Privacy Policy

Last Updated: January 2025

TL;DR: We only collect what's necessary to run the service. We never sell your data. You can request deletion anytime.

1. Information We Collect

When You Install Our Slack App

  • Email address - Retrieved via Slack API for account creation and billing
  • User ID and name - From your Slack profile
  • Slack workspace ID and name - To identify your workspace
  • Selected notification channel - Where you want to receive alerts
  • Slack bot access token - Encrypted and stored securely to send notifications

Operational Data

  • Alert history - Record of platform issues we've notified you about (kept for 90 days)
  • Last check timestamps - When we last checked for issues
  • Subscription status - Active, cancelled, past due, etc.

Payment Information

  • Stripe customer ID - Reference only, no credit card data stored by us
  • Stripe subscription ID - To manage your subscription
  • Subscription dates and status - For billing purposes

We DO NOT collect:

  • ❌ Credit card information (handled exclusively by Stripe)
  • ❌ Slack message content
  • ❌ Browsing history
  • ❌ Personal information beyond what's necessary

2. How We Use Your Information

  • Provide the service - Monitor ad platform status and send Slack notifications
  • Process payments - Via Stripe for subscription billing
  • Customer support - To help you with issues or questions
  • Service improvements - Aggregate anonymized metrics only

We DO NOT:

  • ❌ Sell your data to third parties
  • ❌ Use your data for advertising
  • ❌ Share data with AI/ML training services
  • ❌ Send marketing emails (except service updates)

3. Data Storage & Security

Where Data is Stored

  • Database: PostgreSQL on Railway (AWS US-East)
  • Data residency: United States only
  • Backups: Daily, retained for 7 days

Security Measures

  • Encryption at rest: AES-256
  • Encryption in transit: TLS 1.3 (HTTPS only)
  • Slack tokens: Encrypted with Fernet symmetric encryption
  • Access control: Database restricted to application only
  • Regular updates: Security patches applied promptly

4. Data Retention

Active Subscriptions

  • All data retained during active subscription
  • Alert history: 90 days
  • Operational logs: 30 days

Cancelled Subscriptions

  • Slack tokens: Deleted immediately
  • Account data: 30-day grace period, then deleted
  • Payment records: Retained 7 years for tax/accounting compliance

Inactive Accounts

  • Never completed subscription: Deleted after 90 days
  • OAuth tokens for inactive accounts: Deleted after 90 days

5. Data Sharing

We Share Data With:

  • Stripe - Payment processing only (email address, customer ID)
  • Slack - OAuth tokens (returned by Slack, stored by us)

We DO NOT Share With:

  • ❌ Advertisers
  • ❌ Data brokers
  • ❌ Marketing companies
  • ❌ AI/ML training services
  • ❌ Any other third parties

6. Your Rights

Access Your Data

Email [email protected] with subject "Data Access Request"

Response time: Within 7 business days

Delete Your Data

Options:

  1. Email [email protected] with subject "Data Deletion Request"
  2. Uninstall the app from Slack workspace settings
  3. Cancel subscription via Stripe customer portal

What happens:

  • Slack tokens deleted within 24 hours
  • User data deleted within 7 business days
  • Payment records retained 7 years (legal requirement)
  • Confirmation email sent when complete

Export Your Data

Email [email protected] with subject "Data Export Request"

Receive JSON file with all your data within 7 business days

Correct Your Data

Update directly in Settings or email support

7. Compliance

GDPR (European Users)

  • ✅ Right to access
  • ✅ Right to deletion
  • ✅ Right to portability
  • ✅ Data minimization
  • ✅ Purpose limitation
  • ✅ Clear consent

CCPA (California Users)

  • ✅ We do not sell personal information
  • ✅ Right to deletion
  • ✅ Right to access
  • ✅ Transparent disclosure

8. Cookies & Tracking

We use minimal cookies:

  • Session cookie - To keep you logged in (required)
  • OAuth state - To prevent CSRF attacks during installation (required)

We DO NOT use:

  • ❌ Tracking cookies
  • ❌ Advertising cookies
  • ❌ Third-party analytics (no Google Analytics, etc.)

9. Data Breach Notification

In the unlikely event of a data breach:

  • Notification: Within 72 hours of discovery
  • Method: Email and in-app banner
  • Details provided: What happened, data affected, steps taken, your options

10. Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

11. Changes to This Policy

Notification: 30 days before major changes via email

Change log: Maintained at this page

Review schedule: Quarterly

12. Contact Us

Data Protection & Privacy

Email: [email protected]

General Support

Email: [email protected]

Response Time: Within 24 hours

Questions About This Policy?

We're happy to clarify anything. Email us at [email protected]

Effective Date: January 2025