Legal
Privacy Policy
The short version: Pact stores the minimum data needed to track commitments in Slack. We don't sell your data, we don't share it with third parties (other than Slack, which is how the app works), and you can request deletion at any time.
1. Who We Are
Pact ("Pact," "we," "us," or "our") is a Slack application that helps teams create and track commitments. Pact is operated by Polsia. You can reach us at pact@polsia.app.
2. Data We Collect
When you install and use Pact, we collect the following data:
From your Slack workspace:
- Slack workspace name and team ID
- Slack user IDs of the people involved in a pact (the person who created it and their counterpart)
- Display names of users involved in pacts (for readable notifications)
- Bot access token for your workspace (stored encrypted, used to send messages and reminders on your behalf)
From pact creation:
- The commitment text you provide (e.g., "Review the design doc by Friday")
- The due date associated with the commitment
- The Slack channel ID where the pact was created
- Timestamps: when the pact was created, when it was completed, and when reminders were last sent
From website visits:
- Page path, referrer URL, and UTM campaign parameters (for understanding how people find Pact)
- A hashed, anonymized version of your IP address (we hash it immediately — the original IP is never stored)
- User agent string
We do not collect: email addresses, phone numbers, payment information, or any message content from your Slack workspace beyond what you explicitly type into a Pact command.
3. How We Use Your Data
We use the data we collect solely to operate and improve Pact:
- To create and store pact records so both parties can see their commitments
- To send reminder notifications to the relevant Slack users before and after due dates
- To allow users to list and complete their active pacts
- To understand aggregate usage patterns and improve the product
- Pro workspaces: to pass message snippets to our AI provider (OpenAI) for commitment detection and
/donecontext inference — no message content is stored by Pact after inference completes
We do not use your data for advertising. We do not sell your data to any third party.
4. Data Storage and Security
Your data is stored in a PostgreSQL database hosted on Neon (a managed cloud database provider). Data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher.
Slack bot tokens — which grant Pact permission to post messages in your workspace — are stored encrypted in our database. We follow Slack's security best practices for token handling.
Our application infrastructure runs on Render, a cloud hosting provider. Their infrastructure operates within secure data centers with industry-standard physical and logical security controls.
5. Data Retention
We retain pact data (active and completed commitments) for as long as your workspace has Pact installed. If you uninstall Pact from your Slack workspace, you may request deletion of all associated data.
Website analytics data (anonymized pageviews and events) is retained for up to 90 days.
6. Third-Party Services
Pact integrates with the following third-party services (sub-processors):
- Slack API — Pact is built on Slack. Your use of Pact is also governed by Slack's Privacy Policy.
- Neon — Our managed PostgreSQL database provider. All pact data is stored in US-based (AWS us-east-1) data centers, encrypted at rest.
- Render — Our application hosting provider. Processes application logs and environment variables (tokens are encrypted before storage). Data centers in US (Oregon).
- Stripe — Payment processing for Pro subscriptions. Receives workspace billing email and subscription status. See Stripe's Privacy Policy.
- OpenAI (Pro workspaces only) — Powers AI commitment detection and
/donecontext inference. Message snippets are sent to OpenAI's API for inference and are not stored by Pact afterward. See OpenAI's Privacy Policy. - Postmark — Transactional email delivery (billing receipts). Receives the workspace admin's email address. See Postmark's Privacy Policy.
- Google Fonts — Used for typography on our marketing website. Google may log font requests; see Google's Privacy Policy.
We do not use advertising networks, third-party analytics platforms (such as Google Analytics), or any marketing tracking services.
7. Your Rights
You have the right to:
- Access — Request a copy of the data Pact holds about you
- Deletion — Request that we delete all data associated with your Slack user ID or workspace
- Correction — Request correction of any inaccurate data
- Portability — Request your pact data in a structured, machine-readable format
- Objection — Object to any processing of your data
To exercise any of these rights, email us at pact@polsia.app. We will respond within 30 days. For workspace-level data deletion, the workspace admin should uninstall Pact from Slack and contact us to complete the data removal.
8. Cookies and Tracking
Our marketing website (makepact.co) does not use cookies for tracking or advertising. We collect anonymized, server-side analytics to understand which pages are visited and how users arrive at our site. No persistent identifiers or tracking pixels are used.
The Pact Slack bot does not use cookies.
9. Children's Privacy
Pact is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date at the top of this page. For material changes, we'll notify workspace admins via Slack message. Continued use of Pact after changes constitutes acceptance of the updated policy.
11. Contact
Questions, requests, or concerns about this Privacy Policy? Contact us:
- Email: pact@polsia.app
- Website: makepact.co
We aim to respond to all privacy-related inquiries within 5 business days.