Do you retain Slack messages or files?

No. Slack responses stay on the live request path and are not retained as product analytics, prompt logs, or message telemetry.

How are Slack credentials stored?

Slack credentials default to ephemeral handling. Persistent storage is opt-in only and uses AES-256-GCM encryption at rest with Cloudflare secrets-managed keys.

What analytics are enabled?

Hosted web pages use Cloudflare Web Analytics plus limited first-party funnel events for product-site measurement. This is separate from Slack MCP request handling.

Where should buyer security or procurement questions go?

Use this page plus deployment review for buyer-facing security, rollout, support-envelope, and procurement questions. GitHub remains the self-host surface.

Security

Security, procurement, and operational review for Slack MCP Cloud.

This page is the buyer-facing trust surface for token handling, storage boundaries, analytics disclosure, support envelope, and rollout review. It exists to answer practical procurement questions without sending managed buyers into GitHub.

Security summary

HTTPS/TLS on all hosted traffic
Ephemeral token handling by default
Persistent storage only with explicit consent
AES-256-GCM encryption at rest for stored credentials
No Slack message retention as product analytics

Request deployment review Open /status

Token and storage model

Ephemeral mode: default path, no durable credential write required
Persistent mode: opt-in only when the operator explicitly consents
Bearer keys: tenant-scoped API keys gate MCP access
Account surface: reconnect and disconnect stay available through /account

Data boundary

Slack requests proxy through the hosted worker and return directly to the MCP client
Slack messages, files, and channel history are not stored as analytics payloads
Usage metrics track request counts and plan state only
Full data-handling detail stays in privacy

Website measurement

Cloudflare Web Analytics covers the hosted website only
First-party funnel events cover pricing, deployment, checkout, setup, and account actions
Neither layer changes Slack token handling or Slack message retention
Use this page and privacy for procurement review, not GitHub issues

Support and incident envelope

Solo: managed endpoint plus standard hosted support routing
Team: adds shared workflow outcomes and higher usage ceilings
Turnkey Team Launch: rollout and buyer review envelope
Managed Reliability: ongoing operational support boundary when Slack context is business-critical

Procurement questions this page answers

Where tokens live and how they are protected
What data is and is not retained
Which routes are public versus authenticated
How support, rollout, and reliability expectations are scoped

Ops engagement (SOC2 + custom retention) Hosted docs

Deployment review scope

Use deployment review when the team needs buyer review, rollout sequencing, support-envelope clarification, or premium fit guidance. That keeps the commercial and operational conversation on the hosted surface.

Open deployment review Open support

When self-host is the better answer

If procurement or operations require full runtime ownership, local transport control, and direct token handling under your own environment, the OSS/self-host path remains available with 21 tools.

Review self-host Official vs managed