Bytemonk Data Risk Management Platform Privacy Policy
1. Slack Workspace Data We Access
Message Data
- Channel messages (public channels if authorized) – read-only
- Threads and replies – read-only
- Message metadata (user ID, timestamps, channel ID)
File Data
- File metadata (file name, owner, upload time, channel)
- File content (read-only)
User & Channel Metadata
- Workspace user profile metadata (username, display name, emails)
- Channel details (name, type, members)
We request minimum required scopes to perform DLP scanning and policy enforcement.
2. How We Use Slack User Data
Slack data is used only for enterprise security and compliance:
Security Scanning & DLP Enforcement
Analyze messages/files for sensitive data such as PII, credentials, financial information, source code
Real-Time Alerts & Response
Notify admins when high-risk data exposure is detected
Policy Enforcement
Apply organization-defined controls (flag, quarantine, restrict visibility)
Audit & Compliance Reporting
Maintain logs necessary for SOC2, ISO27001, GDPR, or internal policy compliance
We do not use Slack data for:
- Advertising
- User profiling
- Marketing purposes
- Selling or monetizing data
3. Data Retention Policy
- Bytemonk retains only essential data required for reporting and audit purposes
- Message and file contents retrieved from Slack are processed in-memory and not permanently stored.
- Only violation metadata (such as user ID, channel ID, rule triggered, and timestamp) is stored.
- Retention duration for metadata is 30 days by default, configurable by workspace administrators.
- All retained data is automatically purged after the retention period.
4. Data Sharing
Data is only shared with:
- With your organization’s authorized administrators
(for monitoring alerts, violations, and audit logs). - To comply with legal obligations
(only when required by applicable law or valid legal process).
We do not sell, rent, or trade user data.
5. User Consent & Admin Authorization
- Slack Workspace Admin authorizes access via OAuth scopes
- Platform operates only within the workspace authorized by your administrator
6. Data Security
We implement industry-standard security measures, including:
- Encryption in transit (TLS 1.2+) and at rest (AES-256)
- Strict role-based access control
- Periodic vulnerability assessments
- Continuous monitoring and threat detection
- Least-privilege principle for all system components
7. Data Archival/Removal Policy
- Bytemonk does not archive user messages or files.
- Processed data is never archived externally or exported outside the workspace environment.
- Only compliance reports generated for administrators are stored, and these are metadata-only (no message content).
- Archived compliance data (if enabled by the admin) is encrypted and stored in a secure object store with a maximum retention of 90 days.
- Archived data can be manually deleted at any time upon admin request.
7. Data Storage Policy
- Bytemonk follows a strict security and privacy–first data storage model:
- All data is stored in encrypted databases (AES-256 encryption at rest) and transmitted via TLS 1.2+.
- Data is hosted on secure cloud infrastructure with region-specific data residency based on the customer’s workspace region ( Azure).
- Sensitive credentials (like Slack secrets ) are stored in a Azure KeyVault vault and rotated periodically.
- No message or file content is stored permanently; only anonymized or metadata-based records are retained for reporting.
8. Compliance with Policies & Regulations
Our application complies with:
- Slack App Directory Privacy & Security Requirements
- GDPR / CCPA compliance (if applicable)
- SOC2 & ISO27001 aligned security controls
- Zero data usage outside allowed functionality
We use Slack data only for security features documented above.
9. Contact Information
For security concerns, data deletion requests, or compliance questions:
Bytemonk Private Limited
Email: privacy@bytemonk.co
Website: https://bytemonk.co