When you choose to use Please Share, your company is actually using two applications: Slack and Please Share. For more information on Slack’s security, please visit this web page.
As it applies to Please Share, maintaining protocols to ensure the security of customer and employee data is a top priority for us. Here are the measures that we use to protect customers and their data.
Please Share is hosted in AWS and takes advantage of AWS's secure and scalable environment.
Authentication and Authorization
We use Amazon’s Cognito for Authentication while OAuth 2.0 provides Authorization for both the Please Share application and for Slack. OAuth 2.0 is an industry-standard protocol for authorization.
Data sent between Please Share and Slack and Please Share and social media channels is always encrypted in transit using TLS 1.2. The information is also encrypted at rest using the industry-standard AES-256 encryption algorithm when stored in our database. As an additional security measure, all social media and Slack tokens are encrypted prior to storage in the database.
Working with Slack
When designing Please Share, we sought to minimize the permissions necessary to run our app. However, Please Share does require access to certain things within your company’s Slack workspace. For more information on how we operate with Slack, please read this article.
Users Read Email API
One of the APIs that we use with Slack “users:read.email,” does give us access to the email address of all the employees in your company’s Slack workspace. However, our usage of the API is strictly procedural in nature. In fact, the only time we use the API is when a user signs up for Please Share (to send an email confirmation) or reinstalls our app (to verify the user is part of your company’s Slack workspace). And we only request that particular user’s email address, not everyone in your workspace.
Regular Security Audits
We perform regular security audits including both infrastructure and web application vulnerability scans to ensure our AWS environment is current in terms of potential security gaps.
Tracking & Monitoring
We track basic engagement activities (logins, posts, pages viewed) from admin users who use the Please Share web application. However, we do not track any data on individual employees at your company. All “share” and “click” reporting data is calculated at an aggregate level for each Please Share customer.
Should you have any questions or concerns about our security procedures, please send us an email at firstname.lastname@example.org.