Security & Privacy at OpenSay

ISO 27001 - In Progress

Our organization is committed to achieving ISO 27001 certification, the international standard for information security management.

SSO with Slack

All access to our dashboard is secured by mandatory single sign-on using your Slack credentials; no passwords are required.

Slack Permission Scopes

As part of the installation process of OpenSay, you’ll be asked to agree to a number of permissions required for the app to function correctly.

Privacy Policy

Our organization maintains a comprehensive privacy policy that clearly describes how we collect, use, and protect the data that you share with us across our website and Slack app.

Subprocessors

We work with a range of trusted and well-known sub-processors to deliver our services to you.

PCI Compliance

Our payment provider Paddle handles the secure protection and processing of all financial information in a fully PCI compliant manner.

Bug Bounty Program

We cordially invite the security research community to participate in our program and help us enhance the security of our family of products and services.

Penetration Testing

We regularly engage in comprehensive external penetration testing of our systems and applications to identify and remediate any potential security vulnerabilities.

Cloud Service Provider

Our backend server is hosted on Cloudflare and Google Cloud Platform (GCP) and is protected with a comprehensive suite of redundancy, data protection, and recovery measures. The data centers operated by Google and Cloudflare have been accredited under the following certifications: ISO 27001, SOC 1, SOC 2/SSAE 16/ISAE 3402 (formerly SAS 70 Type II), PCI Level 1, FISMA Moderate, and Sarbanes-Oxley (SOX).

Encryption

All data shared with us is encrypted both while in transit and at rest. We use Google's Firestore database product to encrypt data at rest, and all of our connections use TLS 1.2/1.3 to encrypt data in transit.