This page contains an overview of data management and security aspects of the Sender service, including information on our GDPR compliance and our data retention policy.
The EU General Data Protection Regulation (GDPR) sets a new standard for how companies use and protect data taking effect from May 2018.
Sender is committed to compliance. Key aspects are listed below.
Personal data items
Once Installed on a Slack workspace, Sender has access to, but does not store the following personal data for each workspace user.
- Full name
- Current Status
- First signed up
- Last seen
- Last login
- User role
- City and country (calculated by user’s IP address location)
Data persistence and removal
All user data is destroyed when a user deletes their Sender account.
Location of data
Sender uses the following 3rd party services.
Slack – https://slack.com/privacy-policy
Google Analytics - https://policies.google.com/technologies/partner-sites
Sender runs in a secure hosted environment on Heroku.
Authentication and Authorisation
Customers are authenticated by Slack using their username and password to prevent unauthorised access to workspace data.
A token is generated by the service upon login. All further requests to Sender are authenticated with the token. The token is validated and before serving each request, and the account id contained in the token is used to authorise the request, so users can only access data from their own account.
Stored data items
Sender stores only data that is necessary to provide the service.
- IDs comprise of letters and numbers, which can’t easily be linked with a users workspace.
- The database doesn’t contain names of workspaces.
- User data will never be shared. However we reserve the right to share anonymous usage statistics in the future.
All data is encrypted using TLS (SSL) while in transit. Credentials and access keys to external data sources are also encrypted when in storage.
If you have data related requests get in touch by emailing firstname.lastname@example.org