Korey
Korey is an AI agent that transforms Slack conversations into dev-ready work. Connect Korey and Slack to capture ideas, bugs, and get answers without leaving your workflow or losing context.Mention Korey in Slack to get started
• @korey log this bug in GitHub
• @korey what did our team ship last week?
• @korey check the codebase for where this is implemented
• @korey create a doc summarizing this security discussionTurn conversations into dev-ready work
• Korey reads thread context and drafts complete tasks with acceptance criteria
• Save tasks and docs to tools you have connected to KoreyStay aligned on progress
• Ask Korey for status updates, summaries, and team velocity
• Get notified when your Scheduled Jobs have runDisclaimer: Korey uses LLMs that have the potential to generate inaccurate results.Read more about our Slack integration: https://docs.korey.ai/connectors/slackA paid Slack plan is required to access the the Korey AI assistant.
• @korey log this bug in GitHub
• @korey what did our team ship last week?
• @korey check the codebase for where this is implemented
• @korey create a doc summarizing this security discussionTurn conversations into dev-ready work
• Korey reads thread context and drafts complete tasks with acceptance criteria
• Save tasks and docs to tools you have connected to KoreyStay aligned on progress
• Ask Korey for status updates, summaries, and team velocity
• Get notified when your Scheduled Jobs have runDisclaimer: Korey uses LLMs that have the potential to generate inaccurate results.Read more about our Slack integration: https://docs.korey.ai/connectors/slackA paid Slack plan is required to access the the Korey AI assistant.
Korey will be able to view:
Korey will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
General
Developer
Shortcut Software LLC
Company headquarters location
United States
Terms of service
Privacy & data governance
Data retention policy
Shortcut shall retain data as long as the company has a need for its use or to meet regulatory or contractual requirements. Once data is no longer needed, it shall be securely disposed of or archived. Data owners, in consultation with legal counsel, may determine retention periods for their data.
By default, a customer’s data is stored for the duration of their contract with Shortcut.
Shortcut may provide the option for customers to delete data after their subscription ends. This request must be made by the customer, and Shortcut may require additional ID verification. Shortcut should hard-delete all information from currently-running production systems within one month of the deletion request.
To uphold the privacy and security of customer data, only designated personnel, specifically Backend Engineers and Customer Support team members, have the authority to initiate the deletion of customer data. This limited access ensures that data deletion is performed accurately and securely.
In addition, Shortcut has a Zero Data Retention agreement in place with Anthropic (primary LLM provider).
Data archiving and removal policy
In addition to the policies outlined in "Data retention policy" above, Shortcut also honors GDPR erasure requests made by customers, fulfilling those requests by completely removing all personally identifiable information from Shortcut systems within thirty days of receipt of the request.
Data storage policy
== Encryption Requirements ==
Shortcut standard assets (as defined by Shortcut’s Asset Management Policy) must have full disk encryption enabled.
Endpoint storage and all customer data at rest should be encrypted using AES-256 standard or higher.
Data in transit should be encrypted using Transport Layer Security (TLS) 1.2 or higher.
Encryption shall be performed in accordance with industry standards, including NIST SP 800-57.
Shortcut will not engage in “roll-your-own” encryption, algorithms, or practices and will not use “security through obscurity” within production infrastructure or applications.
Secure hashing algorithms should meet the standards defined for use in the NIST Secure Hash Standard.
Data masking techniques and encryption algorithms should be reviewed and approved by the security team.
Shortcut-managed wireless networks, including corporate and guest networks, must encrypt data in transit using the WPA2-AES encryption protocol or higher.
Unsupported ciphers, protocols, and algorithms should be disabled.
== Key Management ==
Cryptographic keys must be generated and stored securely, preventing loss, theft, or compromise.
Access to cryptographic keys and secrets must be restricted to authorized individuals and tightly controlled in accordance with the Access Control Policy.
Cryptographic keys must not be stored in source code as plain text.
Cryptographic keys must be transmitted by reliable and secure methods to maintain confidentiality and integrity. Separate communication channels should be used for key and data transfer. The key and encrypted data should not be transferred together via the same medium.
Key generation must be seeded from an industry standard random number generator (RNG). For examples, see NIST Annex C: Approved Random Number Generators for FIPS PUB 140-2.
Public web properties, applicable infrastructure components, and applications using SSL/TLS, SSH, etc., to facilitate the encryption of data in transit should have certificates signed by a known trust certificate authority.
Data center location(s)
United States
Data hosting details
Cloud-hosted on AWS
Data hosting company
AWS
App/service has sub-processors
yes
Guidelines for sub-processors
App/service uses large language models (LLM)
yes
LLM model(s) used
Anthropic's claude-sonnet-4-5, claude-haiku-4-5; same models via AWS Bedrock as a fall-back
LLM retention settings
Shortcut has a Zero Data Retention agreement in place with Anthropic. Per AWS: "Amazon Bedrock doesn't store or log your prompts and completions."
LLM data tenancy policy
From Anthropic: "Anthropic...may process customer data in select countries in the US, Europe, Asia and Australia, and store data in data centers located in the United States." AWS Bedrock is limited to us-east
LLM data residency policy
From Anthropic: "Anthropic...may process customer data in select countries in the US, Europe, Asia and Australia, and store data in data centers located in the United States." AWS Bedrock is limited to us-east
Certifications & compliance
SOC attestation
GDPR commitment
Data deletion request procedure
Shortcut honors GDPR erasure requests made by customers, fulfilling those requests by completely removing all personally identifiable information from Shortcut systems within thirty days of receipt of the request. Deletion requests must be made by sending an email to privacy@shortcut.com with the subject line "GDPR Notice" as specified on https://www.shortcut.com/gdpr-privacy.
HIPAA compliant
yes
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack Marketplace, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Security
Date of latest pen test
2025-09-29
Executive summary is available to potential customers upon request
yes
Supports Security Assertion Markup Language (SAML)
no
Has a dedicated security team
yes
Contact for security issues
security@shortcut.com
Has a vulnerability disclosure program
yes
Vulnerability disclosure program URL
Vulnerability disclosure program covers Slack app
yes
Has a bug bounty program
no
Requires third party authorization/connections
yes
Third party services used by this app
WorkOS; AWS; Anthropic; users may connect their Shortcut, GitHub, Devin.ai, Cursor (cloud agents), or Jules accounts to integrate with Korey.
Uses token rotation
no