Security and Data Access

Slack Permissions

eddy uses Slack's OAuth Permission Scopes to request access only to those permissions that are required for eddy's onboarding functions. When you install eddy in your Slack workspace Slack will display a list of permissions that eddy needs to access for your approval.

The following Slack Scopes are currently used by eddy:

Slack Permissions

Scope	Description	Functionality
app_mentions:read	This scope lets an app View messages that directly mention @your_slack_app in conversations that the app is in	Allows the user to direct a message to eddy in a Group Direct Message.
channels:history	View messages and other content in public channels that your slack app has been added to	Allows eddy to return a list of channels to allow the manager to create and assign an onboarding plan to a team.
channels:read	View basic information about public channels in a workspace	Allows eddy to return a list of channels to allow the manager to create and assign an onboarding plan to a team.
chat:write	Post messages in approved channels	Allows eddy to send messages in DMs and Group DMs.
groups:history	View messages and other content in private channels that your slack app has been added to	Allows the user to direct a message to eddy in a Group Direct Message.
groups:read	View basic information about private channels that your slack app has been added to	Allows the user to direct a message to eddy in a Group Direct Message.
im:history	View messages and other content in direct messages that your slack app has been added to	Allows eddy to send messages in DMs.
im:read	View basic information about direct messages that your slack app has been added to	Allows eddy to detect answers to their questions and respond to commands in DMs.
im:write	Start direct messages with people	Allows eddy to kick off onboarding for your New Hire, and initiate Buddy conversations when your New Hire gets stuck.
mpim:history	View messages and other content in group direct messages that your slack app has been added to	Allows eddy to send messages in group DMs.
mpim:read	View basic information about group direct messages that your slack app has been added to	Allows eddy to detect answers to their questions and respond to commands in Group DMs.
mpim:write	Start group direct messages with people	Allows eddy to connect your New Hire to their Buddy or SME when they are blocked on a task.
team:read	View the name, email domain, and icon for workspaces your slack app is connected to	Allows eddy to identify your workspace and other meta data to support your account experience - so you don't have to recreate it in eddy.
users:read	View people in a workspace	Allows eddy to present a list of people in you slack workspace, so they can be selected for Onboarding, assigned as a Buddy, or contacted as a SME.
users:read.email	View email addresses of people in a workspace	Allows eddy to uniquely identify users in your Slack workspace and track their interactions with eddy for usage and reporting.

‍

Accessing Message and Channel Data

eddy has very limited access to messages in your company's Slack workspace. eddy will never have access to direct messages, unless it's a direct message or group direct message with eddy. eddy will only have access to channel messages when eddy is added to a channel, and only for the duration of eddy's time in that channel. Note: we currently don't recommend adding eddy to any of your workspace channels; eddy does not require being added to any channel in order to fully function.

Security Practices and Infrastructure

Infrastructure

eddy is built on the Amazon Web Services with support from FlowXO and the Slack API. We utilize segregated accounts for production infrastructure access with security credentials stored in secrets management systems and never in code.

Security & Privacy

We protect user information, with an emphasis on secure servers, firewalls, and by employing SSL encryption (where appropriate). No PII is stored beyond a user's Name and Email, which is used for the purpose of identifying accounts.

Authentication

Authentication is handled by Auth0 for eddy's administrative WebUI. Through this tool, we support SSO using Google and Slack.

Payments

We utilize Stripe for payments, ensuring that we do not collect or store your payment information.

Maintenance & Reliability‍

Code deployments and clustering utilize immutable Docker instances to segregated VPCs for Production and Staging deployments. New code is deployed with zero down-time, and must pass checks before being promoted to production. We perform daily back-ups of our data to ensure reliability.

‍