Slack App Developer Policy

Effective Date: September 30, 2020

Our goal is for Slack to be a safe, pleasant and productive working environment. Applications are an important part of making Slack useful. We welcome Application developers and are excited to see the amazing experiences you are building within Slack. By ā€œApplication,ā€ we mean any software application, functionality, website, product or service that you create that uses the Slack APIs. Developers are required to comply with this Policy and our related API terms and other obligations. When we use the term ā€œServicesā€ we are referring to Slackā€™s services and related systems and technology, as well as Slackā€™s websites and all of the information and content made available by or on behalf of Slack through any of those services.

Privacy, safety and a high-quality User experience are very important, and this Policy is designed with those goals in mind. We canā€™t cover every type of Application in this Policy, but we aim to give guidance to developers so that you understand what Applications will be included in Slackā€™s app directory and what Applications will not. To protect Users and our Services, we reserve the right to take any action we deem necessary if an Application violates the letter or spirit of this Policy. By ā€œUserā€ we mean any ā€œAuthorized Userā€ as defined in our Customer Terms of Service, including anyone who interacts with the Application directly or indirectly or anyone whose Data is exposed to or used by the Application. By ā€œDataā€ we mean data, information or content uploaded, posted, transmitted or otherwise made available by Users via the Services, including messages, files, comments, profile information, metadata and token data.

Security: We take the security of Data very seriously, and you must as well. Your network and the operating system and software of your web servers, databases, and computer systems must be properly configured to securely operate your Application and store Data. Data must be stored and served using strong encryption. In addition, Applications and developers are prohibited from:

  • Degrading or compromising security in any way
  • Providing access to Slack in any fraudulent or unauthorized way, including bypassing or circumventing Slack protocols and access controls
  • Using unpublished APIs
  • Including misleading and/or deceptive statements about Application functionality, performance, origin or Data use
  • Transmitting any viruses or other code that may damage, detrimentally interfere with, surreptitiously intercept or expropriate any system or Data
  • Attempting to reverse engineer or otherwise derive source code, trade secrets, or know-how in the Slack API or any portion thereof

User Experience: Every Application must be useful, appropriate, respect User privacy, and provide a generally good User experience. In keeping with this, Applications and developers are prohibited from:

  • Degrading or compromising performance of the Services
  • Using vulgar or obscene language or images. Your Application must not contain or offer content that is violent, extreme or that a reasonable person would consider inappropriate for the workplace
  • Offering sexually-oriented or adult content. Your Application must not contain or offer content that a reasonable person would consider pornographic or indecent
  • Creating poor User experiences that do not add value to Users in a work setting or that detract from the overall utility of Slack and the overall Application ecosystem
  • Displaying inappropriate communications through your Application. The purpose of the Application and User expectations must be clear and transparent and match Slack requirements and expectations
  • Neglecting appropriate customer assistance. Every Application must include a link to installation instructions and customer support information, including a contact for customer support. You must keep your Application updated and provide timely and accurate User support

Business: In using Slack APIs, developers must agree to respect our business as we respect yours. Every Application must behave in accordance with appropriate and accepted business conduct. As part of good business practices, Applications and developers are prohibited from:

  • Circumventing Slackā€™s intended limitations (including pricing, features and access structures). You may not use the Slack API to replicate or compete with core products or services offered by Slack
  • Advertising, including display ads, within the Application experience or Slack platform. In addition, Applications may not use Data or content from Slack in any advertisements or for purposes of targeting advertisements or contacting Users, including in that Application, your other Applications, or elsewhere
  • Implying a Slack endorsement, certification, affiliation or partnership unless you have explicit permission from Slack to do so
  • Sub-licensing, distributing or allowing access to the Slack APIs to anyone else

Design: Good design is an important part of a product development. We want Slack developers to create beautiful and thoughtful Applications. Please provide your Users with excellent, well-designed products. As part of good design practices, Applications and developers are prohibited from:

  • Violating the Slack Brand Guidelines
  • Infringing upon any intellectual property rights in your design. You must include, with your submission, a well-designed, high quality, distinctive icon that doesn't resemble Slackbot or the Slack icon
  • Changing the Applicationā€™s look, feel, function, operation or disclosures after Slack review. Any changes must be submitted for re-review

