What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This policy engages GDPR and UK GDPR through Slack Technologies Limited (EEA/UK controller), citing Standard Contractual Clauses and adequacy decisions for international data transfers, and references the EU-U.S. Data Privacy Framework. CCPA/CPRA is addressed through explicit opt-out mechanisms and a 'Do Not Sell or Share My Personal Information' disclosure. The policy's statement that the service is not directed at children under 13 (or 16 in some jurisdictions) engages C…

How does Slack's Slack Privacy Policy affect users?

For users accessing Slack through an organization, the workspace administrator holds authority to access, export, and delete message content and account data, and individual users exercise data subject rights through their administrator or directly with Slack via privacy@slack.com or the Privacy Request portal at https://slack.com/trust/data-privacy/privacy-request. Slack shares collected personal data with Salesforce affiliates and third-party service providers as specified in the policy.

How often is Slack's Slack Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Slack updates this document?

Yes. Watcher subscribers ($9.99/month) can add Slack to their watchlist and receive same-day email alerts whenever this document or any other Slack document changes.

CA-D-000192

Slack Privacy Policy

Slack

Last change detected April 19, 2026 Privacy policy

SHA-256: f92538879ef8296e974… 2 versions captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Slack ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

1 High severity

6 Medium severity

1 Low severity

Summary

Slack's Privacy Policy establishes the categories of personal information Slack collects during platform use, including messages, files, usage patterns, device information, and inferred location data. The policy designates workspace administrators—typically employed by the organization using Slack—as the primary controller of message content and account data for users within that organization, with Slack's data handling obligations running to the organization rather than individual users. California residents are afforded opt-out rights through mechanisms identified in Slack's website footer.

Technical / Legal Breakdown

This document is Slack's global Privacy Policy, governing the collection, use, and disclosure of personal data across Slack's services, with Slack Technologies, LLC (a Salesforce company) serving as the primary data controller for most users and Slack Technologies Limited acting as controller for users in the EEA, UK, and Switzerland. The policy states that Slack collects data across three categories: information users provide directly (name, email, payment info, content), information collected automatically (usage data, device identifiers, log files, cookies, location inferred from IP), and information from third parties (identity providers, connected apps, partners); the terms authorize use of this data for service operation, marketing, analytics, safety, and 'developing and improving' Slack's products. Notably, the policy draws a structural distinction between 'Customer Data' (content controlled by workspace administrators, including messages and files) and other personal data Slack controls directly, meaning individual users within an organization may have limited direct rights against Slack for their own message content, with those rights mediated through the employing or administering organization. The policy engages GDPR and UK GDPR (citing Standard Contractual Clauses and adequacy decisions for international transfers), CCPA/CPRA for California residents (with explicit opt-out rights for certain data uses and a 'Do Not Sell or Share My Personal Information' link), and references COPPA by stating the service is not directed at children under 13 (or 16 in certain jurisdictions). Compliance teams operating Slack in regulated industries (healthcare, financial services, education) should note that the policy's broad data use authorizations for 'improving services' and sharing with Salesforce affiliates may require evaluation under HIPAA, GLBA, and FERPA depending on the nature of Customer Data processed.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

High — 1 provision

Customer Data Controlled by Workspace Administrators Compare →

If you use Slack through your employer or another organization, that organization (not Slack) controls your messages and files, and their privacy rules apply to that content, not this policy.

Added May 9, 2026 Standard Seen across 178 platforms

Medium — 6 provisions

Data Sharing with Salesforce Affiliates Compare →

Slack shares your personal data with Salesforce and its affiliates for service delivery, product improvement, and marketing, and Salesforce's own privacy statement governs how Salesforce uses that data.

Added May 9, 2026 Standard Seen across 246 platforms
Do Not Sell or Share My Personal Information (CCPA Opt-Out) Compare →

California residents can opt out of Slack selling or sharing their personal information for targeted advertising by clicking a link in the Slack website footer, and can also request access, deletion, or correction of their data.

Added May 9, 2026 Standard Seen across 262 platforms
International Data Transfers (SCCs and Adequacy Decisions) Compare →

When Slack transfers your personal data from Europe, the UK, or Switzerland to the United States, it relies on Standard Contractual Clauses, adequacy decisions, or the EU-U.S. Data Privacy Framework as legal safeguards.

Added May 9, 2026 Standard Seen across 246 platforms
Use of Data for AI and Product Improvement Compare →

Slack may use information about how you use the service, potentially including content and usage data, to train its AI and machine learning models as part of product improvement.

Added May 9, 2026 Common Seen across 104 platforms
Cookies and Automated Tracking Compare →

Slack and its third-party partners use cookies and similar tracking tools to collect information about your device, browsing behavior, and how you interact with Slack's website and services.

Added May 9, 2026 Standard Seen across 251 platforms
User Rights (Access, Deletion, Correction, Portability) Compare →

Depending on where you live, you may have rights to access, delete, correct, or export your personal data held by Slack, and can exercise these rights by submitting a request online or by email.

Added May 9, 2026 Standard Seen across 223 platforms

Low — 1 provision

Children's Privacy Restriction Compare →

Slack does not knowingly collect data from children under 13 (or 16 in some countries), and will delete such data if discovered.

Added May 9, 2026 Standard Seen across 262 platforms

Monitoring

Slack has updated this document before.

Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

Professional Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Professional free trial

Cross-platform context

See how other platforms handle AI and Machine Learning Data Use and similar clauses.

Compare across platforms →