We keep user data indefinitely unless a user deletes their account or workspace. User data is permanently deleted 30 days after deleting an account or workspace.
Data archiving and removal policy
Data storage policy
We use your personal information for a variety of business purposes, including to:
**Provide the Services or Requested Information, such as:**
- Fulfilling our contract with you;
- Identifying and communicating with you, including providing newsletters and marketing materials;
- Managing your information;
- Processing your payments and otherwise servicing your purchase orders;
- Responding to questions, comments, and other requests;
- Providing access to certain areas, functionalities, and features of our Services; and
- Answering requests for customer or technical support.
**Serve Administrative Purposes, such as:**
- Pursuing legitimate interests, such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention;
- Measuring interest and engagement in our Services, including analyzing your usage of the Services;
- Developing new products and services and improving the Services;
- Ensuring internal quality control and safety;
- Authenticating and verifying individual identities;
- Carrying out audits;
- Preventing and prosecuting potentially prohibited or illegal activities;
- Enforcing our agreements; and
- Complying with our legal obligations.
**Marketing Our Products and Services:** We may use personal information to tailor and provide you with content and advertisements. If you have any questions about our marketing practices or if you would like to opt out of the use of your personal information for marketing purposes, you may contact us as set forth below.
**Consent:** We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.
**De-identified and Aggregated Information Use:** We may use personal information and other data about you to create de-identified and/or aggregated information. De-identified and/or aggregated information is not personal information, and we may use and disclose such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes.
If you have any questions or concerns about how such personal information is handled or would like to exercise your rights, you should contact the person or entity (i.e., the data controller) who has contracted with us to use the Service to process this information. Our customers control the personal information in these cases and determine the security settings within the account, its access controls and credentials. We will, however, provide assistance to our customers to address any concerns you may have, in accordance with the terms of our contract with them.
Document data can be deleted upon user request. We will permanently delete it 30 days after the user requests deletion.
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack App Directory, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Supports Single Sign On (SSO) with the following providers
Okta, and any IDP that provides a SAML metadata URL for dynamic configuration.
Supports Security Assertion Markup Language (SAML)