Skip to content
murmurd docs

Slack Enterprise Approval Guide

Use this guide when your Slack admin, security reviewer, or platform team needs an implementation-level explanation before approving Murmurd.

What Murmurd Does

  • sends daily check-in prompts by direct message
  • lets users respond, skip, or pause reminders from Slack
  • supports /escalate and /priority
  • sends manager digests and reminders
  • links Murmurd users to Slack users by email or Slack member ID

What Murmurd Does Not Access

  • employee-to-employee direct messages
  • public channel history
  • private channel history
  • Slack files
  • presence or status monitoring
  • a permanent full copy of the Slack directory

The Only Message-Reading Permission

Murmurd requests im:history so users can reply directly to the Murmurd bot in Slack for reply-based check-ins.

That permission is used only for:

  • direct messages sent to the Murmurd bot
  • matching those replies to pending Murmurd check-ins

It is not used to read:

  • employee-to-employee DMs
  • channel conversations
  • private group conversations

Slack Scopes and Why They Exist

  • chat:write to send check-in DMs, reminders, and digests
  • im:write to open direct message conversations with users
  • commands to support /escalate, /priority, and Slack modals
  • users:read to validate Slack users and support admin setup flows
  • users:read.email to match Murmurd users to Slack accounts by email
  • team:read to identify and display the connected workspace
  • im:history to process replies sent to the Murmurd bot for reply-based check-ins

Slack Data Murmurd Accesses

  • Slack workspace ID and workspace name
  • Slack user IDs
  • Slack email addresses for matching accounts
  • replies sent to the Murmurd bot in direct messages

Slack Data Murmurd Stores

  • connected workspace ID and name
  • encrypted Slack bot token
  • linked Slack user IDs for matched Murmurd users
  • installer metadata used during the reverse install/linking flow

Slack Data Murmurd Does Not Store

  • employee-to-employee DMs
  • channel history
  • Slack files
  • a full permanent copy of the Slack directory

Security Controls

  • Slack bot tokens are encrypted at rest with AES-256-GCM
  • incoming Slack webhooks are verified with Slack signatures and timestamp checks
  • if Slack is disconnected, Murmurd falls back to email and web delivery