Optimo Slack App — Privacy Notice
Last updated: 2025-09-29
This Privacy Notice explains how the Optimo Slack app ("App") by Optimo processes information when it delivers surveys, reminders, and kudos features inside Slack workspaces. It applies to the App as installed in your Slack workspace. For broader use of the Optimo platform (web application, analytics), see your organization’s master agreement and privacy documentation.
Summary
Purpose: deliver survey assignments, reminders, and kudos workflows in Slack.
Scope: only processes data necessary to send messages, receive your actions, and save survey responses.
Security: encryption in transit and at rest, field‑level encryption for PII with blind indexing, strict tenant isolation.
Control: workspace admins can uninstall the app at any time; users can opt out of Slack messages where enabled.
Data We Collect and Why
We process the minimum data needed to operate the App and link Slack users to survey assignments in Optimo.
Workspace and installation details
Slack team/workspace identifiers (team_id, name, domain)
App and bot identifiers (app_id, bot_user_id)
OAuth scopes granted to the app
Installer info (authed_user_id and, if provided by Slack, installer email)
OAuth tokens required to send messages as the app
Why: authenticate to Slack, post messages, and respect the permissions your admin approved.
User linkage (workspace members who receive surveys or use features)
Slack user ID, display name, username
Work email (if provided by Slack) for employee matching
Direct message channel ID for one‑to‑one messaging
Active/opt‑out status and basic sync status
Why: match Slack users to their employee record in Optimo and deliver survey assignments or kudos flows.
Survey delivery, sessions, and responses
Survey assignment metadata (secure assignment token, expiry, sent_via="slack")
Session state for in‑progress surveys (current question index, ephemeral answers, message timestamps, reminder counters, expiration time)
Final survey response upon submission (associated to the assignment and employee) including timestamps, calculated scores, and submission metadata (IP and user agent from the submission event when applicable)
Why: allow users to start/continue/submit a survey in Slack and persist the final response to Optimo.
Interaction and command events
App‑related events the app receives (e.g., button clicks, slash commands, app mentions)
Minimal request metadata from Slack required to complete the action (channel ID, message timestamps, response_url)
Why: render interactive blocks, advance survey questions, and provide user feedback.
Kudos (if enabled by your workspace)
Kudos message text, recipients, channel/thread identifiers, reaction/reply counts, and posting user
Why: provide a lightweight recognition workflow and related analytics to your organization.
Permissions (Slack Scopes)
The App requests only the scopes needed for surveys and kudos. Your admin approves these during installation. Representative scopes include:
app_mentions:read, channels:history, channels:join, channels:manage, channels:read, chat:write, chat:write.customize, chat:write.public, commands, groups:read, im:history, im:read, im:write, mpim:read, reactions:read, reactions:write, team:read, users:read, users:read.email.
Some features (e.g., kudos reactions) require reactions:write. Your admin may disable optional features to reduce scopes.
How We Use the Data
Deliver and manage survey assignments in Slack (send, remind, resume, submit)
Record final survey responses in Optimo for your organization’s analytics
Provide kudos recognition features if enabled
Operate and secure the App (logging for reliability and abuse prevention)
Security Measures
Transport security: all communications occur over TLS.
Encryption at rest: PII fields (e.g., emails, names) use field‑level encryption with blind indexing; encryption keys are managed per‑tenant and integrated with AWS KMS in production.
Tenant isolation: data is logically isolated per organization, with role‑based access controls and audit trails.
Session safety: survey sessions have explicit expiration (typically 24 hours) and store only the temporary data required to resume a survey.
Data Retention
Survey sessions expire automatically and are used only to resume in‑progress surveys; final responses are saved to Optimo once submitted.
Interaction metadata is kept only as long as needed to deliver features, troubleshoot issues, and protect the service.
Your organization’s data retention settings in Optimo govern how long survey responses are retained for analytics.
Data Sharing
Slack is the communications platform used to deliver messages you receive from the App.
We may use sub‑processors (e.g., cloud hosting and monitoring providers) to operate the service; they are bound by confidentiality and security obligations.
We do not share personal data with third parties for advertising.
International Transfers and Residency
Data may be hosted in the region configured for your organization (e.g., US or EU environments). Cross‑border transfers, where applicable, rely on appropriate safeguards.
Your Choices and Rights
Opt out: where enabled by your admin, you may opt out of Slack survey messages; you can also ignore or mute the App.
Uninstall: workspace admins can uninstall the App at any time; the App will stop sending Slack messages.
Access/Deletion: as a processor to your employer, we handle data‑subject requests routed through your organization’s administrator. Admins may contact us to facilitate access, correction, or deletion consistent with law and contractual terms.
Children’s Data
The App is intended for workplace use and not directed to children.
Changes to this Notice
We may update this notice to reflect operational or legal changes. We will post the updated date above and, where appropriate, notify workspace admins.
Contact
For privacy inquiries or data‑subject requests, please contact your organization’s administrator or email hello@optimoteams.com.