SitRepSitRep Add to Slack

Privacy Policy

Last updated: July 10, 2026

SitRep ("we," "our," or "the app") is a Slack application built by Ammon Brown. This policy describes what data SitRep accesses, how it is used, and how it is stored.

1. Data We Access

When you install SitRep and grant it access to your Slack workspace, the app requests the following OAuth scopes:

  • channels:read and channels:history — To list public channels and read messages in channels you explicitly select during onboarding.
  • channels:join — To join channels selected for monitoring.
  • chat:write — To post reports to your chosen delivery channel.
  • commands — To respond to the /sitrep slash command.
  • im:history, im:read, im:write — To receive opt-in/opt-out commands via direct message and to send onboarding messages.
  • reactions:read, reactions:write — To collect feedback reactions on reports and to indicate processing status.
  • app_mentions:read — To respond to @SitRep mentions.
  • team:read — To retrieve your workspace name during setup.
  • users:read — To resolve user IDs to display names in reports.

2. Data We Store

SitRep stores the minimum data required to function:

  • Workspace configuration — Team ID, team name, bot token, tone preference, delivery channel, schedule settings, and onboarding status.
  • Channel metadata — Channel ID, name, classification (alert/human/hybrid), bot-to-human message ratio, and monitoring status. No message content is stored from channel scans.
  • Commitments — When a team member makes a forward-looking statement in a monitored public channel (e.g., "I'll fix the auth bug today"), we extract and store the commitment text, user ID, channel ID, and timestamp for follow-up tracking.
  • Generated reports — The output text and Block Kit JSON of reports SitRep generates, along with the time window they cover.
  • User preferences — Opt-out status per user, per workspace.
  • Feedback reactions — Emoji reactions on reports (user ID, reaction type, timestamp) used to calibrate report quality.

3. Data We Do Not Store

  • Raw messages. SitRep reads channel messages at report-generation time to build a timeline, then discards them. No raw message content is retained after report generation.
  • Direct messages. SitRep never reads DM content beyond opt-in/opt-out commands. It has no access to private channels, group DMs, or multi-party DMs.
  • Files, images, or attachments. SitRep does not download, process, or store any files shared in Slack.
  • User profile data beyond display names and user IDs necessary for report formatting.

4. How Data Is Used

All data SitRep accesses is used solely to generate team activity reports. Specifically:

  • Channel messages are read in real time, correlated across alert and human channels, and synthesized into a structured narrative.
  • Commitment tracking enables follow-up reporting across days and weeks.
  • Feedback reactions improve report calibration over time.
  • No data is sold, shared with third parties for marketing, or used for advertising.

5. Third-Party Services

SitRep uses the following third-party services to operate:

  • Cloudflare Workers — Application hosting and request routing.
  • Turso (LibSQL) — Database for storing workspace configuration, commitments, and report history.
  • OpenRouter — LLM API gateway for report generation. Message content is sent to the LLM for synthesis during report generation and is not retained by the LLM provider beyond the API request.
  • Slack Web API — Message retrieval and report delivery.

6. Data Retention

  • Workspace configuration and channel metadata are retained as long as SitRep is installed in your workspace.
  • Commitments are retained until resolved, expired, or manually cleared.
  • Generated reports are retained for callback and follow-up reference.
  • When SitRep is uninstalled from a workspace, you may request deletion of all associated data by contacting us.

7. User Controls

  • Channel selection. You choose exactly which channels SitRep monitors during onboarding. You can change this at any time via /sitrep settings.
  • Individual opt-out. Any team member can DM SitRep "opt out" to be excluded from all reports. They can DM "opt in" to reverse this.
  • Uninstall. Removing SitRep from your workspace immediately revokes all API access.

8. Security

All communication between SitRep and Slack uses HTTPS. Slack webhook signatures are verified using HMAC-SHA256 via the Web Crypto API. Bot tokens are stored encrypted at rest in our database provider. The application runs on Cloudflare's edge network with no persistent server access.

9. Children's Privacy

SitRep is a workplace productivity tool and is not intended for use by individuals under 18 years of age.

10. Changes to This Policy

We may update this policy as SitRep evolves. Material changes will be communicated through the app or this page. Continued use of SitRep after changes constitutes acceptance of the updated policy.

11. Contact

For privacy questions or data deletion requests, contact ammon@sitrepbot.com.

Home Privacy Terms Support
SitRep · Built by Ammon Brown · Slack Agent Builder Challenge 2026