Security & Privacy Policy

We follow industry leading security standards to keep your data safe.

Last Updated: October 13, 2017

By using this service (“Service”) you are agreeing to the terms of this Security & Privacy Policy.

We reserve the right to update and change this Security & Privacy Policy by posting updates and changes to our website. You are advised to check the Security & Privacy Policy from time to time for any updates or changes that may impact you. You must read, agree with and accept all of the terms and conditions contained in this agreement and our Terms of Service before you use our Service.

How your data is encrypted in transit

When you use Meeting Bot in Slack, our connection to Slack's servers are encrypted using one of the following:

  • HTTPS over Transport Layer Security (TLS)
  • WebSocket Secure (WSS) over Transport Layer Security (TLS)

When you visit or interact with the Meeting Bot website (e.g. through links that we provide you in Slack), your connection is encrypted using HTTPS over Transport Layer Security (TLS). Our website does not operate in a non-encrypted HTTP mode.

How your data is encrypted at rest

Data that we deem to be sensitive, which includes, but is not limited to, OAuth2 refresh tokens from Google and passwords to Microsoft Exchange Calendar servers, are encrypted at rest using the Fernet Library Standard which employs industry leading security standards:

  • HTTPS over Transport Layer Security (TLS)
  • Advanced Encryption Standard (AES) in CBC mode with a 128-bit key for encryption; using PKCS7 padding.
  • HMAC using SHA256 for authentication.

Security of our servers

We use Amazon's Web Services (AWS) to host our Service and store data we collect from you. The servers are firewalled and access is restricted to SSH keys only.

We put considerable efforts into keeping all our software and libraries up-to-date to their latest versions with security patches applied as needed. That said, we cannot guarantee that every single piece of software or library that we use is up-to-date at any given point in time.

Kinds of data we collect

Slack Data

When you install Meeting Bot on your Slack team, we may collect the following data from anyone engaging with the bot:

  • User profile info (e.g. email to determine calendar availability)
  • General team and user info (eg. team name, user names)
  • Conversations exchanged with Meeting Bot.
  • Conversations that Meeting Bot is granted access to (e.g. by inviting Meeting Bot to a Slack channel)
  • Other data that you, someone acting on your behalf, or Slack, grants us access to, that we deem useful in providing or improving our Service to you (e.g. your timezone).

We do not collect or store conversation data or attachments from Slack channels that the bot is not invited to.

Calendar Data (Google/Exchange)

In order to provide our Service we may ask you to grant us access your calendar provider (e.g. Google or Exchange server). Meta data such as access tokens or credentials you directly provide to us may be stored on our servers. See the above sections on 'How your data is encrypted ...' to learn about how we keep this safe.

We may query and retrieve data from your calendar provider and store it (or temporarily cache it) on our servers. New data that we send to your calendar provider on your behalf may also be stored or temporarily cached on our servers.

Analytics Data

In addition to the data that we collect from you mentioned above, meta data such as time of interaction or type of interaction, may be collected, stored and analyzed. We also collect data from your browser when you visit our website using Google Analytics.

How we use your data

We collect your data for the primary purpose of providing our service. We do not sell your data.

Data we collect from you is stored with our production server hosting provider (AWS) and secured as described in the section above on 'Security of our servers'.

Third Party NLP Service

We use Dialogflow (by Google), a third party service provider, for the purposes of processing natural language. We send conversation data to Dialogflow, which includes messages and contextual data (e.g. your timezone). We do not explicitly attach personally identifying information to data we send to Dialogflow, however, if a user includes personally identifying information when conversing with MeetingBot, the data may be sent to Dialogflow. Data we send to Dialogflow is bound by their terms and privacy policy..


The data we collect from you and store on our servers may be backed up periodically. Backups are stored with our production server hosting provider (AWS). We do not transfer or download copies of those backups outside AWS.