Terms governing the use of Slack's APIs and App Directory
Overall Score
Risk by Category
Slack's API Terms of Service is a legal agreement that governs developers' use of Slack's APIs to create and distribute apps for Slack workspaces. It grants limited licenses to use the APIs, imposes strict restrictions on data usage and sharing, requires compliance with laws and Slack's policies, addresses intellectual property rights, termination rights, and liabilities. Key focuses include protecting user data, prohibiting certain uses like spam or malware, and mandating that apps adhere to Slack's branding and review processes. While providing clear guidelines for legitimate integrations, it includes broad discretion for Slack to suspend or terminate access, and assigns significant responsibilities to developers regarding privacy and security.
Slack reserves the right to suspend or terminate API access at any time without notice for any reason.
Strict limits on storing, using, or sharing Slack user data outside of app functionality.
Developers grant Slack broad rights to feedback and improvements.
Detailed requirements for app submission and App Directory listing promote quality integrations.
Mandates secure OAuth 2.0 flows for user authorization.
Documents API rate limits and tiers clearly.
Spotify collects the following categories of personal data. High Risk categories are used for advertising profiling or involve sensitive personal information.
API access to messages, files, and channels requires user consent.
Collection of profiles, emails, and metadata via API scopes.
Your data serves the following purposes. Mandatory purposes cannot be disabled without canceling the service. Opt-out available purposes allow some user control.
Data accessed via API is used only to provide services to Slack users.
Slack may use aggregated API usage data for service improvement.
Spotify shares data with several categories of third parties. Sharing with advertising partners is extensive and represents the primary commercial use of your behavioral data.
Data may be shared with subcontractors under strict agreements.
Prohibited to sell or rent user data to third parties.
The following rights may be available to you depending on your region. EU/EEA users have the broadest protections under GDPR. Non-EU users have more limited guarantees.
Workspace admins can revoke app access anytime.
Developers must delete user data upon request or access revocation.
Data is retained for different periods depending on category, and security disclosures vary in depth. The policy highlights the following retention and transparency points.
Retention Periods
All user data must be deleted within 30 days of access revocation.
Aggregated, anonymized data may be retained indefinitely.
Security & Transparency
All apps must use secure OAuth for authentication.
Channel for reporting security issues to Slack.
Source Text
You will not use the APIs to build apps that spam, harvest data, or violate laws.
Interpretation
High restrictions on app behavior; risk of termination for non-compliance.
Source Text
Only use data as necessary for your app; delete on termination.
Interpretation
Protects user privacy but requires developer diligence.
Source Text
Limited license to APIs; all rights reserved to Slack.
Interpretation
Developers have no ownership over API-derived IP.
Only data scopes granted by users via OAuth; no unrestricted access.