Privacy Policy

IRG Alerts – CSA

Slack Application

Last Updated: December 2025

This is a frequently asked que

1. Introduction

The IRG Alerts – CSA Slack application (“the App”) is developed and maintained by Capitol Strategy Advisors, LLC (“CSA,” “we,” “our,” or “us”). The App provides automated alerts to designated Slack channels based on legislative tracking data maintained by CSA’s clients, including the Institute for Responsive Government (IRG).

This Privacy Policy explains what information the App processes, how that information is used, and the measures taken to protect user and workspace privacy.

The App is designed solely for private, internal use within workspaces that explicitly authorize its installation. It is not a public marketplace application.

2. Information the App Accesses

When installed in a Slack workspace, the App receives access only to the specific scopes granted during installation, which may include:

  • Send messages as the App Bot (chat:write)

  • Send messages to channels the bot is not a member of (chat:write.public)

The App does not request or receive access to:

  • Direct messages

  • User profiles

  • Channel content

  • Files

  • Workspace analytics

  • Message history

The App cannot view or retrieve data from the Slack workspace beyond the minimal permissions required to deliver alerts.

3. Information the App Processes

The App processes only the following information:

  1. Alert content provided by CSA or its clients, typically including:

    • State and bill identifiers

    • Legislative action descriptions

    • Internal client comments

    • A link back to a client-owned Google Sheet

  2. Technical metadata needed to deliver alerts (e.g., channel IDs, timestamps).

No personal information about Slack users is collected, transmitted, or stored.

4. How Information Is Used

The App uses the information it processes only to:

  • Generate and send automated legislative updates to designated Slack channels.

  • Maintain internal logs of alerts sent (stored only in the client’s Google Sheet or Google Workspace environment).

CSA does not:

  • Sell or share information with third parties

  • Use the data for analytics, advertising, or external services

  • Store Slack workspace data on CSA systems except as expressly authorized by the client

All data processed by the App is used exclusively for client-directed operational purposes.

5. Data Storage and Retention

The App does not store Slack messages, user data, or channel data on CSA servers.

Any information logged by the App (e.g., “sent alerts”) is stored:

  • Within the client’s own Google Workspace (e.g., the “IRG – Slack Sent Log” sheet), or

  • Within the client’s own Slack workspace

CSA does not retain any copies beyond the client’s systems.

6. Data Sharing and Third Parties

CSA does not share any information processed by the App with:

  • External vendors

  • Third-party advertisers

  • Analytics services

  • Government entities

The only platforms involved are:

  • The client’s Slack workspace

  • Google Workspace (if used for app logic or scripts)

Both platforms are controlled by the client.

7. Security Measures

CSA follows reasonable administrative and technical safeguards to protect information processed by the App, including:

  • Use of Slack’s secure OAuth2 process

  • No storage of tokens or workspace data on external servers

  • Tokens stored only in Google Apps Script Properties or client-secured systems

  • Minimal-permission design (principle of least privilege)

  • No long-term retention of operational data by CSA

Clients maintain full control over:

  • Which channels the App may post to

  • Who may view posted alerts

  • Internal access and retention policies

8. Client Ownership & Responsibility

All data processed by the App belongs solely to the client workspace in which the App is installed.

The client is responsible for:

  • Workspace access control

  • Channel visibility

  • Slack administrative settings

  • Any internal governance requirements

CSA acts only as a service provider, enabling the App to post alerts on behalf of the client.

9. Removal of the App

Clients may uninstall the App at any time through Slack → Manage Apps.

Upon removal:

  • The App immediately loses all access to the workspace

  • No additional logs or data are retained by CSA

  • Any stored tokens are invalidated or deleted

10. Updates to This Policy

CSA may update this Privacy Policy periodically to reflect operational changes, security updates, or compliance requirements. Any updates will be posted on the CSA website with a revised “Last Updated” date.

11. Contact Information

For questions about this Privacy Policy or the IRG Alerts – CSA application, contact:

Capitol Strategy Advisors, LLC
Email: info@capitolstrategyadvisors.com
Website: https://capitolstrategyadvisors.com

This is a frequently asked question?

This is a frequently asked question?