Polly Help in Slack

Security FAQ

Concerned about adding a bot to your team?

Your privacy and the security of your data is our top concern.  In order to install Polly into your workspace, you’ll need to authorize the addition of a bot. If you’re concerned by this, please continue to read other parts of this FAQ.

The first mitigation step you can take is not adding Polly to any public channels. While we do not, and will not read any of your messages (see exceptions below), it is impossible to read channel messages unless Polly is added to the channel.

Does Polly read or store my team’s messages from Slack?

 We do not read or store any of your team’s messages, with the following exceptions:

  • Messages that have explicitly tagged Polly with @polly
  • Direct messages sent from a user to Polly (in the Polly DM channel only)
  • Polls you’ve created

Can Polly read the history of the channel?

In order to Poll a private channel, you will need to invite Polly to the channel (by using /invite @polly). When you do that, Slack throws a message indicating that you’re adding a user, and this user will be able to read the history of the channel. The only channel we can read the history for is a 1:1 DM channel between a user and Polly. All other channels are safe.

While that, in fact, is true for a regular user (since they can scroll up and read those messages), Polly is a bot, and bots can’t do that, and don’t have programmatic access to any history of the channel. While it is technically possible to read all future messages, we explicitly avoid that for your privacy by not subscribing to any events within the channel, except for messages related to @polly mentions, or polls that Polly has created.

How do you store your data?

All data is passed over HTTPS and stored in an encrypted database in AWS.

How do you use my team’s data?

Data generated through Polly by your team is only used to enhance your team’s services – to provide you and your team the ability to view, collect, and analyze survey results.  For more details, please refer to our privacy policy.