FileOpen Sharebot Data Usage and Retention Policy
Effective June 22, 2023
This page explains what data FileOpen Sharebot collects and how we use, manage, and enable deletion of that data.
First of all, FileOpen does not sell or otherwise monetize user or usage data. We do not accept advertising and we do not share data with any third party.
What data do we store?
FileOpen Sharebot is designed around the user and data identifiers generated by Slack. So, as a general statement, all information in Sharebot originated in Slack and was gathered using the Scopes and other permissions you granted to the app via the Slack API.
Specifically, Sharebot manages three types of data exported from Slack:
DocumentIDs: Documents are managed using the IDs issued by Slack, which are of the form "F05D0PV9JL8". During the encryption of the document we store the original filename, but this is not significant. That is, you could give your document a random name prior to encryption and change it later, without affecting system behavior.
UserIDs and email addresses: Users are identified via the IDs and other data exposed by Slack. When you install Sharebot or view a document using Sign-in-with-Slack we get and store your Slack UserID and your email address.
Team and Conversation IDs: Sharebot limits access to documents only to specific UserID or ConversationIDs or TeamIDs, so we must store these values in the database.
The other type of data managed by Sharebot is your PDF files processed by the system. When a PDF is submitted to Sharebot we extract the bytes of the file from Slack and pass them to our server where they are encrypted and stored in the specified repository (described below). We do not write the bytes of the unencrypted PDF to disk or store that PDF anywhere, except back in Slack if you select that option.
The repository in which the encrypted PDFs are stored for viewing in the user's browser is configurable as part of the Sharebot service. Here there are three options:
The Sharebot Server (default): we write the encrypted PDF to the server that delivers the viewing experience.
In Slack: we write the encrypted PDF back into Slack and then retrieve it from Slack when delivering to a user's browser.
A custom location: we store the encrypted PDF in some other system of your choosing, e.g. Box.com or AWS S3 and then retrieve it using that systems API when delivering to a user's browser.
Finally, Sharebot stores a variety of authentication (OpenID) tokens generated by Slack and cookie data which we generate to keep track of user browsers etc. These data elements are not used for any purpose other than operating the system.
How do we use the data?
Whenever a document is viewed in Sharebot our server logic uses the stored data to decide whether or not the user trying to open the document is entitled to do so. When doing this the Sharebot server calls into the Slack API and processes data previously extracted from that API.
The Sharebot database maintains a record of which documents were opened by which users at what times, on which devices, etc. This is necessary to provide usage information to the document owners, etc.
As noted above this data is not used for any commercial purpose other than to operate the Sharebot service, i.e. is not shared with any third party.
Where do we store the data and for how long?
The FileOpen Sharebot servers operate from a private hosting facility in the U.S.
The system is designed in a way that enables us to provision a separate database for each licensee. This ensures that no licensee's data is comingled with that of other licensees and also permits us to customize the Sharebot service for each licensee. Thus we can delete one licensee's data in its entirely without any impact on other licensees. Normally we store backups of discontinued databases, in case the licensee chooses to return, but we will delete all copies upon request.
Likewise all PDFs processed by the system, if stored on the Sharebot server, are deleted upon termination of service. PDFs stored in Slack or in the customer's private repository are under the control of that licensee so cannot be deleted by us.
Users evaluating the Sharebot service are not issued private databases, i.e. all evaluators are using the same database. Usage data in the shared evaluation database is not deleted except for reasons of system management. We do periodically delete PDFs from expired evaluation accounts. We recommend that you not process sensitive material using an evaluation account (note that the TestIt! feature enables testing without uploading any of your own files).
How can I request data deletion?
Licensees of Sharebot may request the deletion of any or all data by contacting support@fileopen.com and providing identifying information.
Note that end-users opening documents shared using Sharebot do not have standing to request the deletion of data. That is, when a Sharebot licensee distributes a document to someone in that licensee's Slack Workgroup or another Workgroup connected via Slack Connect, the recipient's data is part of the service we provide to the licensee. We cannot accept a request from the recipient to delete data, as that might break functionality we are obligated to provide to the licensee. Only the licensee may request deletion of data.