Privacy policy.

CoffeeSlack (“we”, “us”) operates the Slack app and dashboard at coffeeslack.com. The data controller for the workspace data described below is the customer that installed CoffeeSlack into their Slack workspace; we act as a data processor on their behalf.

We only collect what we need to pair teammates and send the resulting introductions. Specifically:

• Workspace install record — Slack team id and name, the OAuth bot token, and the Slack user id of whoever ran the install.
• Participants — for each teammate who opts in with /coffeeor the App Home button: their Slack user id, display name, and email (read from Slack’s user profile), plus the month they opted in for.
• Pairings — for each monthly round, which participants were paired with which, and whether the email / Slack DM was delivered.
• Workspace settings — your logo URL, custom email template (if any), trigger mode, and the list of admins (Slack user ids and Clerk user ids).
• Admin sign-in — when an admin signs into the dashboard, Clerk creates a session. Clerk holds the email, password hash, and session metadata; we receive the authenticated Clerk user id and the email to evaluate access.
• Billing — when a workspace upgrades to a paid plan, Stripe holds the payment method and billing history. We store the resulting Stripe customer id, subscription id, and plan status — we never see the card itself.
• Operational logs — request logs, error reports (via Sentry), and aggregated counts kept for up to 90 days for debugging. Credentials, signatures, and secret URL parameters are stripped before reporting.

• To generate the monthly pairings and notify participants.
• To deliver the introduction emails (subject, body, and your workspace’s logo).
• To gate the admin dashboard to authorized operators.
• To bill paid plans through Stripe.
• To debug failures, prevent abuse, and keep the service running.

We do not sell personal data, and we do not use participant data to train any model.

We use a small, fixed set of vendors to operate the service. Each one only sees the data it needs to do its job.

• Slack — the platform the app runs on. Reading workspace + user profile data; sending DMs and modal interactions.
• Google Cloud Platform— application hosting (Cloud Run), database (Firestore), and logo storage (Cloud Storage). Data is stored in Google’s United States multi-region by default.
• Resend — outbound transactional email delivery for the monthly introductions and contact-form acknowledgements.
• Clerk — admin authentication, including password / passkey storage and session management.
• Stripe— payment processing for paid plans. Stripe’s Customer Portal handles cancellations and invoices.
• Sentry — error reporting with sensitive request data redacted at source.
• Vercel — hosting for the marketing site (coffeeslack.com).
• Cloudflare — DNS for coffeeslack.com.

We keep workspace install records, participants, pairings, and settings for as long as the workspace has CoffeeSlack installed. If a workspace uninstalls the app, the install record is removed and the rest is queued for deletion within 30 days. Operational logs are retained for up to 90 days. Stripe retains billing records per its own legal obligations even after a subscription ends.

You can ask us to access, correct, export, or delete personal data we hold about you. We honor these requests even where the underlying law (GDPR, CCPA, UK GDPR, etc.) doesn’t strictly require it.

Admins can remove a teammate’s record directly from the dashboard, which wipes their participation history across all months. For anything else, email hello@coffeeslack.com from the address tied to your Slack account and we’ll handle it within 30 days.

The marketing site sets no analytics or advertising cookies. When you sign into the admin dashboard, Clerk sets the session cookies necessary to keep you signed in. Stripe sets cookies on the Checkout and Customer Portal pages it hosts. See Clerk’s privacy notice and Stripe’s privacy notice for details.

CoffeeSlack is a workplace tool and is not directed at children under 16. We don’t knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we’ll delete it.

We may update this policy as the product evolves. When we do, we bump the effective date at the top. If a change meaningfully reduces your rights, we’ll notify workspace admins by email before it takes effect.

Email hello@coffeeslack.com or use the contact form.