configuration Brand names, roles, posting schedules, and routing rules set up during onboarding.

Retention

Retention and deletion.

Workspace data is removed when the app is uninstalled from Slack. Connected social account tokens are invalidated when a team member disconnects the account from within the app or when the app is removed.

For data deletion requests before or after uninstall, use the support form and include your workspace name. We aim to confirm and complete deletion within 30 days.

The full privacy policy describes collection, use, sharing, retention periods, AI processing, subprocessors, and user choices.

Read privacy policy →

Security

Questions for the security team.

For security review questions — penetration test reports, SOC 2 status, subprocessor list, DPA requests, or specific scope justifications — use the support form and note the request type. We respond to security review requests within 3 business days.

For urgent security issues, include "Security review" in the subject line.

Ready when your team is

Bring social media operations into Slack.

Start with one brand, one workspace, and the workflows your team already repeats every week.