concept · explanation
Data, security, and privacy
Understand how data, security, and privacy works in Slash Social.
Overview
Slash Social is multi-tenant software built for teams that work in Slack. Your organization’s data belongs to your organization and its brands. It is not mixed with other customers’ workspaces or pooled across tenants.
If you are an org admin or billing owner, this article explains how tenant boundaries work, what Slash Social stores, how access is protected, and where you control export, deletion, and retention.
How it works
Tenant boundaries
Every query and content operation is tied to an organization ID. Content such as posts, connected accounts, pillars, campaigns, inbox items, and knowledge entries is further scoped to a brand.
Slack workspace context uses the installing team ID. When one organization connects several Slack workspaces, bot tokens and channel context stay with the correct workspace instead of crossing teams.
Users only see brands and actions their roles allow. Billing owners handle org-wide privacy and deletion requests. Brand owners and admins manage content and settings inside a brand.
What the product stores
Slash Social stores data needed to run your social workflow:
- Slack workspace details and Slack user identifiers
- Workflow state, drafts, media references, and approval history
- Brand configuration, connected social account tokens, and publishing targets
- Inbox and conversation records, analytics snapshots, and usage metrics
- Billing records, audit history, and support-related logs required to operate the service
Slack and each social network remain independent services with their own terms. Content you leave in Slack channels or on a social profile stays governed by those providers even when Slash Social reads or publishes on your behalf.
Security practices
Access to production systems is limited and logged. Customer content moves over encrypted transport. Connected account credentials are stored so Slash Social can publish and pull inbox activity on your behalf. You can revoke access by disconnecting a profile in Slash Social or uninstalling the app from Slack.
Do not paste passwords, private API tokens, or unrelated sensitive personal data into Slack messages, modals, or support requests. Use the product connection flows instead.
Privacy choices and retention
The public Privacy Policy describes collection, AI-assisted processing, subprocessors, retention windows, and regional rights. Slash Social does not sell customer workspace content for advertising profiles. AI inputs are processed to deliver the outputs you request. They are not used to train foundation models for other customers.
Billing admins can start org data export, org deletion, or user deletion requests from Settings, then Billing and Plan in /social. Each flow includes confirmation steps and may respect legal hold or cooldown rules described in Manage billing and upgrades. Backups and audit records may persist for a limited period when required for security, billing disputes, or compliance.
Team plans and above include standard audit history for settings and content actions. Scale adds advanced audit log capabilities where enabled for your workspace.
Why it matters
Clear boundaries reduce the risk of publishing from the wrong brand, approving content outside your role, or exposing tokens in chat. Knowing what is stored helps you decide what belongs in Slash Social versus Slack or a social network.
Export and deletion flows give billing owners a controlled path when someone leaves the company, a client offboards, or you need a portable copy of org data. Audit history supports review after sensitive settings changes or approval decisions.
Workspace members with privacy questions should contact their org admin first. Admins and billing owners can use the support contact form for access, correction, export, or deletion requests that in-product flows do not cover.
Related workflows
Use these articles when you need to act on the concepts above:
- Manage billing and upgrades: start org export, org deletion, or user deletion, and review billing confirmation rules
- Security and privacy operations: admin reference for retention, access controls, and operational handling