Policy for requesting access, portability, and deletion of user data
Overall Score
Risk by Category
Slack's User Data Request Policy details the processes for users and workspace admins to request personal data access, data portability (exports), and deletion. It covers account data (profile, usage) and workspace data (messages, files, integrations). Requests are handled via self-service tools or support tickets, with response times up to 30 days per GDPR/CCPA. Limitations apply to third-party app data and Enterprise Grid orgs. The policy emphasizes compliance with global privacy laws and provides clear instructions.
Slack cannot provide data stored or controlled by third-party integrations.
Individual members cannot export full workspace data without admin privileges.
Account data requests available directly via Slack settings.
Data exports provided in machine-readable formats like JSON.
Explicit support for GDPR, CCPA, and other data protection laws with defined timelines.
Spotify collects the following categories of personal data. High Risk categories are used for advertising profiling or involve sensitive personal information.
Email, profile details, device info collected at signup.
Messages, files, calls collected during workspace use.
User-generated content available for download.
Your data serves the following purposes. Mandatory purposes cannot be disabled without canceling the service. Opt-out available purposes allow some user control.
Profile info, login history, and usage stats used for account management.
Messages, files, and interactions used for service delivery and collaboration.
Spotify shares data with several categories of third parties. Sharing with advertising partners is extensive and represents the primary commercial use of your behavioral data.
Data processors may handle exports but no sharing without consent.
Data shared with apps cannot be retrieved via Slack requests.
Salesforce (parent) may access for compliance.
The following rights may be available to you depending on your region. EU/EEA users have the broadest protections under GDPR. Non-EU users have more limited guarantees.
Request account data or workspace exports.
Download personal data in structured formats.
Delete account data or request workspace content removal.
Options to limit processing via requests.
Data is retained for different periods depending on category, and security disclosures vary in depth. The policy highlights the following retention and transparency points.
Retention Periods
Data removed immediately upon account deletion request.
Backups retained up to 90 days for recovery purposes.
Retained indefinitely after de-identification.
Security & Transparency
Data requests fulfilled via encrypted, time-limited download links.
Internal logging of data requests for compliance.
Requests verified via authentication; admins control workspace exports.
Source Text
Users can request account data directly from profile settings.
Interpretation
Empowers users with immediate, no-support-needed access.
Source Text
Admins export messages/files via discovery export tool.
Interpretation
Balances user rights with org governance.
Source Text
Slack aims for 30-day fulfillment; extensions possible.
Interpretation
Standard compliance but potential delays.
Source Text
Permanent deletion options with confirmation.
Interpretation
Strong right to erasure support.
Source Text
Additional steps for org-wide data.
Interpretation
More complex for large orgs but still accessible.
Log in to Slack, go to your profile, select 'Account settings' > 'Request my data'.