Privacy Policy

Last updated: February 8, 2025

FollowUp ("we", "our", "the app") is a Slack application that helps teams track tasks and action items. This policy explains what data we collect, how we use it, how long we keep it, and your rights regarding access, transfer, and deletion of your data.

1. Data We Collect

When you install FollowUp to your Slack workspace, we collect and store:

• OAuth tokens — Slack provides an access token during installation so FollowUp can respond to commands and events in your workspace. These tokens are stored securely and used only to communicate with Slack on your behalf.
• Workspace and user identifiers — Slack team IDs and user IDs are stored to associate tasks with the correct workspace and user. We do not store usernames, email addresses, or profile information.
• Task content — When you create a TODO (via slash command, Home tab, or @mention), the task description and metadata (priority, status, timestamps) are stored.
• Message content for extraction — When you @mention FollowUp in a message, the text of that message is processed to extract the task. The raw message text is not permanently stored; only the extracted task description is retained.

2. Data Received but Not Used

In the normal course of operating as a Slack app, FollowUp receives certain data from Slack that it does not use or store beyond the immediate request:

• Slash command payloads — When a user runs /todo, Slack sends metadata including the user ID, team ID, channel ID, and command text. Only the task description is stored; the remaining metadata is used to route the response and is not retained.
• Event payloads — When the bot is mentioned or receives a DM, Slack sends the full event payload including message text, channel info, and user info. Only the extracted task description is stored.
• System logs — Our hosting provider (Railway) may capture standard HTTP request logs (IP addresses, timestamps, request paths) for operational purposes. These logs are automatically rotated and not used for tracking or analytics.

3. Data We Do Not Collect

• We do not read or store messages in channels where FollowUp is not explicitly mentioned.
• We do not collect email addresses, real names, or profile photos.
• We do not sell, share, or provide any data to third parties.
• We do not use your data for advertising or marketing purposes.
• We do not train AI models on your data.

4. How We Use Your Data

Your data is used solely to provide the FollowUp service:

• Creating, displaying, and managing your TODO items
• Sending you DM notifications when tasks are assigned to you
• Rendering your Home tab dashboard
• Responding to slash commands

5. Data Storage and Security

Data is stored in an encrypted-at-rest database hosted on Railway (railway.com), a SOC 2 compliant infrastructure provider based in the United States. Access to the database is restricted to the application only.

6. Data Retention

Your task data is retained as long as your workspace has FollowUp installed. When you uninstall FollowUp from your workspace, your OAuth tokens are automatically revoked by Slack. Task data associated with your workspace will be deleted within 30 days of uninstallation, or immediately upon request.

7. Third-Party Services

FollowUp interacts with the following third-party services:

• Slack API — To receive events and send messages. Governed by Slack's Privacy Policy.
• Anthropic API (optional) — If AI-powered task extraction is enabled, message text is sent to Anthropic's Claude API for processing. Anthropic does not train on API inputs. See Anthropic's Privacy Policy.
• Railway — Infrastructure hosting. See Railway's Privacy Policy.

8. Your Rights

You have the right to:

• Access your data — All your tasks are visible in the FollowUp Home tab and via /todo list. You may also request a full export of your workspace's data by emailing us.
• Transfer your data — You may request a machine-readable export (JSON format) of all tasks associated with your workspace by contacting us at the email below.
• Delete your data — You may delete individual tasks using /todo dismiss. To request deletion of all data associated with your workspace, email us at privacy@jamescamon.com. We will process deletion requests within 30 days. This applies to all users, including those with rights under GDPR, CCPA, or other applicable privacy laws.
• Uninstall — Remove FollowUp from your workspace at any time via Slack's app management settings. Upon uninstallation, OAuth tokens are immediately revoked and task data is scheduled for deletion.

9. Children's Privacy

FollowUp is not directed at children under 13. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via a notice in the app. Continued use of FollowUp after changes constitutes acceptance of the updated policy.

11. Contact

For privacy questions, data access requests, data export requests, or deletion requests, contact us at:

Email: privacy@jamescamon.com