Slack Permissions
eddy uses Slack's OAuth Permission Scopes to request access only to those permissions that are required for eddy's onboarding functions. When you install eddy in your Slack workspace Slack will display a list of permissions that eddy needs to access for your approval.
The following Slack Scopes are currently used by eddy:
Slack Permissions
Scope |
Description |
Functionality |
app_mentions:read |
This scope lets an app View messages that directly mention @your_slack_app in conversations that the app is in |
Allows the user to direct a message to eddy in a Group Direct Message. |
channels:history |
View messages and other content in public channels that your slack app has been added to |
Allows eddy to return a list of channels to allow the manager to create and assign an onboarding plan to a team. |
channels:read |
View basic information about public channels in a workspace |
Allows eddy to return a list of channels to allow the manager to create and assign an onboarding plan to a team. |
chat:write |
Post messages in approved channels |
Allows eddy to send messages in DMs and Group DMs. |
groups:history |
View messages and other content in private channels that your slack app has been added to |
Allows the user to direct a message to eddy in a Group Direct Message. |
groups:read |
View basic information about private channels that your slack app has been added to |
Allows the user to direct a message to eddy in a Group Direct Message. |
im:history |
View messages and other content in direct messages that your slack app has been added to |
Allows eddy to send messages in DMs. |
im:read |
View basic information about direct messages that your slack app has been added to |
Allows eddy to detect answers to their questions and respond to commands in DMs. |
im:write |
Start direct messages with people |
Allows eddy to kick off onboarding for your New Hire, and initiate Buddy conversations when your New Hire gets stuck. |
mpim:history |
View messages and other content in group direct messages that your slack app has been added to |
Allows eddy to send messages in group DMs. |
mpim:read |
View basic information about group direct messages that your slack app has been added to |
Allows eddy to detect answers to their questions and respond to commands in Group DMs. |
mpim:write |
Start group direct messages with people |
Allows eddy to connect your New Hire to their Buddy or SME when they are blocked on a task. |
team:read |
View the name, email domain, and icon for workspaces your slack app is connected to |
Allows eddy to identify your workspace and other meta data to support your account experience - so you don't have to recreate it in eddy. |
users:read |
View people in a workspace |
Allows eddy to present a list of people in you slack workspace, so they can be selected for Onboarding, assigned as a Buddy, or contacted as a SME. |
users:read.email |
View email addresses of people in a workspace |
Allows eddy to uniquely identify users in your Slack workspace and track their interactions with eddy for usage and reporting. |
Accessing Message and Channel Data
eddy has very limited access to messages in your company's Slack workspace. eddy will never have access to direct messages, unless it's a direct message or group direct message with eddy. eddy will only have access to channel messages when eddy is added to a channel, and only for the duration of eddy's time in that channel. Note: we currently don't recommend adding eddy to any of your workspace channels; eddy does not require being added to any channel in order to fully function.
Edify does not store Slack message content except for direct valid responses to eddy for the exclusive purpose of tracking Learners' progress.
Security Practices and Infrastructure
Infrastructure
eddy is built on the Amazon Web Services with support from FlowXO and the Slack API. We utilize segregated accounts for production infrastructure access with security credentials stored in secrets management systems and never in code.
Security & Privacy
We protect user information, with an emphasis on secure servers, firewalls, and by employing SSL encryption (where appropriate). No PII is stored beyond a user's Name and Email, which is used for the purpose of identifying accounts.
Edify does not access or store data included in links, and we are not intended as a replacement for your existing documentation repository. While we stand by our security measures, users are advised to never include usernames, passwords, or other sensitive data directly in Edify's Learning Paths.
Authentication
Authentication is handled by Auth0 for eddy's administrative WebUI. Through this tool, we support SSO using Google and Slack.
Payments
We utilize Stripe for payments, ensuring that we do not collect or store your payment information.
Maintenance & Reliability
Code deployments and clustering utilize immutable Docker instances to segregated VPCs for Production and Staging deployments. New code is deployed with zero down-time, and must pass checks before being promoted to production. We perform daily back-ups of our data to ensure reliability.