About this document
This is a supplemental statement describing how the Ferentin for Slack app handles Slack data. It is not a standalone legal agreement. The binding privacy terms are in the main Ferentin Privacy Policy and your organization’s Master Services Agreement (MSA) and Data Processing Addendum (DPA) with Ferentin, which control in the event of any conflict.
This statement describes how the Ferentin for Slack app processes Slack data when a workspace installs the app and binds the agent to channels. It is written for workspace administrators, security teams, and end users who want to understand exactly what the app reads from Slack, how that content is handled in transit and at rest, and what opt-outs are available per tenant.
1. Scope of this Statement
The Ferentin for Slack app is the delivery vehicle for the Ferentin agent inside a Slack workspace. The agent can summarize channel message history, respond to @-mentions inside bound channels, and respond to direct messages. The app is installed by a Slack workspace administrator and bound per channel by an administrator with the appropriate scope.
This statement covers the Ferentin for Slack app (Slack App ID published in the Slack App Directory listing). It does not cover the Ferentin platform as a whole (administrative console, LLM gateway, MCP gateway) — see the main Ferentin Privacy Policy for those.
2. What the App Accesses in Slack
At install time, the workspace administrator approves the OAuth scopes listed in the Slack App Directory listing. The app stores:
- The workspace’s team ID, app ID, bot user ID, and the workspace bot (and, where applicable, user) OAuth tokens. Tokens are encrypted at rest in the Ferentin database using tenant-scoped encryption keys backed by AWS KMS in production deployments.
- A directory of channels in the workspace (channel ID, channel name, archived/active state) maintained via a daily reconciliation sweep and event-driven updates. This directory is used to render channel pickers in the administrative console and to detect channel archival for cache invalidation.
- Per-channel binding rows recording which channels the agent is bound to, which administrator created the binding, and the per-binding configuration (allowed MCP tools, optional system prompt override, acknowledgment emoji).
- Per-user identity-link rows when a workspace user opts in to bind their Slack identity to their Ferentin identity (used to attribute downstream LLM calls in audit logs to a named user rather than a synthetic principal).
The app does NOT bulk-scrape channel history at install time. Message content is read only on-demand, when a user triggers a summarization or interacts with the agent (see sections 3 and 4).
3. Channel Summarization
When a workspace member invokes /ferentin summarizeor asks the agent to summarize a Slack channel via an @-mention, the app reads the message history of the targeted channel for the requested lookback window (default 24 hours; user-specifiable up to 30 days). The retrieved messages are sent to the workspace’s configured LLM provider through Ferentin’s policy-enforced LLM gateway. The generated summary is posted back into the channel as a threaded reply.
Ferentin does NOT retain the raw Slack messages after the summary is generated — the summarization request is short-lived in memory and is not archived. Ferentin DOES retain an audit row recording that a summarization occurred (tenant ID, channel ID, invoking user, message count, summary outcome, LLM token usage). The audit row does not contain the message bodies or the generated summary itself.
Cross-channel summarization (a user typing/ferentin summarize #other-channel) requires that the bot already be a member of the target channel. The app does NOT silently join channels — if it isn’t a member, the user receives a DM declining the request and is prompted to invite the bot to that channel. Audit attribution records the source channel where the command was issued, not the target whose content was summarized; the target is recoverable by joining audit tables.
4. @-Mention and DM Agent Responses
When a user @-mentions the bot in a bound channel or sends it a direct message, the agent assembles a turn-by-turn conversation that may include:
- The user’s message and any image attachments.
- Prior thread content from the same Slack thread (channel only, capped to a configured budget; never spanning threads or channels).
- A developer-trusted operational context block describing the workspace, channel name, and date.
That conversation is sent to the configured LLM provider via Ferentin’s gateway. The agent may then invoke MCP tools the administrator has bound to the channel (e.g., search engines, internal documentation sources, your configured CRM); tool calls and their results re-enter the conversation and are subject to the same retention as the rest of the LLM call.
