Vacation Tracker | PTO & Leave
All-in-One PTO and Leave Tracker for SlackVacation Tracker is the leading PTO tracker and leave management solution for Slack. Ditch spreadsheets and manual processes and start automating time-off requests, approvals, balances, and more, all without leaving your workspace.Join over 2,500 teams in 100+ countries, from startups to brands like McDonald’s, Adobe, and American Express, already simplifying leave management with us.----Highlights of the App:heavy_check_mark: Track All Types of Leave
Vacation, sick leave, PTO, WFH, TOIL, bereavement, parental leave, you name it. Track it all in one place.:heavy_check_mark: Instant Approvals in Slack
Employees request time off with a slash command without leaving Slack. Managers approve in a click. No email, no friction.:heavy_check_mark: Real-Time Team Visibility
Daily or weekly Slack digests. View who’s in or out with calendar integration (Google, Outlook, iCal).:heavy_check_mark: PTO Accruals, Carryovers & TOIL
Handle complex leave rules with ease. Automate accruals and set up carryover rules per policy.:heavy_check_mark: Multiple Locations and Workweeks
Support for multiple leave policies, time zones, and workweeks. Ideal for global and hybrid teams.:heavy_check_mark: Easy Reporting & Audit Trails
See a complete leave history and generate reports for payroll, HR, or compliance needs.Start Tracking Leave Today- Free 7-day trial, no credit card required
- Instant Slack integration, ready in minutes
- Perfect for growing teams----:robot_face: Large Language Model (LLM) DisclaimerVacation Tracker’s bot supports a slash command and shortcut for leave requests. You may enable natural language conversation in the Web Dashboard (optional and opt-in).This feature uses a Large Language Model (LLM), which may occasionally suggest incorrect dates or leave types. Always review suggestions before submitting. Vacation Tracker and its partners do not use your data to train AI models.
Vacation, sick leave, PTO, WFH, TOIL, bereavement, parental leave, you name it. Track it all in one place.:heavy_check_mark: Instant Approvals in Slack
Employees request time off with a slash command without leaving Slack. Managers approve in a click. No email, no friction.:heavy_check_mark: Real-Time Team Visibility
Daily or weekly Slack digests. View who’s in or out with calendar integration (Google, Outlook, iCal).:heavy_check_mark: PTO Accruals, Carryovers & TOIL
Handle complex leave rules with ease. Automate accruals and set up carryover rules per policy.:heavy_check_mark: Multiple Locations and Workweeks
Support for multiple leave policies, time zones, and workweeks. Ideal for global and hybrid teams.:heavy_check_mark: Easy Reporting & Audit Trails
See a complete leave history and generate reports for payroll, HR, or compliance needs.Start Tracking Leave Today- Free 7-day trial, no credit card required
- Instant Slack integration, ready in minutes
- Perfect for growing teams----:robot_face: Large Language Model (LLM) DisclaimerVacation Tracker’s bot supports a slash command and shortcut for leave requests. You may enable natural language conversation in the Web Dashboard (optional and opt-in).This feature uses a Large Language Model (LLM), which may occasionally suggest incorrect dates or leave types. Always review suggestions before submitting. Vacation Tracker and its partners do not use your data to train AI models.
Permissions
Vacation Tracker | PTO & Leave will be able to view:
Vacation Tracker | PTO & Leave will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
General
Developer
Vacation Tracker Technologies Inc.
Company headquarters location
Canada
Terms of service
Privacy & data governance
Data retention policy
Vacation Tracker stores the minimum required data that our platform uses. We'll automatically delete all the data for our customers one year after the last activity in Vacation Tracker. We will also delete all the organization data upon request. Our users can request data removal by contacting our support. See https://vacationtracker.io/faq for more information. The data will be removed from our system in up to five business days after the request. Vacation Tracker stores the following: * Organization ID and Slack workspace and enterprise IDs * Basic user data for imported Slack users, including their display name, profile photo URL, and user's Slack ID. * User's email address. We use email addresses as unique identifiers for our users. We'll never send anything to these addresses without explicit permission from the user. * Leave tracking data and setting from the Vacation Tracker application itself.
Data archiving and removal policy
Vacation Tracker will remove all data we store for an organization one year after the last interaction with our application or upon request. This data includes everything we keep in our databases for an organization and its users. We'll also remove all logs after three months. However, our log records do not store any data representing a unique identifier for organizations and users.
