Privacy Policy

1. Who we are

Slack Web Chat (“we”, “us”, “our”) is operated by Paul Willard. Our website is www.slack-web-chat.com. If you have any questions about this policy, contact us at our support page.

2. What data we collect

2.1 Account holders (dashboard users)

When you create an account we collect:

• Email address and password (hashed with bcrypt; we never store plaintext passwords)
• Slack bot token, signing secret, and channel ID that you provide to connect your workspace

2.2 Website visitors (chat widget users)

When a visitor uses the chat widget on a customer’s website we collect:

• Chat messages exchanged between the visitor and the customer’s support team
• A randomly generated session ID stored in the visitor’s browser (localStorage) to maintain conversation continuity
• Page URL and user-agent string at the time of the chat session
• Name and email address, only if the customer has enabled a pre-chat form and the visitor chooses to provide them
• Satisfaction rating (thumbs up/down), if the visitor chooses to provide one

We do not use tracking cookies, analytics scripts, or fingerprinting on the chat widget. The widget does not set any cookies.

2.3 Marketing website visitors

Our marketing website (www.slack-web-chat.com) does not use cookies or third-party analytics. Server access logs may record IP addresses, which are retained for security purposes and automatically rotated.

3. How we use your data

• To provide the service — relaying chat messages between your website visitors and your Slack workspace, maintaining conversation history, and generating usage reports.
• To authenticate you — verifying your identity when you sign in to the dashboard.
• To process payments — if you subscribe to a paid plan, we use Stripe to process payments. We do not store your credit card details; they are handled entirely by Stripe. See Stripe’s privacy policy.
• To communicate with you — responding to support requests or notifying you of service changes.
• To maintain security — rate limiting, abuse prevention, and structured server logging (no message content is logged beyond truncated previews for debugging).

4. Data sharing

We do not sell, rent, or trade your personal data. We share data only with:

• Slack — visitor chat messages are posted to your configured Slack workspace via the official Slack API. This is the core function of the service.
• Stripe — payment information is processed by Stripe when you subscribe to a paid plan.
• Infrastructure providers — our server is hosted on infrastructure operated by Paul Willard. We do not use third-party cloud providers for application hosting.

5. Data retention

• Chat messages are retained until the account holder deletes them via the dashboard, or until the account is closed.
• Session data (visitor session IDs, page URLs) follows the same retention as chat messages.
• Account data (email, Slack credentials) is retained until you delete your account.
• Usage events (session counts, message counts) are retained for reporting purposes even after conversation data is deleted.

6. Data security

We take reasonable measures to protect your data:

• All traffic is encrypted via HTTPS/TLS
• Passwords are hashed with bcrypt
• Authentication tokens are stored in HttpOnly signed cookies
• JWT algorithm pinned to HS256 to prevent token manipulation
• Slack credentials are stored in the database and never exposed to browsers or logged
• API endpoints are rate-limited to prevent abuse
• All database queries use parameterised statements to prevent SQL injection

7. Your rights

You have the right to:

• Access your data — view your conversations, messages, and account details via the dashboard.
• Delete your data — delete individual conversations or your entire account.
• Export your data — download usage reports as CSV files from the dashboard.
• Correct your data — update your email address or password via the dashboard.

To exercise any of these rights, sign in to the dashboard or contact us.

8. Third-party websites

Our service integrates with Slack. Your use of Slack is governed by Slack’s own privacy policy. We are not responsible for the privacy practices of third-party services.

9. Children

Slack Web Chat is not directed at children under the age of 16. We do not knowingly collect personal information from children.

10. Changes to this policy

We may update this privacy policy from time to time. The “last updated” date at the top of this page reflects the most recent revision. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this privacy policy or how we handle your data, please contact us.