Per-channel opt-outs are available for compliance-sensitive channels (HR, legal, finance) via the sensitive_channel_patterns tenant setting. Matching channels skip the workspace/channel context block and the prior-thread fetch; the agent still receives the user’s direct message but no surrounding channel content. The setting is configured today through the Ferentin administrative API; a dedicated administrative console UI for editing these patterns is planned.
5. Retention and Per-Tenant Opt-Outs
Audit metadata about agent activity (tenant ID, channel ID, user ID, model used, token counts, outcomes) is retained per the tenant’s configured audit-retention setting. Defaults vary by license plan; consult your administrative console or your account team for the exact value applicable to your workspace. This metadata does NOT include the LLM request prompt or the LLM response body.
LLM request and response payloads (prompt bodies, response bodies) are subject to a separate payload archivalsetting. By default, payload archival follows the tenant’s plan-level retention. Tenants can opt out of Slack-sourced payload archival entirely via the Privacy & Retentionsetting in the Ferentin administrative console (under AI Agents → Ferentin Slack Agent → Privacy). When this opt-out is enabled, Ferentin skips the archival step for all Slack-sourced LLM calls (channel summarization, @-mention agent responses, DM responses). Audit metadata is unaffected.
The opt-out does NOT retroactively delete already-archived payloads. Workspaces that need retroactive deletion can submit a Data Subject Request via their account team (see section 9).
6. Subprocessors and LLM Providers
The set of LLM providers a tenant uses is configured by the tenant’s administrator, not by Ferentin. Slack content sent through the gateway is routed to whichever provider the tenant’s LLM routing policy selects. To prevent Slack content from reaching specific providers, configure your LLM routing policy in the Ferentin administrative console — the Privacy & Retention opt-out controls archival, not provider selection.
For the full list of Ferentin’s platform subprocessors (cloud infrastructure, observability, email), see the Ferentin subprocessor list. Workspaces that require a Data Processing Addendum (DPA) covering Ferentin’s processing of Slack-originated content can request one through their account team; Slack itself remains the workspace’s primary controller-relationship contract.
7. Audit and Observability
Every administrative action that mutates Slack-related configuration (workspace install/uninstall, channel binding create/update/delete, identity-link bind/unbind, privacy-setting changes) emits an audit row in the tenant’s administrative audit log. Audit rows include the actor (Slack user ID or Ferentin admin email), the action, and the before/after values where applicable.
End-user agent invocations (mentions, DMs, slash commands) emit audit rows recording the channel, invoking user, model used, and outcome. The rows do not include the message content or the LLM response body unless payload archival is enabled (see section 5).
8. Workspace Admin Controls
The Ferentin administrative console offers the following Slack-specific controls:
- Workspaces: Connect, reinstall (to pick up new OAuth scopes), and disconnect Slack workspaces. Disconnect immediately revokes the bot OAuth token; the audit rows persist.
- Channel Bindings: View every channel the agent is bound to across all connected workspaces; edit the binding configuration; unbind a channel. Unbinding stops the agent from responding in that channel immediately.
- DM Defaults: Tenant-wide controls for how the agent responds when DM’d directly (kill switch + DM-specific system prompt override).
- Privacy & Retention: The payload-archival opt-out described in section 5.
- Activity: A read-only view of every administrative action against Slack-related entities for the tenant.
9. Data Subject Rights
For deletion of specific archived payloads or other data subject requests, contact your account team or email privacy@ferentin.com. Workspace administrators uninstalling the app should note that uninstall severs the live OAuth connection but does NOT retroactively delete audit rows or already-archived payloads — those remain subject to the tenant’s configured retention.
10. Contact
Privacy questions specific to the Ferentin for Slack app: privacy@ferentin.com.
For the platform-wide privacy policy, see /privacy-policy/. For the platform-wide subprocessor list, see /sub-processors/.