Donut uses Slack's standard bot permissions (via Slack’s “bot” OAuth scope), which means that Donut has access to the standard minimum amount of information for a bot on Slack. Refer to the table at the bottom of this page for a list of the actions that can be taken by a bot on Slack and the information it can access.
Channel and Message Access
Donut's access to messages in Slack is quite limited, for two main reasons:
- Donut only has access to messages in channels (or groups or DMs) where Donut is a member, and only the messages sent while Donut is in the channel (i.e. nothing from before it joined or after it leaves the channel).
- The Donut bot is not able to join channels on its own — it must be invited by a human user on your team.
This means that Donut does not have access to anyone's private DMs (unless it's a DM with Donut), nor does Donut have access to any public or private channel content unless someone from your team has explicitly added Donut to the channel.
Donut is hosted on Heroku and benefits from their world-class security. We leverage Slack’s OAuth for signing into our website, making Donut as secure as Slack. Our website and servers use HTTPS over SSL (TLS 1.3) to protect your data. Donut is being used by Fortune 500, FinTech, and cloud-security companies, among others.