Security

Our Commitment

TryCatchUp processes your team's Slack conversations to generate project intelligence. We take that responsibility seriously. Our architecture, vendor selection, and operational practices are designed around a simple principle: collect only what's needed, process it in accordance with this policy, and give you control over your data.

For security questions or to report a vulnerability, contact security@trycatchup.com.

Minimal Access by Design

TryCatchUp only accesses channels the bot has been explicitly added to. It cannot access private channels, direct messages between users, or any channel where it has not been invited. Removing the bot from a channel stops all processing for that channel.

TryCatchUp has no web dashboard, no user accounts, and no login system outside of Slack. All interaction occurs within the Slack interface.

Infrastructure

TryCatchUp runs on commercially hosted infrastructure in the United States. We use serverless compute, managed database services, and encrypted object storage from established cloud providers. All secrets and credentials are stored in encrypted key management systems and are never logged.

Encryption

All data in transit between TryCatchUp and Slack, and between internal services, is encrypted via TLS. All data at rest — including stored messages, configuration, and archived files — is encrypted using industry-standard methods.

Sub-Processors

TryCatchUp uses third-party sub-processors to provide the service. Message content is sent to AI language model providers for summarization and analysis. We also use third-party services for error monitoring, payment processing, and cloud infrastructure.

Our AI sub-processors' API terms of service prohibit the use of API inputs for model training. Our payment processor never receives Slack message content.

We do not sell, rent, or share your data with advertisers, data brokers, or any unrelated third parties. A current list of sub-processors is available upon request by contacting security@trycatchup.com.

PCI Compliance

We do not store, process, or transmit credit card information. All payment processing is handled by a PCI Level 1 certified payment provider. Card details never touch our infrastructure.

Data We Collect

When the bot is added to a channel, TryCatchUp may collect:

• Workspace identity (team ID, workspace name)
• Messages in monitored channels (text, author ID, timestamps, thread structure)
• Canvas content attached to monitored channels
• Direct messages sent to the bot
• Participant user IDs, display names, and timezones
• Channel metadata (topic and purpose)

We do not collect Slack user passwords, SSO credentials, or messages from channels the bot has not been added to.

Data Retention

• Messages are retained in our primary database for up to 90 days, after which they may be archived in encrypted storage or deleted.
• Temporary processing records are purged automatically within 24 hours.
• Generated outputs (digests, extracted summaries) are retained for the duration of the subscription.
• Removing the bot from a channel stops collection for that channel.
• Uninstalling the app from a workspace revokes the bot token.

To request deletion of stored data associated with your workspace, contact security@trycatchup.com.

Cookies and Tracking

TryCatchUp's web-facing endpoints are limited to the OAuth installation flow and payment checkout redirects. We do not use cookies, analytics pixels, fingerprinting, or third-party tracking scripts.

Incident Response

In the event of a confirmed security breach affecting your data, we will notify impacted workspaces in a timely manner with a description of the incident, the categories of data involved, and the measures taken in response.

Changes to This Policy

We may update this page from time to time. Material changes will be communicated through the product or via contact information on file.