Slack · Slack Sub-Processors (Salesforce) · View original document ↗

Generative AI Sub-processors for Multiple Covered Services

Medium severity High confidence Explicitdocumentlanguage Unique · 0 of 352 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Slack Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

This provision discloses that OpenAI and Microsoft Corporation (Azure) are authorized sub-processors for generative AI services across multiple covered services including Automotive Cloud, Consumer Goods Cloud, Financial Services Cloud, Education Cloud, Enhanced Messaging, and Agentforce Operations, with Customer Data processed in the United States and additional regions depending on the service.

This analysis describes what Slack's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The document establishes that generative AI processing by OpenAI and Microsoft Azure is integrated across a broad range of covered services, meaning Customer Data from financial services, education, consumer goods, and automotive contexts may be processed by these providers depending on which generative AI features are enabled, requiring organizations to evaluate whether their DPAs and transfer mechanisms cover generative AI sub-processing by these specific entities.

Consumer impact (what this means for users)

Under the terms disclosed in this document, Customer Data from multiple Salesforce service categories, including Financial Services Cloud, Education Cloud, Automotive Cloud, and Consumer Goods Cloud, may be processed by OpenAI and Microsoft Azure for generative AI functionality when those features are enabled. The processing locations include the United States and, for Azure, multiple additional countries depending on the service.

Cross-platform context

See how other platforms handle Generative AI Sub-processors for Multiple Covered Services and similar clauses.

Compare across platforms →

Monitoring

Slack has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
Provider of generative artificial intelligence services. OpenAI, L.L.C. United States In the event of a failover, Customer Data is temporarily re-routed to an endpoint hosted on Microsoft Azure and priority will be given to the region in which Customer's org is provisioned, subject to availability.

— Excerpt from Slack's Slack Sub-Processors (Salesforce)

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY LANDSCAPE: Generative AI processing by OpenAI and Microsoft Azure engages GDPR Article 28 sub-processing obligations, applicable AI governance frameworks including the EU AI Act for deployments within scope, and sector-specific data handling requirements applicable to financial services data (under applicable financial services regulations) and education data. The FTC has asserted authority over AI-related data practices affecting US consumers. Relevant enforcement authorities include EU supervisory authorities, the UK ICO, and sector-specific regulators depending on the data category. (2) GOVERNANCE EXPOSURE: Medium to High for organizations in regulated sectors. Financial Services Cloud and Education Cloud customers processing personal data through OpenAI or Azure generative AI features face the most direct sector-specific exposure, given that financial and education data may be subject to heightened protection requirements under applicable sector regulations. (3) JURISDICTION FLAGS: EU and EEA customers must ensure that generative AI processing by US-based providers is covered by an appropriate transfer mechanism. California organizations should evaluate CCPA applicability to Customer Data processed by OpenAI. Organizations in jurisdictions with AI-specific regulations should assess whether generative AI processing under these terms triggers disclosure or conformity obligations. (4) CONTRACT AND VENDOR IMPLICATIONS: Legal teams should confirm that DPAs with Salesforce explicitly authorize OpenAI and Microsoft Azure as generative AI sub-processors for each specific service where these features are enabled. Organizations in regulated sectors should assess whether additional contractual protections, data use restrictions, or audit rights are required for generative AI processing of sensitive data categories. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should identify all generative AI features enabled across their Salesforce environment, confirm that OpenAI and Azure sub-processing is authorized under applicable DPAs and transfer mechanisms for each affected service, and evaluate whether sector-specific AI governance or data protection obligations apply to the processing described in this document.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 3 platforms — free Get Monitor

Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has asserted authority over AI-related data practices and unfair or deceptive acts affecting US consumers and businesses, relevant to generative AI processing of Customer Data by OpenAI and Azure sub-processors.
    File a complaint →

Provision details

Document information
Document
Slack Sub-Processors (Salesforce)
Entity
Slack
Document last updated
July 6, 2026
Tracking information
First tracked
July 6, 2026
Last verified
July 6, 2026
Record ID
CA-P-013442
Document ID
CA-D-00931
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
c9a4265bad5be0ead8d6b94ae1851641116635e9c04e0405cd39f87622f9770f
Analysis generated
July 6, 2026 23:13 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Slack
Document: Slack Sub-Processors (Salesforce)
Record ID: CA-P-013442
Captured: 2026-07-06 23:13:04 UTC
SHA-256: c9a4265bad5be0ea…
URL: https://conductatlas.com/platform/slack/slack-sub-processors-salesforce/generative-ai-sub-processors-for-multiple-covered-services/
Accessed: July 7, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Get Compliance

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Slack's Generative AI Sub-processors for Multiple Covered Services clause do?

The document establishes that generative AI processing by OpenAI and Microsoft Azure is integrated across a broad range of covered services, meaning Customer Data from financial services, education, consumer goods, and automotive contexts may be processed by these providers depending on which generative AI features are enabled, requiring organizations to evaluate whether their DPAs and transfer mechanisms cover generative AI …

How does this clause affect you?

Under the terms disclosed in this document, Customer Data from multiple Salesforce service categories, including Financial Services Cloud, Education Cloud, Automotive Cloud, and Consumer Goods Cloud, may be processed by OpenAI and Microsoft Azure for generative AI functionality when those features are enabled. The processing locations include the United States and, for Azure, multiple additional countries depending on the service.

Is ConductAtlas affiliated with Slack?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Slack.