Security

A brief security overview of the Slack Bubble service.

Hosting & Infrastructure

• Deployment model: Standalone web application hosted on managed cloud infrastructure
• Environment isolation: Separate production and non-production environments
• Network security: HTTPS/TLS enforced for external connections

System Architecture

Slack Bubble is a standalone application for website chat intake and Slack-based messaging workflows. The service stores the account, workspace, website, chat, and related operational metadata required to operate the product.

Data Security

• In transit: TLS 1.2/1.3 for external connections
• At rest: Sensitive application data is stored using encrypted managed storage where supported by our infrastructure providers
• Data minimization: We store the minimum operational data needed to provide the Service
• Payment handling: Slack Bubble does not store full payment card numbers or card security codes in its application database

Access Management

• Role-based access to production systems
• Limited to authorized personnel only
• MFA/2FA expected on administrative accounts

Monitoring & Logging

• Application logs collected for operational support
• Error monitoring and alerting used to detect issues
• Logs restricted to authorized staff only

Incident Response

• Process: Detection -> containment -> remediation -> notification
• Notification: Customers informed promptly when required by law
• Review: Post-incident analysis conducted to reduce recurrence

Operational Security

• Regular dependency updates and security patching
• Secure coding practices during development
• Backups and recovery handled through managed infrastructure tooling

Compliance Roadmap

• Planning external security review and penetration testing
• Evaluating future formal compliance work as the product matures

Contact

For any security or privacy questions, please contact support.