The privacy and security of our Customer's Personal Data is of the highest importance to our team. We follow best practices for the least privileged permissions and are selective in processing data only required to run our service.
We do not process messages between users in the Slack workspace we are installed in. We consider our Customer's chat messages as highly confidential and as such, do not request those permissions.
We utilize Slack Scopes in order to limit the information we receive from each Slack Workspace. Below, please find the respective data elements and categories we are granted permission by you through Slack's API to process to run our service.
Requested Scopes: Each scope can be respectively found within Slack Scope Documentation
User Token Scopes: This is for when the User / Admin log’s into our portal. We receive an OAuth token from Slack with the following scopes and are only able to make API calls to slack with the limited scopes here.
Scope | Description | Reason |
View a user’s email address | We use these permissions to associate users to an email address. | |
View a user’s Slack avatar | We use these permissions to display the avatar when logging into the Shuffl Portal | |
View information about a user’s identity | We use these permissions to associate users to a Slack User ID | |
View a user’s Slack workspace name | We use these permissions to associate users to a Slack Team |
Bot Token Scopes: We request these scopes upon initial installation of Shuffl into the Slack Workspace. We receive an OAuth Token from Slack with the following scopes so that we can later make requests on behalf of the bot. Listed below are the Slack Webhook Events as well as call the Slack Web API we use with these scopes.
Scope | Description | Reason | Slack Web API Used | Slack Webhook Events Used |
View messages that directly mention @shuffl in conversations that the app is in | We use these permissions to manage interaction when Shuffl is mentioned |
| ||
Join public channels in a workspace | We use these permissions to allow users to join shuffl channels from the app home section. |
| ||
Manage public channels that Shuffl has been added to and create new ones | We use these permissions to create shuffl channels and invite the app owners to it. |
| ||
View basic information about public channels in a workspace | We use these permissions to get information from members in a channel and listen to events on channel membership and state. | |||
Send messages as @shuffl | We use these permissions to send messages to the public shuffl channels. |
| ||
Send messages to channels @shuffl isn't a member of | We use these permissions to make it easier for the Shuffl Admin to have Shuffl send an automated message to a group of users that they want to inform about Shuffl. |
| ||
View basic information about private channels that Shuffl has been added to | We use these permissions to get information from members in a private channel and listen to events on channel membership and state. |
| ||
Manage private channels that Shuffl has been added to and create new ones | We use these permissions to send messages to the private shuffl channels. |
|
| |
View messages and other content in direct messages that Shuffl has been added to | We use this in order to receive direct messages to the Shuffl bot in the Slack App Home Messages Tab so that we can respond back. |
| ||
Start direct messages with people | We use these permissions to directly send notifications to users during joining a Shuffl Channel |
| ||
Start group direct messages with people | We use these permissions to start a group conversation with users during a Shuffl Event |
|
| |
View the name, email domain, and icon for workspaces Shuffl is connected to | We use these permissions to gather information on the team during install and any future updates. | |||
View people in a workspace | We use these permissions to gather information on the user during joining a channel. | |||
View email addresses of people in a workspace | We use these permissions to associate users to an email address. |
|
The following security review is completed during our Application submission through the Slack App Directory: https://api.slack.com/security-review
This is the Slack Documentation that shows the permissions granted and managed for the ability to create and archive channels.