Slack shares your personal data with Salesforce and its affiliates for service delivery, product improvement, and marketing, and Salesforce's own privacy statement governs how Salesforce uses that data.
This analysis describes what Slack's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Personal data shared with Salesforce is subject to Salesforce's separate privacy framework, meaning the data leaves Slack's stated privacy commitments and enters a broader corporate ecosystem with its own data use practices.
Your personal data, including usage information and potentially account details, may be shared with Salesforce and used for purposes governed by Salesforce's own privacy statement, which users would need to review separately to understand fully.
How other platforms handle this
We share your personal data with your consent or as necessary to complete any transaction or provide any product you have requested or authorized. We also share data with Microsoft-controlled affiliates and subsidiaries; with vendors or agents working on our behalf for the purposes described in this...
We may share your information with third-party advertising partners to provide you with targeted advertising. We also work with third-party analytics providers who help us understand how users interact with our Services. These third parties may use cookies, web beacons, and similar tracking technolo...
We process personal data you provide to Oura to enable third party integrations, services, features, and offerings. For example, with your permission, our Services may integrate with third-party services like Google Health Connect and Apple HealthKit, or those of our partners. Oura takes measures to...
Monitoring
Slack has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may share information with Salesforce and its affiliates for the purposes of providing, improving, and developing our services, and marketing our services to you and others. Salesforce is our parent company and processes data for a number of different purposes. To understand how Salesforce uses data, please see the Salesforce Privacy Statement.— Excerpt from Slack's Slack Privacy Policy
REGULATORY LANDSCAPE: This provision engages GDPR Articles 13 and 14 (transparency obligations regarding data recipients), CCPA's disclosure requirements for third-party sharing, and potentially the EU-U.S. Data Privacy Framework for transatlantic transfers. The relevant enforcement authorities are the EDPB member state supervisory authorities for EU/EEA users, the UK ICO, and the FTC for U.S. users. The provision references Salesforce's own privacy statement as the governing instrument for Salesforce's data use, which may create a transparency gap if users do not review that document. GOVERNANCE EXPOSURE: Medium. The authorization to share data with Salesforce affiliates for 'improving and developing our services' is broad and could encompass AI model training or product analytics. Enterprise customers should assess whether their Data Processing Agreements with Slack adequately identify Salesforce as a sub-processor and whether the permitted purposes align with their own data processing records. JURISDICTION FLAGS: EU/EEA customers face heightened exposure because GDPR requires explicit sub-processor disclosure and consent (or legitimate interest) for onward transfers. California residents are entitled under CCPA to know that Salesforce receives their data, and any use for cross-context behavioral advertising would require an opt-out mechanism. The adequacy of transfer safeguards for data moving to Salesforce entities outside the EEA requires confirmation. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should verify that Salesforce is listed as an approved sub-processor in Slack's Data Processing Agreement and that Salesforce's own DPA with Slack includes equivalent protections. Any restrictions in enterprise contracts on data sharing with third parties should be evaluated against this provision. COMPLIANCE CONSIDERATIONS: Organizations should review the Salesforce Privacy Statement to understand downstream data use, and update their own privacy notices to disclose Salesforce as a data recipient. CCPA compliance programs should confirm that the opt-out mechanism covers data shared with Salesforce for purposes beyond service delivery.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Personal data shared with Salesforce is subject to Salesforce's separate privacy framework, meaning the data leaves Slack's stated privacy commitments and enters a broader corporate ecosystem with its own data use practices.
Your personal data, including usage information and potentially account details, may be shared with Salesforce and used for purposes governed by Salesforce's own privacy statement, which users would need to review separately to understand fully.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Slack.