The privacy and security of our Customer's Personal Data is of the highest importance to our team. We follow best practices for the least privileged permissions and are selective in processing data only required to run our service.

We do not process messages between users in the Slack workspace we are installed in. We consider our Customer's chat messages as highly confidential and as such, do not request those permissions.

We utilize Slack Scopes in order to limit the information we receive from each Slack Workspace. Below, please find the respective data elements and categories we are granted permission by you through Slack's API to process to run our service.

Requested Scopes: Each scope can be respectively found within Slack Scope Documentation

User Token Scopes: This is for when the User / Admin log’s into our portal. We receive an OAuth token from Slack with the following scopes and are only able to make API calls to slack with the limited scopes here.

Scope

Description

Reason

identity.email

View a user’s email address

We use these permissions to associate users to an email address.

identity.avatar

View a user’s Slack avatar

We use these permissions to display the avatar when logging into the Shuffl Portal

identity.basic

View information about a user’s identity

We use these permissions to associate users to a Slack User ID

identity.team

View a user’s Slack workspace name

We use these permissions to associate users to a Slack Team

Bot Token Scopes: We request these scopes upon initial installation of Shuffl into the Slack Workspace. We receive an OAuth Token from Slack with the following scopes so that we can later make requests on behalf of the bot. Listed below are the Slack Webhook Events as well as call the Slack Web API we use with these scopes.

Scope

Description

Reason

Slack Web API Used

Slack Webhook Events Used

app_mentions:read

View messages that directly mention @shuffl in conversations that the app is in

We use these permissions to manage interaction when Shuffl is mentioned

app_mention

channels:join

Join public channels in a workspace

We use these permissions to allow users to join shuffl channels from the app home section.

conversations.join

channels:manage

Manage public channels that Shuffl has been added to and create new ones

We use these permissions to create shuffl channels and invite the app owners to it.

conversations.create

conversations.invite

channels:read

View basic information about public channels in a workspace

We use these permissions to get information from members in a channel and listen to events on channel membership and state.

conversations.info

channel_archive

channel_left

channel_rename

chat:write

Send messages as @shuffl

We use these permissions to send messages to the public shuffl channels.

chat.postEphemeral

chat.postMessage

chat:write.public

Send messages to channels @shuffl isn't a member of

We use these permissions to make it easier for the Shuffl Admin to have Shuffl send an automated message to a group of users that they want to inform about Shuffl.

chat.postMessage

groups:read

View basic information about private channels that Shuffl has been added to

We use these permissions to get information from members in a private channel and listen to events on channel membership and state.

member_joined_channel

member_left_channel

groups:write

Manage private channels that Shuffl has been added to and create new ones

We use these permissions to send messages to the private shuffl channels.

conversations.setTopic

im:history

View messages and other content in direct messages that Shuffl has been added to

We use this in order to receive direct messages to the Shuffl bot in the Slack App Home Messages Tab so that we can respond back.

message.im

im:write

Start direct messages with people

We use these permissions to directly send notifications to users during joining a Shuffl Channel

im.open

mpim:write

Start group direct messages with people

We use these permissions to start a group conversation with users during a Shuffl Event

conversations.open

conversations.setTopic

team:read

View the name, email domain, and icon for workspaces Shuffl is connected to

We use these permissions to gather information on the team during install and any future updates.

team.info

email_domain_changed

team_domain_change

team_rename

users:read

View people in a workspace

We use these permissions to gather information on the user during joining a channel.

users.info

user_change

users:read.email

View email addresses of people in a workspace

We use these permissions to associate users to an email address.

users.info

The following security review is completed during our Application submission through the Slack App Directory: https://api.slack.com/security-review


This is the Slack Documentation that shows the permissions granted and managed for the ability to create and archive channels.

Did this answer your question?