Donut uses Slack's new Granular Permissions in order to request only the permissions we need to make the app function. When you install Donut on your Slack workspace Slack will be present you with a list of the specific permissions that Donut requests, and you will have an opportunity to approve or reject those permissions.
Channel and Message Access
Donut's access to messages in Slack is quite limited, for two main reasons:
Donut only has access to messages in channels or DMs where Donut is a member, and only the messages sent while Donut is in the channel (i.e. messages sent before Donut joins or after Donut leaves the channel are not accessible).
Donut only needs to be in the channel(s) that you want to use for making Donut introductions. Consequently Donut will only be a member of channels that a user invites it to or where a user explicitly sets up Donut introductions.
This means that Donut does not have access to anyone's private DMs (unless it's a DM with Donut), nor does Donut have access to any public or private channel content unless someone from your team has explicitly added Donut to the channel.
Donut is hosted on Heroku and benefits from their world-class security. We leverage Slack’s OAuth for signing into our website, making Donut as secure as Slack. Our website and servers use HTTPS over SSL (TLS 1.3) to protect your data. Donut is being used by Fortune 500, FinTech, and cloud-security companies, among others.