Slack is committed to helping its customers and users understand and exercise their rights under the California Consumer Privacy Act (CCPA).
- EU-US Privacy Shield
12 more topics
- Product Security
- Audit Logs
Team Administrators can require all users to set up two-factor authentication on their accounts. Instructions for doing this are available in Slack's Help Center.
4 more topics
- Data Security
- Data Encrypted At-Rest
Data at rest in Slack’s production network is encrypted using FIPS 140-2 compliant encryption standards, which applies to all types of data at rest within Slack’s systems—relational databases, file stores, database backups, etc. All encryption keys are stored in a secure server on a segregated network with very limited access.
- Data Encrypted In-Transit
All data transmitted between Slack clients and the Slack service is done so using strong encryption protocols. Slack supports the latest recommended secure cipher suites to encrypt all traffic in transit, including use of TLS 1.2 protocols, AES256 encryption, and SHA2 signatures, whenever supported by the clients.
- Data Retention Policy
3 more topics
- Incident Management & Response
- Data Breach Notification
Slack notifies impacted customers without undue delay of any unauthorized disclosure of their respective Customer Data by Slack or its agents of which Slack becomes aware to the extent permitted by law.
- Incident Response Plan (IRP)
Slack maintains security incident management policies and procedures.
- Availability & Reliability
- Data Redundancy
Customer Data is stored redundantly in multiple locations in the hosting provider’s data centres to ensure availability. Slack has well-tested backup and restoration procedures which allow recovery from a major disaster.
- Infrastructure Redundancy
2 more topics
- Organizational Security
- Confidentiality Agreements
All employees are required to read and sign Slack's comprehensive information security policy covering the security, availability, and confidentiality of the Slack services.
- Employee Background Checks
Slack conducts background checks on all employees before employment.
1 more topic
- Business Continuity
- Disaster Recovery Plan
Slack's operations team tests disaster recovery measures regularly and has a 24-hour on-call team to quickly resolve unexpected incidents.
- Data Backups
- ISO 27001 - Data Center
- Physical Access Control - Data Center
- Threat Management
- Penetration Testing
In addition to compliance audits, Slack engages independent entities to conduct application-level and infrastructurelevel penetration tests at least annually. Results of these tests are shared with senior management and are triaged, prioritized, and remediated in a timely manner. Customers may receive executive summaries of these activities by requesting them from their account executive.
2 more topics
Sign up to view Slack's Subprocessors
Sign up to see the rest of Slack's posture and unlock unlimited access.
Unlimited access to the directory allows you to review and compare thousands of security postures sourced from around the web.