Use of Data: Protecting Data is paramount at Slack, and must be for you. You are responsible for good Data stewardship practices. First and foremost, you have no independent rights to any Data. In accordance with this, Applications and developers are prohibited from:

  • Collecting, storing, and using Data without obtaining proper consent of the User
  • Using Data to contact Users. If you would like to contact Users outside of Slack, you must gain permission through a clear and separate permissions process. You may only contact Users for emergencies in which the safety and security of the User is otherwise at risk and in compliance with the law
  • Asking Users to provide sensitive, private, and confidential personal information, such as credit card numbers or passwords unless specifically necessary as part of the Applicationā€™s legitimate function and purpose
  • Renting, selling or sharing Data with third parties under any circumstances
  • Creating Applications that encourage installers to circumvent or interfere with their own workplace and employer data, privacy and security policies
  • Exploiting Data to create User profiles other than that which is necessary for the Application to function
  • Ignoring a Userā€™s request for deletion. When a User deletes your Application or if you discontinue your Application you must delete all associated Data within 14 business days
  • Combining Data with data gathered from other sources for any purposes unrelated to the use of the Application
  • Requesting and using scopes not required for your Applicationā€™s functioning. Use only the appropriate and necessary scopes and clearly define the need for scopes within your Applicationā€™s description
  • Failing to notify Users about privacy and their Data. Your Application must include a publicly-available and easily accessible privacy policy that explains how the Application collects, uses, processes and stores Data, and what control Users have over their Data
  • Accessing Data for surveillance purposes. You may not allow or assist any entity to conduct surveillance or obtain Data using your access to the Slack API
  • Otherwise exploiting Data in a way not approved by Slack and not disclosed to and permitted by Users. You may, however, use Data that is both aggregated and anonymized for purposes of analytics and development related to the Application

Law and Safety: Applications should not create unsafe environments or hardships for Users. Each Application must comply with all applicable laws and legal requirements in all locations where it is made available to Users. In addition, Applications and developers are prohibited from:

  • Permitting use by children under the age of 16
  • Spamming, harassing, stalking, intimidating or threatening Users
  • Allowing impersonation of Users or otherwise allowing for false representations within the Application
  • Facilitating violations of the law
  • Infringing on anyone else's intellectual property rights (including Slackā€™s)
  • Representing that your Application is authorized by or produced by another company or organization
  • Allowing or facilitating financial transactions conducted in an insecure and unapproved manner

Export Controls: You are responsible for classifying your Applications pursuant to the Export Administration Regulations, including submission of any necessary classification requests or self-classification reports. Because the Slack platform is made available worldwide with limited exceptions, Slack only permits Applications on its platform that have an Export Control Classification Number (ā€œECCNā€) of EAR99 or 5D992 (mass market). Developers are thus prohibited from creating Applications with an ECCN other than EAR99 or 5D992 (mass market).

A few additional requirements: We require Applications and developers to follow this policy as well as all other Slack guidelines and policies including the Privacy Policy, Security Review, Partner Terms, Terms of Service, the API Terms of Service, and Submission Guidelines.

In addition, Applications and developers must:

  • Exercise good judgement
  • Submit Applications with reasonable work-related or team-building purposes
  • Be a good fit for Slack workspaces
  • Notify us immediately if you change the function of, or discontinue your Application

Data breach: If Data is breached, exposed, exploited, or otherwise compromised through your Application or company, you must inform all affected Users and Slack immediately. You can reach Slack at feedback@slack.com.

Violations of this policy may result in removal from the Application Directory, token revocation, developer suspension, User notification, legal action or any other action deemed necessary by Slack. If requested, you must provide us with proof of compliance with this policy. If you violate this policy we may or may not provide notice before taking action. Please note that we may periodically audit Applications. If you fail an audit before notifying us of any issues, penalties will be more severe.

This policy will change as the Slack Application Directory grows and evolves. Please check back regularly for updates. We may use your email address or a notice through the Services to communicate any material changes to this policy.

If you have any questions about the Slack Application Directory or the review process, we'll be happy to help. Send us a note to: feedback@slack.com