Strac DLP Enterprise
Strac is AI-native data security DLP (Data Loss Prevention) and DSPM (Data Security Posture Management) for Slack. Detect, redact, block, and audit sensitive data across public channels, private channels, direct messages, group DMs, and Slack Connect — in real time, with no agents and no proxies.Strac works across every Slack plan — Free, Pro, Business+, and Enterprise Grid — with ML-based detectors tuned for low false positives.Strac is the only DLP platform that detects and redacts sensitive content INSIDE images, screenshots, PDFs, Word, and Excel files — not just plain text. Payroll screenshots, scanned W-2s, photo-captured credit cards, and diagrams pasted into Slack are all covered.WHAT IT DETECTS
• PII — SSN, driver's license, passport, address, date of birth
• PHI — medical record numbers, ICD-10 codes, patient identifiers
• PCI — credit card numbers, CVV, bank account, routing numbers
• Secrets — API keys, access tokens, SSH keys, OAuth credentials
• Source code with trade-secret content
• Custom patterns — configure detectors specific to your organizationWHAT IT DOES
• Real-time detection and scanning of sensitive messages/files
• Real-time redaction / masking of sensitive content in messages and files
• File blocking, deletion, and quarantine
• Secure Vault — authorized personnel access original content with audit trail
• Historical scanning aka Data Discovery — find and remediate sensitive data already in Slack
• Automated alerting to security teams, channel admins, or the end user
• SIEM-native log export for SOC integrationWHY TEAMS CHOOSE STRAC
• Fastest deployment — live in under 10 minutes via OAuth, no proxy, no TLS break
• Works across every Slack tier, not just Enterprise Grid
• Image and document OCR redaction — the capability most DLP platforms miss
• 50+ integrations beyond Slack (Gmail, Google Drive, Zendesk, Salesforce, SharePoint, OneDrive, Notion, Jira, Intercom, AWS, Azure, GCP) so data is protected everywhere it flows . See https://strac.io/integrations
• Compliance-ready evidence pre-mapped to HIPAA, PCI DSS, SOC 2, ISO 27001, GDPR, CCPA, and NIST AI RMF — continuously generated GET STARTED
• Install and connect in minutes.
• Policies ship pre-configured for HIPAA, PCI, and SOC 2, then tune for your workspace.Visit strac.io/integration/slack-dlp to learn more or strac.io/book-a-demo for a 15-minute walkthrough.
• PII — SSN, driver's license, passport, address, date of birth
• PHI — medical record numbers, ICD-10 codes, patient identifiers
• PCI — credit card numbers, CVV, bank account, routing numbers
• Secrets — API keys, access tokens, SSH keys, OAuth credentials
• Source code with trade-secret content
• Custom patterns — configure detectors specific to your organizationWHAT IT DOES
• Real-time detection and scanning of sensitive messages/files
• Real-time redaction / masking of sensitive content in messages and files
• File blocking, deletion, and quarantine
• Secure Vault — authorized personnel access original content with audit trail
• Historical scanning aka Data Discovery — find and remediate sensitive data already in Slack
• Automated alerting to security teams, channel admins, or the end user
• SIEM-native log export for SOC integrationWHY TEAMS CHOOSE STRAC
• Fastest deployment — live in under 10 minutes via OAuth, no proxy, no TLS break
• Works across every Slack tier, not just Enterprise Grid
• Image and document OCR redaction — the capability most DLP platforms miss
• 50+ integrations beyond Slack (Gmail, Google Drive, Zendesk, Salesforce, SharePoint, OneDrive, Notion, Jira, Intercom, AWS, Azure, GCP) so data is protected everywhere it flows . See https://strac.io/integrations
• Compliance-ready evidence pre-mapped to HIPAA, PCI DSS, SOC 2, ISO 27001, GDPR, CCPA, and NIST AI RMF — continuously generated GET STARTED
• Install and connect in minutes.
• Policies ship pre-configured for HIPAA, PCI, and SOC 2, then tune for your workspace.Visit strac.io/integration/slack-dlp to learn more or strac.io/book-a-demo for a 15-minute walkthrough.
Strac DLP Enterprise will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
General
Developer
Strac Incorporated
Company headquarters location
United States
Terms of service
Privacy & data governance
Data retention policy
Strac retains Slack Customer Data only as long as required to deliver the service and per the customer's configured retention window. Detection event metadata (event ID, channel ID, user ID, sensitive-data type, action taken, timestamp) is retained for the duration of the customer's subscription plus 30 days, or per a shorter customer-configured window. Original content captured to the Strac Vault (only when the customer enables it) is retained per customer policy and is purged on request. Within 30 days of contract termination, Strac deletes all Customer Data unless a longer retention period is required by law.
Data archiving and removal policy
Customers may request export or deletion of their Slack-related data at any time via the Strac admin console or by emailing security@strac.io. Verified deletion requests are completed within 30 days. Upon contract termination, Strac purges all Customer Data within 30 days — including detection events, vault contents, and derived analytic. Audit trails of deletion are retained per SOC 2 evidence requirements.
Data storage policy
Customer Data is stored in Strac's cloud environment on Amazon Web Services (AWS). All data is encrypted at rest with AES-256 using AWS KMS–managed keys, and in transit with TLS 1.2 or higher. Detection event metadata is stored in Amazon DynamoDB; vault content (when enabled) is stored in Amazon S3 with bucket-level encryption, versioning, and least-privilege IAM. Production data is logically segregated by tenant with row-level access controls. Strac operates under SOC 2 Type II, HIPAA (with BAA), and GDPR-aligned controls covering all stored Customer Data.
Data center location(s)
United States
Data hosting details
Cloud-hosted on Amazon Web Services (AWS) as a multi-tenant SaaS.
Data hosting company
AWS
App/service has sub-processors
yes
Guidelines for sub-processors
App/service uses large language models (LLM)
no
Certifications & compliance
SOC attestation
Data deletion request procedure
We handle data deletion requests through a defined process aligned with data protection regulations (e.g., GDPR):
Request intake & verification: Deletion requests are submitted via authorized customer contacts or data subject channels and are verified for authenticity.
Scope identification: We identify all relevant systems, logs, and backups where the requested data may reside.
Execution: Data is securely deleted or anonymized from active systems in accordance with customer-configured retention policies.
Propagation: Deletion is applied across backups and replicas based on standard backup lifecycle schedules.
Confirmation: We provide confirmation once deletion is completed.
Requests are typically fulfilled within 30 days (or earlier where feasible), and all actions are logged and auditable.
HIPAA compliant
yes
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack Marketplace, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Security
Date of latest pen test
2026-04-24
Executive summary is available to potential customers upon request
yes
Supports Single Sign On (SSO) with the following providers
Okta, Google workspace, any SAML 2.0
Supports Security Assertion Markup Language (SAML)
yes
Has a dedicated security team
yes
Contact for security issues
hello@strac.io
Has a vulnerability disclosure program
yes
Vulnerability disclosure program URL
Vulnerability disclosure program covers Slack app
yes
Has a bug bounty program
no
Requires third party authorization/connections
no
Uses token rotation
no