Slack offers meaningful transparency, statutory privacy rights, no CCPA-defined sale of personal data, and documented transfer safeguards. But it also collects broad usage/device/cookie data, permits ad-related sharing, gives employers/admins substantial control over user content and access, and retains some personal data for broad business and legal purposes.
Slack is a workplace messaging platform whose legal setup separates employer-controlled workspace content from Slack-controlled account and usage data. It collects extensive service, device, cookie, and integration data; shares data with admins, vendors, affiliates, sponsors, and third-party apps; offers statutory privacy rights and some transparency resources; and relies heavily on customer administrators to manage retention, access, and deletion of workspace data.
Points of interest
If you use Slack through work, your employer or workspace owner controls messages, files, settings, exports, and many privacy choices. In practice, your organization—not you—usually decides retention, access, and deletion of workspace content.
"The organization ... that entered into the Customer Agreement ... controls its instance of the Services ... and any associated Customer Data."
Workspace owners and admins may access, modify, or restrict your information, including profile details and workspace activity logs. Users should not assume workplace Slack activity is private from their organization.
"Owners, administrators... may be able to access, modify, or restrict access to Information... or to export logs of Workspace activity."
Slack collects extensive non-content data including logs, device identifiers, approximate location, cookies, imported contacts, integration data, and audio/video metadata. This creates a detailed record of how you use the service even outside message content itself.
"Slack also collects... Usage information... Log data... Device information... Location information... Cookie information... Contact information... Audio and video metadata."
Slack states it does not sell personal information as defined by the CCPA and says it would provide a right to opt out before doing so. This is a meaningful privacy commitment, even though ad-related sharing still occurs.
"Slack does not sell... the personal information we collect (and will not sell it without providing a right to opt out)."
Users may have rights to access, correct, delete, restrict, object, and for Californians opt out of certain sharing. Slack also recognizes Global Privacy Control for cookie-based sharing opt-outs.
"you may have the right to request access... update, delete, or correct... California users can... opt out... turn on a Global Privacy Control"
When integrations are enabled, Slack may receive and share data with those providers, which operate under their own privacy policies. Slack expressly does not guarantee those providers fully disclose permissions.
"When Third-Party Services are enabled... Slack may share Information with Third-Party Services... we do not guarantee that they do so."
Slack keeps customer data according to employer instructions, but may retain other personal data as long as necessary for support, audits, legal compliance, disputes, and business interests. This does not give users a firm deletion timeline for all personal data.
"Slack may retain Other Information... for as long as necessary... pursue legitimate business interests, conduct audits, comply with... legal obligations, resolve disputes."
Slack clearly says data may be transferred internationally, including to the U.S., and identifies Standard Contractual Clauses and APEC certifications as safeguards. This is helpful transparency for cross-border data handling.
"Slack uses Standard Contractual Clauses... and the APEC Cross Border Privacy Rules... and Privacy Recognition for Processors."
Slack can change its privacy policy over time and asks users to review it, with extra notice only for material changes to privacy rights. Continued use may effectively mean accepting updated terms unless you deactivate your account.
"Slack may change this Privacy Policy from time to time... If we make changes that materially alter your privacy rights, Slack will provide additional notice."
Slack links to supporting materials like subprocessors, security practices, data request resources, transparency reporting, and data export guidance. That makes it easier for users and organizations to evaluate operational privacy practices.
"Links to other helpful resources are below... Guide to Slack Data Exports... Slack’s Privacy Policy... Slack’s Security Page"
Other Messaging services on AIgree
Compare Slack with…
The 7 clauses that actually matter, the red flags to watch for, in 5 minutes.
Report a problem with this summary
Spot something wrong, missing, or misleading? Tell us — we review every report.
Spot something wrong, missing, or misleading? Tell us — we review every report.
Thanks — your report was submitted and will be reviewed.
Documents
Terms of Service
source ↗- •Slack’s Terms are a binding agreement that govern use of its workplace productivity tools and platform.
- •If you are the Customer, the Main Services Agreement and Supplemental Terms apply to your use of the Services.
- •If you are invited into a workspace by a Customer, the User Terms of Service govern your access and use.
- •The Terms say you should read them carefully before using Slack.
- •Slack provides links to related policies and resources, including privacy, security, data export, and acceptable use information.
- •The document states that the Main Services Agreement is hosted through Salesforce because Slack is a Salesforce company.
- •The page does not describe refunds, termination rules, dispute resolution, or liability limits in the text shown.
- •The Terms were last updated on April 25, 2023.
Privacy Policy
source ↗- •Slack says your employer or workspace owner controls messages, files, and workspace settings, while Slack controls account, usage, device, cookie, and related service data.
- •Slack collects account details, billing information, logs, device and approximate location data, cookies, imported contacts, third-party integration data, and audio or video metadata.
- •Slack uses data to provide and improve services, secure accounts, prevent abuse, manage billing, send required service notices, comply with legal requests, and send marketing.
- •Your information may be shared with your workspace admins, connected workspaces, service providers, affiliates, event sponsors, enabled third-party apps, advisors, and law enforcement when legally required.
- •If you enable third-party integrations, Slack may receive and share data with those providers, which have their own privacy policies and practices.
- •Customer Data retention follows your organization's instructions and settings, while Slack keeps other personal data as needed for support, legal compliance, disputes, and business purposes.
- •Slack transfers personal data internationally, including to the United States, and says it uses Standard Contractual Clauses and APEC certification-related safeguards.
- •You may have rights to access, correct, delete, restrict, or object to some processing, but for workspace data you usually must contact your employer or workspace owner.
- •California users can request disclosure or deletion, opt out of certain ad-related sharing, use Global Privacy Control for cookie-based sharing, and appoint an authorized agent.
- •Slack does not allow users under 16 where prohibited by law, may change this policy with notice for material changes, and cannot guarantee absolute security.
