Slack shares your personal data with Salesforce and its affiliates for service delivery, product improvement, and marketing, and Salesforce's own privacy statement governs how Salesforce uses that data.
This analysis describes what Slack's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Personal data shared with Salesforce is subject to Salesforce's separate privacy framework, meaning the data leaves Slack's stated privacy commitments and enters a broader corporate ecosystem with its own data use practices.
Your personal data, including usage information and potentially account details, may be shared with Salesforce and used for purposes governed by Salesforce's own privacy statement, which users would need to review separately to understand fully.
How other platforms handle this
We may share your personal information with our affiliates, meaning entities that control, are controlled by, or are under common control with Consensys. We also share information with service providers who assist in operating our services, subject to confidentiality obligations.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Loyalty and partner program companies. We share information with our loyalty and partner program companies, like Ulta Beauty and Marriott.
Monitoring
Slack has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share information with Salesforce and its affiliates for the purposes of providing, improving, and developing our services, and marketing our services to you and others. Salesforce is our parent company and processes data for a number of different purposes. To understand how Salesforce uses data, please see the Salesforce Privacy Statement.— Excerpt from Slack's Slack Privacy Policy
REGULATORY LANDSCAPE: This provision engages GDPR Articles 13 and 14 (transparency obligations regarding data recipients), CCPA's disclosure requirements for third-party sharing, and potentially the EU-U.S. Data Privacy Framework for transatlantic transfers. The relevant enforcement authorities are the EDPB member state supervisory authorities for EU/EEA users, the UK ICO, and the FTC for U.S. users. The provision references Salesforce's own privacy statement as the governing instrument for Salesforce's data use, which may create a transparency gap if users do not review that document. GOVERNANCE EXPOSURE: Medium. The authorization to share data with Salesforce affiliates for 'improving and developing our services' is broad and could encompass AI model training or product analytics. Enterprise customers should assess whether their Data Processing Agreements with Slack adequately identify Salesforce as a sub-processor and whether the permitted purposes align with their own data processing records. JURISDICTION FLAGS: EU/EEA customers face heightened exposure because GDPR requires explicit sub-processor disclosure and consent (or legitimate interest) for onward transfers. California residents are entitled under CCPA to know that Salesforce receives their data, and any use for cross-context behavioral advertising would require an opt-out mechanism. The adequacy of transfer safeguards for data moving to Salesforce entities outside the EEA requires confirmation. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should verify that Salesforce is listed as an approved sub-processor in Slack's Data Processing Agreement and that Salesforce's own DPA with Slack includes equivalent protections. Any restrictions in enterprise contracts on data sharing with third parties should be evaluated against this provision. COMPLIANCE CONSIDERATIONS: Organizations should review the Salesforce Privacy Statement to understand downstream data use, and update their own privacy notices to disclose Salesforce as a data recipient. CCPA compliance programs should confirm that the opt-out mechanism covers data shared with Salesforce for purposes beyond service delivery.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Personal data shared with Salesforce is subject to Salesforce's separate privacy framework, meaning the data leaves Slack's stated privacy commitments and enters a broader corporate ecosystem with its own data use practices.
Your personal data, including usage information and potentially account details, may be shared with Salesforce and used for purposes governed by Salesforce's own privacy statement, which users would need to review separately to understand fully.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Slack.