reference · reference
Security and privacy operations
Current security and privacy operations facts for Slash Social.
Overview
This page summarizes how Slash Social isolates customer data, where admins start privacy actions, and when to escalate to support or security.
What it includes
Tenant isolation
| Boundary | Rule |
|---|---|
| Organization | Billing, limits, and org-wide settings; all queries scoped by org ID |
| Brand | Content, accounts, pillars, campaigns, inbox, and media scoped by brand ID |
| Slack workspace | Bot tokens and workspace context keyed by Slack team ID (not org ID alone) |
Users see brands and actions allowed by their roles. Data from one organization is not returned to another.
Data categories stored
The service stores Slack workspace metadata, Slack user identifiers, workflow and content state, brand configuration, connected social account tokens, drafts and media references, approval and audit history, inbox and conversation records, analytics snapshots, billing and usage records, and operational logs needed to run the product.
Slack message content in customer channels and data on social networks remain governed by those providers’ terms.
Transport and credentials
- Customer traffic uses encrypted transport (HTTPS).
- Connected account tokens are stored to enable publishing and inbox retrieval; revoking access happens when you disconnect a profile or uninstall the app from Slack.
- Do not paste passwords, private API tokens, or unrelated sensitive personal data into Slack messages or support forms.
Privacy policy and AI processing
The public Privacy Policy describes collection, subprocessors, retention, regional rights, and AI-assisted processing. Slash Social does not sell customer workspace content for advertising profiles. AI inputs are processed to deliver requested outputs; they are not used to train foundation models for other customers.
Audit and compliance features
| Plan | Audit capability |
|---|---|
| Team and above | Standard audit history for settings and content actions |
| Scale | Advanced audit log capabilities where enabled on the plan |
Role-gated audit export is limited to org owners and billing owners. See Permissions and personas.
How to use it
Billing admins start privacy actions from Settings > Billing & Plan in /social. See Manage billing and upgrades for the workflow.
| Action | Purpose |
|---|---|
| Export org data | Portability export for the organization |
| Request org deletion | Start org teardown (subject to confirmation, legal hold, and cooldown) |
| Cancel org deletion | Stop a pending org deletion |
| Request user deletion | Remove a specific Slack user’s data from the org |
Backups and audit records may persist for a limited period where required for security, billing, or compliance. See Data, security, and privacy for the admin-facing model.
Details
Support and escalation
| Situation | Contact path |
|---|---|
| Routine export, deletion, or access questions | Org billing admin via in-product flows; otherwise support contact form |
| Confirmed data breach or security incident | [email protected] (not routine deletion tickets) |
| Export or deletion flow is unavailable | Support contact form with workspace, org, requester, and request type |