SlackApps
CatalogPricingDocs
Search apps⌘K
Sign in
Legal

Privacy Policy

Effective date: [EFFECTIVE DATE]Last updated: [EFFECTIVE DATE]

This Privacy Policy describes how [COMPANY NAME] ("Koryo", "we", "us", or "our"), incorporated in [COUNTRY], collects, uses, and shares information when you use the Koryo Slack app and web dashboard (collectively, the "Service").

By installing or using Koryo, you agree to the practices described in this policy. If you do not agree, please do not install or use the Service.

1. Information we collect

1.1 From Slack (at installation)

  • Slack workspace ID and workspace name
  • Bot and user OAuth access tokens (stored encrypted)
  • Names and Slack user IDs of workspace members
  • Email addresses of workspace members (used only for email delivery of surveys, if enabled)

1.2 Survey responses

  • Answers submitted through Slack DM surveys or the web survey form
  • Responses are stored and displayed in aggregate form. Individual responses are never linked to a specific user's identity in the dashboard — anonymity is enforced at the data layer.
  • Completion status (responded / not responded) is tracked per user per survey, but the answers themselves are not attributed to any individual in reports.

1.3 Account and billing data

  • Name and email address of the HR admin who installs Koryo
  • Payment method details — processed exclusively by Stripe. Koryo never stores card numbers or bank details.
  • Subscription plan, billing cycle, and payment history

1.4 Usage data

  • Survey titles, questions, and scheduling configuration created by admins
  • Feature usage (e.g. which AI features are used), for product improvement
  • Server logs including IP addresses, request timestamps, and error reports

2. How we use your information

  • To deliver the Service — sending surveys via Slack DM or email, collecting responses, and displaying results in the dashboard
  • To process payments and manage your subscription via Stripe
  • To generate AI-powered analysis (summaries, sentiment, trend predictions) using Anthropic's Claude API — only aggregate or anonymised data is sent to Anthropic
  • To send transactional emails (e.g. password reset, billing receipts)
  • To improve the Service, diagnose issues, and ensure security
  • To comply with legal obligations

We do not sell your data, and we do not use your data for advertising.

3. How we share your information

We share data with the following categories of third parties, only to the extent necessary:

  • Slack Technologies — to deliver messages and receive responses through the Slack platform
  • Stripe — for payment processing and subscription management
  • Anthropic — to power AI features (question suggestions, sentiment analysis, trend predictions). Only aggregated, non-personally-identifiable survey data is shared.
  • Google Cloud — our infrastructure provider (Cloud Run, Cloud SQL). Data is hosted in the EU (europe-west1) by default.
  • Gmail / SMTP — for sending transactional emails

We may also disclose data if required by law, court order, or to protect the rights and safety of users or the public.

4. Data retention

  • Survey responses and results are retained for as long as your account is active
  • Upon account deletion or subscription cancellation, data is deleted within 90 days
  • Billing records are retained for as long as required by applicable tax law (typically 7 years)
  • Server logs are retained for up to 90 days for security and debugging purposes

5. Security

We implement industry-standard security measures including:

  • AES-256 encryption for Slack OAuth tokens stored at rest
  • HTTPS / TLS for all data in transit
  • JWT-based authentication with short-lived tokens
  • Infrastructure hosted on Google Cloud with restricted access controls

No method of transmission or storage is 100% secure. In the event of a data breach affecting your personal data, we will notify affected users as required by applicable law.

6. Your rights (GDPR and applicable law)

If you are located in the European Economic Area or a jurisdiction with similar privacy laws, you may have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your personal data
  • Portability — receive your data in a structured, machine-readable format
  • Objection / restriction — object to or restrict certain processing
  • Withdraw consent — where processing is based on consent

To exercise any of these rights, contact us at [PRIVACY EMAIL]. We will respond within 30 days.

7. Cookies and local storage

The Koryo web dashboard uses browser localStorage to store your appearance preferences (theme, background pattern). No tracking cookies or third-party advertising cookies are used.

Authentication tokens are stored in memory and localStorage for session management. These are not accessible to third parties.

8. Children's privacy

Koryo is a business tool intended for use by adults in a professional context. We do not knowingly collect data from anyone under 16 years of age. If you believe we have inadvertently collected such data, please contact us and we will delete it immediately.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will notify workspace administrators via email and post the updated policy at [WEBSITE URL]/privacy at least 14 days before any material changes take effect.

10. Contact

For any privacy-related questions or requests, please contact:

[COMPANY NAME]
Email: [PRIVACY EMAIL]
Country: [COUNTRY]

SlackApps
A small studio building workplace tools for teams of 10–200. We started inside Slack — we're not stopping there.
Catalog
Koryo
G Suite Bridge
Sixteen
Resources
Pricing
Changelog
Docs
Company
About
Contact
Press
Legal
Privacy
Terms
Security
© 2026 SlackAppsMade with restraint in Lisbon