Rootly Data Permissions
At Rootly, we're committed to protecting your privacy while enabling you to tackle the toughest incidents. We operate in the most regulated markets with the most demanding security needs and regulatory requirements. We collect as little information as possible to ensure we deliver the most secure and privacy focused incident management platform.
🚨We do not continuously monitor your incident and regular Slack channels unlike other incident platforms that see everything + view channel history. We do not read every single message sent for privacy purposes. We are only aware of the messages you push to us (e.g. pinning message to incident timeline).
Privacy Comes First:
- No Continuous Channel Monitoring: We steer clear from monitoring your conversations, even in the incident channels we help you create / are invited to.
- Data Collection with Purpose: We only gather information necessary to perform the actions you've requested – like creating an action item or attaching a team to an incident.
What We Do With Your Slack:
- Managing Slack channels - creating new incident channels (public and private) with relevant incident information.
- Post and interact with Slack messages - we use this to notify you of new incidents, post updates, and allow you to pin messages to the incident timeline.
- Slack commands - use an array of Rootly commands such as /rootly new or /rootly help
- Tag @rootly - allows us to view messages that mention us
- Save and upload files - documents, screenshots of metrics, or any file you want us to save as part of your incident.
- User information - we need to know your Slack usernames and associated emails to link to your Rootly user and for communication.
For those who want to dive deeper into the specifics, here's a detailed breakdown of the permissions we ask for and why:
App Function Permissions:
- app_mentions:read: Enables us to view messages that mention @rootly directly
- commands: Adds quick access to the /rootly and /incident Slack shortcuts for efficient command execution.
- channels:manage: Empowers us to create a dedicated public Slack channel for incident management.
- channels:read & groups:read: Allows viewing basic information about public and private channels, so Rootly knows where to operate.
- groups:write: Grants permission to create private Slack channels for handling sensitive data securely.
- chat:write & chat:write.public: Lets us craft welcome messages in your incident Slack channel and interact with various actions.
- pins:read & reactions:read: Enables adding messages to your incident timeline through pinning or reactions.
- files:read & files:write: Allows Rootly to save and upload files, like console outputs, directly within Slack for better context and information sharing.
User Information Access:
- users.profile:read & usergroups:read: Helps Rootly translate Slack usernames into human-readable names and view user groups for efficient communication.
- users:read & users:read.email: Provides access to view email addresses in the workspace to facilitate quick invitations with a single click.