Data retention policy
All data is stored on Google Cloud Platform. Application data (workspace installation, campaigns, and acknowledgement records) is held in a managed PostgreSQL database. Generated CSV compliance reports are stored in Google Cloud Storage. All data is encrypted in transit (TLS) and encrypted at rest using Google Cloud's default encryption. The only personal identifiers stored are Slack user IDs; we do not store names, email addresses, or the content of policy documents (only a link to them). Slack OAuth access tokens are stored to operate the app and are erased when the app is uninstalled. Access to the production database and storage is restricted to the app operator.
Data archiving and removal policy
Installation and campaign data is retained for as long as the app remains installed in the workspace. Acknowledgement and audit-event records are retained as a compliance audit trail for the life of the installation, since providing durable proof of acknowledgement is the app's core purpose. Generated CSV export files are temporary: their download links expire after 1 hour and the files are automatically deleted from storage within 1 day.
Data storage policy
Within the app, campaigns can be "archived", which hides them from the active view while retaining their records. When the app is uninstalled from a workspace, the stored Slack access tokens are erased; the installation record is retained only as a soft-deleted audit entry. A workspace owner may request full deletion of their workspace's data at any time by contacting support@getack.co, after which all associated records are permanently deleted.
Data hosting details
Cloud hosted
App/service has sub-processors
no
App/service uses large language models (LLM)
no