reference · reference

Security and privacy operations

Current security and privacy operations facts for Slash Social.

Overview

This page summarizes how Slash Social isolates customer data, where admins start privacy actions, and when to escalate to support or security.

What it includes

Tenant isolation

BoundaryRule
OrganizationBilling, limits, and org-wide settings; all queries scoped by org ID
BrandContent, accounts, pillars, campaigns, inbox, and media scoped by brand ID
Slack workspaceBot tokens and workspace context keyed by Slack team ID (not org ID alone)

Users see brands and actions allowed by their roles. Data from one organization is not returned to another.

Data categories stored

The service stores Slack workspace metadata, Slack user identifiers, workflow and content state, brand configuration, connected social account tokens, drafts and media references, approval and audit history, inbox and conversation records, analytics snapshots, billing and usage records, and operational logs needed to run the product.

Slack message content in customer channels and data on social networks remain governed by those providers’ terms.

Transport and credentials

  • Customer traffic uses encrypted transport (HTTPS).
  • Connected account tokens are stored to enable publishing and inbox retrieval; revoking access happens when you disconnect a profile or uninstall the app from Slack.
  • Do not paste passwords, private API tokens, or unrelated sensitive personal data into Slack messages or support forms.

Privacy policy and AI processing

The public Privacy Policy describes collection, subprocessors, retention, regional rights, and AI-assisted processing. Slash Social does not sell customer workspace content for advertising profiles. AI inputs are processed to deliver requested outputs; they are not used to train foundation models for other customers.

Audit and compliance features

PlanAudit capability
Team and aboveStandard audit history for settings and content actions
ScaleAdvanced audit log capabilities where enabled on the plan

Role-gated audit export is limited to org owners and billing owners. See Permissions and personas.

How to use it

Billing admins start privacy actions from Settings > Billing & Plan in /social. See Manage billing and upgrades for the workflow.

ActionPurpose
Export org dataPortability export for the organization
Request org deletionStart org teardown (subject to confirmation, legal hold, and cooldown)
Cancel org deletionStop a pending org deletion
Request user deletionRemove a specific Slack user’s data from the org

Backups and audit records may persist for a limited period where required for security, billing, or compliance. See Data, security, and privacy for the admin-facing model.

Details

Support and escalation

SituationContact path
Routine export, deletion, or access questionsOrg billing admin via in-product flows; otherwise support contact form
Confirmed data breach or security incident[email protected] (not routine deletion tickets)
Export or deletion flow is unavailableSupport contact form with workspace, org, requester, and request type