Data storage policy
We store all Vacation Tracker data in an Amazon DynamoDB database. All stored data is fully encrypted at rest. DynamoDB encryption at rest provides enhanced security by encrypting all our data at rest using encryption keys stored in the AWS Key Management Service (AWS KMS). Critical data, such as leave request reason, is encrypted using a separate AWS KMS key that is deleted when we remove the organization's data.
Data center location(s)
Germany, United States
Data hosting details
Vacation Tracker is built and distributed on Amazon Web Services (AWS), using a serverless architecture and services such as AWS Lambda, AWS AppSync, Amazon API Gateway, Amazon DynamoDB, and others. We are keeping the least possible amount of sensitive data about your team and team members, such as basic information about the users, your leave policies and all of your leave requests. However, even though we store the minimal possible amount of data about your organization, the security of that data is very important for us. We store all Vacation Tracker data in an Amazon DynamoDB database. All stored data is fully encrypted at rest. DynamoDB encryption at rest provides enhanced security by encrypting all our data at rest using encryption keys stored in the AWS Key Management Service (AWS KMS). The data is processed by more than 50 AWS Lambda functions. To keep our security level high, each of our functions is fully isolated and has the least amount of permissions. For example, the service that saves a new leave request does not have permission to read an existing leave request or team and user data. Communication between Slack and our backend application, as well as between our dashboard (frontend) and our backend application goes through a RESTful API built on top of the Amazon API Gateway and GraphQL built using AWS AppSync. All of the APIs created with Amazon API Gateway and AWS AppSync expose HTTPS endpoints only. Amazon API Gateway and AWS AppSync do not support unencrypted (HTTP) endpoints. Also, our API and GraphQL endpoints are protected by Amazon Cognito authorization, and require a valid user token to be able to access the requested data.
Data hosting company
AWS
App/service has sub-processors
yes
Guidelines for sub-processors
App/service uses large language models (LLM)
yes
LLM model(s) used
We are using the Azure OpenAI GPT 4 turbo model (primary model) and the Amazon Bedrock Claude 3 Sonet model (we are currently testing it; we might use it soon for some production workloads).
LLM retention settings
Microsoft Azure stores prompts and generated content for up to thirty (30) days. Amazon Bedrock doesn't store or log LLM data. Vacation Tracker stores the conversation for up to 7 days or until the conversation is resolved.
LLM data tenancy policy
The Azure OpenAI GPT 4o model is in the Azure France Central region. The Amazon Bedrock models are in the AWS eu-central-1 (Frankfurt) region. We use the default data tenancy settings for both Azure OpenAI and Amazon Bedrock.
LLM data residency policy
The Azure OpenAI GPT 4o model is in the Azure France Central region. The Amazon Bedrock models are in the AWS eu-central-1 (Frankfurt) region. We use the default data tenancy settings for both Azure OpenAI and Amazon Bedrock.
Certifications & compliance
SOC attestation
Data deletion request procedure
When an organization wants to delete its data from Vacation Tracker, they need to contact our support through our Helpdesk (https://vacationtracker.crisp.help/en/) or by sending an email using the hello@vacationtracker.io email address. Our team will remove the organization data within five business days after we receive a request. We use Slack to get and display user data, so if the user wants to change or hide some info from the Vacation Tracker dashboard, they'll need to change their display name or profile photo in Slack, and these changes will automatically be displayed in our dashboard.
HIPAA compliant
no
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack Marketplace, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Security
Date of latest pen test
2025-02-07
Executive summary is available to potential customers upon request
yes
Supports Single Sign On (SSO) with the following providers
We use Amazon Cognito for our user management. At the moment, users can log in or sign up to our application by signing in using Slack, Microsoft Active Directory, Google, or username and passsword.
Supports Security Assertion Markup Language (SAML)
no
Has a dedicated security team
yes
Contact for security issues
security@vacationtracker.io
Has a vulnerability disclosure program
yes
Vulnerability disclosure program URL
Vulnerability disclosure program covers Slack app
yes
Has a bug bounty program
no
Requires third party authorization/connections
yes
Third party services used by this app
We use the following:
- AWS as our hosting and data storage platform.
- Slack, Microsoft AD, and Google as SSO platforms.
- Stripe as our payment processor.
- Crisp for customer support.
- Customer.io, Posthog and Google Analytics for analytics.
Uses token rotation
no