Privacy at Slack
Customer trust is at the forefront of everything we do. We protect your data and give you the information and tools that you need to meet your privacy obligations.
Our privacy policyControl
You own and control the content within your Slack workspace
- Your data is your own, including messages, files and other content submitted through Slack
- You can export, edit and delete your data
- You have control over where your data is stored
Ownership and retention that work for you and your team
- Transfer workspace ownership
- Set retention policies that work for you (paid subscriptions only)
- Set customised time frames for keeping messages and files
- Choose whether to retain all versions of an edited or deleted message
TRANSPARENCY
We’re transparent, so that you can have peace of mind
- Have confidence in how Slack uses personal information, as well as when and how we contact customers
- Find clear answers and resources to help you manage email subscriptions in our Help Centre
- Easily manage your cookie preferences
Compliance with global privacy laws and regulations
- We support our customers’ needs through our tooling and contractual commitments
- Data protection is built in – by design and by default
- Data privacy features and technologies for enhancing data privacy are embedded directly into the design of projects and services
Submit a privacy request
We’re here to help! Customers and users can exercise their rights to access or delete data, as well as make general privacy- or security-related enquiries.
PRIVACY REQUEST FORMMore on privacy, compliance and legal at Slack
Frequently asked questions
Customers own and control all content submitted to their workspace. Slack processes customer data on behalf of the customers. See our Privacy policy, Customer terms of service and our User terms of service for more.
The primary owner has ultimate decision-making capabilities, and represents the customer in administering the workspace. As Slack is a tool for business like all enterprise software, employers are responsible for setting standards for behaviour and are in the best position to enforce those standards. There are some privacy-related functions that can only be performed by the primary owner. For example, only the workspace primary owner can transfer ownership of their workspace. If you’re not sure who the primary owner is, visit the About this workspace page to find out.
The Workspace settings page is where members can review info about workspaces that they've joined. Here's what you'll find there:
- Your workspace owners and admins and their contact information
- Your workspace’s subscription
- Message and file retention policies
- Available data export options
The primary owner of a workspace or org controls their workspace’s data (we call this customer data). This includes all of the content submitted by members, along with member profile information. When members leave a workspace or org, they may have the right to request their profile information be deleted by the primary owner. As the data controller, the primary owner is responsible for determining whether profile information requires deletion. Primary owners of a workspace or org can delete a member’s profile information after the account is deactivated.
Depending on your workspace’s settings, you may be able to remove your profile information and/or delete messages and files that you’ve shared before your account is deactivated. Get in touch with a workspace owner or admin if you have any questions about editing and deletion settings.
On the free version of Slack, you’ll have the option to choose whether messages and files are deleted after 90 days, or whether messages and files (including edits) are kept for a year. On paid subscriptions, the default message and file retention setting is to keep everything for as long as the paid workspace exists. Workspace owners can customise their retention policies. They can choose to set a customised time frame for keeping messages and files, and they can also choose to retain all versions of an edited or deleted message.
Slack is committed to ensuring that our infrastructure is secure, redundant and reliable, while providing your team with tools for administering your environment. We are proud to meet industry standards when it comes to protecting your organisation and we’ve outlined many of our security practices and certifications on our website.
Slack provides data encryption in transit and at rest. Read more about our approach to security.
When it comes to transferring data, we offer standard contractual clauses through our Data processing addendum (DPA). Our Data processing addendum supplements the Customer terms of service or any MSA, and is available to all of our customers on free or paid subscriptions.
While we do not rely on the EU–US Privacy Shield and the Swiss–US Privacy Shield for the transfer of personal data, we do self-certify to both programmes. In addition, our privacy practices comply with the Asia-Pacific Economic Cooperation (‘APEC’) Cross-Border Privacy Rules (‘CBPR’) system and the Privacy Recognition for Processors (‘PRP’) system. More information about the APEC framework can be found here.
You can read more in our blog post: A note to our customers on international data transfers.
We adhere to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and other applicable global regulations. Read more about Slack’s commitments and review our latest certifications on our Compliance page.