Slack's privacy policy explains what information Slack collects about you when you use their messaging platform, how they use it, and who they share it with. Slack collects things like your messages, files, profile info, and how you use the app, and may share this with partners and service providers. If you're in California or Europe, you have specific rights to access, delete, or opt out of certain data uses.
Technical Summary
Slack's Privacy Policy governs the collection, use, storage, and disclosure of personal data across its platform, distinguishing between data processed as a 'data controller' (visitor/user data) and as a 'data processor' on behalf of enterprise customers ('Customer Data'). The policy covers a broad range of data types including usage data, device information, location data, and communications content, and describes sharing with third-party service providers, partners, and affiliates including Salesforce. Key provisions address international data transfers (including SCCs for EEA/UK data), user rights under GDPR and CCPA (access, deletion, correction, portability, opt-out of sale/sharing), and Slack's use of cookies and tracking technologies. Notably, Slack explicitly states it does not sell personal data in the traditional sense but acknowledges sharing that may qualify as 'sale' or 'sharing' under CCPA, and provides opt-out mechanisms accordingly. The policy also addresses AI/ML feature data use, with Customer Data used for AI features subject to customer controls.
Institutional Analysis
This policy engages GDPR (EU/UK data transfers via SCCs, data subject rights), CCPA/CPRA (sale/sharing opt-out, deletion rights, sensitive data handling), and touches on AI/ML data governance relevan…
This policy engages GDPR (EU/UK data transfers via SCCs, data subject rights), CCPA/CPRA (sale/sharing opt-out, deletion rights, sensitive data handling), and touches on AI/ML data governance relevant to emerging EU AI Act obligations. Enterprise customers acting as 'data controllers' who deploy Sl…
🔒
Compliance intelligence locked
Regulatory exposure, material risk, and due diligence action items.
Slack acknowledges that some of its data sharing with advertising and analytics partners may qualify as a 'sale' or 'sharing' of personal data under California law, and provides California residents with the right to opt out.
Users in the EU and UK have rights to access, correct, delete, restrict, or port their personal data, and can object to certain processing, with requests directed to privacy@slack.com.
Slack transfers personal data from the EU, UK, and Switzerland to the United States and other countries, relying on Standard Contractual Clauses (SCCs) and other approved transfer mechanisms to comply with data protection law.
Slack may use data from its services to train and improve AI and machine learning models, though Customer Data (enterprise workspace content) is subject to customer controls and separate contractual terms.
Slack shares personal data with its parent company Salesforce and affiliated entities for business operations, product integration, and potentially marketing purposes.
Slack distinguishes between 'Customer Data' (content within enterprise workspaces, controlled by the business customer) and other personal data (collected by Slack directly), with different privacy rules applying to each.
Slack shares personal data with third-party vendors and service providers that perform services on its behalf, such as hosting, analytics, customer support, and payment processing.
Slack uses cookies, pixel tags, and similar tracking technologies on its website and within the platform to collect information about user behavior for analytics, advertising, and personalization purposes.
Slack retains personal data for as long as necessary to provide its services, comply with legal obligations, resolve disputes, and enforce agreements, with specific retention periods varying by data type.
Slack's services are not directed at children under 16 (or a higher age in certain jurisdictions), and Slack states it does not knowingly collect personal data from minors.