How data management features apply to canvas
Canvases are a secure way to collaborate on and share information in Slack. Read on to learn more about how security and data management features apply when working in a canvas.
Data retention, editing and deletion
Canvases will follow your organisation’s file retention settings. Keep in mind that file retention policies cannot be set as precisely as message retention, and will apply to any canvas, including those created in conversations.
The following data will be retained for a canvas until the canvas is deleted:
- Canvas content
- Version history
- Comment threads
Note: The retention period for a canvas will be reset after anyone edits it.
Export tools
On the Business+ and Enterprise Grid subscriptions, Workspace owners and org owners can apply to export data from all public channels, private channels and direct messages (DMs). Canvases are exported in HTML format and will only contain the current revision. Here’s what to expect from an export that includes a canvas:
Included
- The current text-based content of the canvas.
- For anchored comments, a reference to the appropriate file conversation message.
- For embedded files, a reference to the appropriate channel message containing the file.
- Date of export.
Not included
- Version history (available in-product only).
- Download URLs for files. Instead, a reference to the appropriate channel message containing the file will be included. That message contains the download URL.
- The text-based content from comments on a canvas. For comments anchored to text in the canvas, export files contain a reference to the file conversation message, and the file conversation message should contain the text. Where the comment isn’t so anchored, it need not be referred to from the export file at all.
Discovery API and Audit log API
On the Enterprise Grid subscription, org owners can use e-discovery and data loss prevention (DLP) solutions to review and regulate content in a canvas. The existing Discovery API endpoints can be used to download and scan a canvas, and to perform operations such as tombstoning or deleting content.
Discovery API
Available operations:
- Find when a canvas has been edited
- Fetch the direct link to a canvas
- Retrieve comments on a canvas
- Tombstone and restore a canvas shared in a message
- Delete a canvas using the API
Audit log API
The following audit log events are captured for canvas:
- Canvas created
- Canvas edited
- Canvas deleted
- Canvas tombstoned
- Canvas restored
- Canvas opened
- Canvas shared
- Canvas unshared
- Canvas access granted
- Canvas access revoked
- Canvas access upgraded
- Canvas access downgraded
- Canvas downloaded
- Link sharing enabled
- Link sharing disabled
Enterprise Key Management
Enterprise Key Management (EKM) allows customers to bring their own encryption keys to control their data. Canvases will use the same key process for encryption as Slack messages, files, etc. If EKM is already active in your organisation, no additional configuration is required for canvas.
-
Key rotation
When an encryption key is rotated, canvas data will be re-encrypted with the new key. -
Key revocation
Access to canvases can be revoked using the same process as file revocation.
Data residency
Data residency for Slack allows your organisation to choose the region where certain types of data are stored. Canvas data at rest will be stored in your selected region. If you’ve already configured data residency for Slack, no additional set-up is required for canvas.
Legal holds
In an Enterprise Grid organisation, anyone with the compliance admin system role can place a legal hold on specific members to preserve their messages and files in Slack.
A canvas in a conversation
A canvas on its own
- Be associated with one of the hold’s custodians AND
- Have been active during the hold period.
Important definitions
Held channels
A ‘held channel’ is one in which a custodian is or ever has been a member. If the creator of the hold specified that it apply only to DMs, then only DM conversations are considered to be ‘held channels’.
Associated with the custodian
The following conditions determine whether a canvas is associated with the custodian:
- Created by the custodian before the end of the hold period
- Shared to a held channel before the end of the hold period
- Edited by the custodian before the end of the hold period.
The following are not considered when determining whether the canvas is associated with a custodian:
- The canvas was viewed by the custodian
- The custodian is in the canvas’s file conversation
- The custodian has starred/saved the canvas
Active during the hold period
For a canvas to be considered active during the hold period, it must:
- Have been created during the hold period
- Have been deleted during the hold period
- Have been shared to a held channel during the hold period
- Had its contents edited, by anyone, during the hold period
- Had a comment created, edited or deleted, by anyone, during the hold period.
Note: Reading a canvas during a hold period does not constitute the canvas being ‘active during the hold period’.