Connect Slack to FlowMind

This page explains what FlowMind does in Slack, the permissions we request and why, where the bot posts, and how we handle your data. It meets Slack App Directory requirements for transparency and consent.

Get Started

Installing the Slack app is available after you sign in.

What FlowMind Does in Slack

  • Sends quick pulse surveys via direct messages to team members.
  • Shows a personalized App Home with survey status and quick actions.
  • Provides a /flowmind slash command for help, surveys, and status.
  • Uses ephemeral messages for sensitive prompts and feedback.
  • Does not read message content in channels or DMs beyond interactions with our own messages.

Permissions Requested (Bot Scopes)

We request only the scopes needed for core features:

  • chat:write: Send survey DMs and App Home updates.
  • commands: Handle /flowmind for help, surveys, and status.
  • users:read: Map Slack users to recipients and display names.
  • im:read, im:write: Maintain DM context and deliver surveys.
  • mpim:read: Basic info for group DMs when used.
  • groups:read: Basic info for private channels the bot is added to (no content access).
  • team:read: Workspace metadata for organization linkage.
  • reactions:write: Add acknowledgement reactions to our own messages.

We intentionally do not request channels:read unless required for a specific feature. Email addresses are obtained via user sign-in (OpenID) rather than the bot scope users:read.email.

User Scopes (Sign in with Slack)

Used when a user signs into the FlowMind dashboard:

  • openid, email, profile: Verify identity and email for dashboard access and mapping to Slack user IDs.

Where and How We Post

  • Direct Messages: Survey prompts, confirmations, and tips.
  • App Home: Personalized overview and quick actions.
  • Ephemeral Messages: Inline feedback and sensitive prompts visible only to you.

Data Handling & Privacy

  • We store Slack user ID, team ID, survey responses (optionally anonymous), timestamps, and minimal metadata.
  • Encryption in transit (TLS 1.2+) and encryption at rest (AES‑256‑GCM, field‑level where appropriate).
  • Retention: survey/analytics data for 24 months; deleted data retained 30 days for recovery.
  • Controls: pause/resume surveys (/flowmind pause), anonymous responses, data export and deletion (GDPR).
Privacy PolicyTerms of ServiceData Processing Agreement

Security

  • Slack request signature verification with timestamp checks on all webhook endpoints.
  • Strict rate limiting, audit logging, and input sanitization across services.
  • Secrets managed via environment configuration; no hardcoded credentials.

Controls & Support

  • Uninstall any time from Slack’s App Management page.
  • Request data export or deletion via the dashboard or support.
  • Support: support@flowmind.io

To install the Slack app, first sign in and start onboarding. You’ll review permissions on Slack’s screen before approving.