Privacy Policy
Last updated: March 15, 2026
The short version: we only access what we need to show you your feed. We never read, store, or sell your message content. Your Slack data stays yours.
What we collect
When you sign in with Slack, we store the following in our database:
- Your Slack user ID and team ID
- Your display name, real name, and profile photo URL (from your Slack profile)
- Your workspace name
- Your Slack OAuth user token, used to fetch your feed on your behalf
- Your channel and user filter preferences, so they persist across sessions
What we don't store
Message content is fetched live from Slack's API on demand and is never written to our database. We do not store, index, or cache your messages beyond the duration of a single server-side response.
- No message text is persisted
- No file attachments are stored
- No thread replies are stored
- We do not read channels you are not a member of
How your Slack token is used
We use a Slack user OAuth token (xoxp-) issued to your account. This token is used exclusively to:
- List the Slack channels you are a member of
- Fetch recent messages from those channels
- Fetch your workspace's custom emoji
- Resolve user names and avatars for message authors
- Proxy private Slack file URLs so images render in your browser
Your token is stored encrypted at rest in our database and is never exposed to the client or logged.
Cookies and sessions
We use a single encrypted, httpOnly session cookie (sat_session) to keep you signed in. This cookie cannot be read by JavaScript and is not used for tracking. It expires after 30 days of inactivity.
Analytics
We use Mixpanel to understand how the product is used. This includes page views, feature interactions (such as filter usage and thread expansion), and session replays. Data collected by Mixpanel is governed by their privacy policy. You can opt out via Mixpanel's opt-out mechanism or a browser-level Do Not Track setting.
Third-party services
- Slack — identity and workspace data via OAuth. See Slack's Privacy Policy.
- Supabase — hosted Postgres database where your account and filter preferences are stored. Data is encrypted at rest and in transit.
- Vercel — application hosting. Request logs may be retained for up to 30 days.
- Mixpanel — product analytics and session replay.
Data retention and deletion
Your account data (profile, token, filter preferences) is retained for as long as you have an active account. To delete your data, email us at privacy@slackfeed.app and we will permanently delete your record within 7 days.
You can also revoke our access to your Slack account at any time from Slack → Settings → Connected Apps, which will invalidate your token and prevent further data access.
Children's privacy
Slack Feed is intended for use within professional Slack workspaces and is not directed at children under 13. We do not knowingly collect data from children.
Changes to this policy
If we make material changes to this policy, we will update the date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.
Contact
Questions about this policy? Email us at privacy@slackfeed.app.