LEAD.Bot Privacy FAQ

LEAD is GDPR Compliant and EU-US Privacy Shield certified. You can find out more on our website at the following locations:

LEAD is also required to go through a review process with Slack and Microsoft before our apps are approved to be listed in their stores. Those stores have more details about the API scopes granted to our app.

 

 

Frequently Asked Questions

 

1. Setup Instructions

  • The app can be installed directly through the app store of Microsoft and Slack. You can find links to each app store directly on our website, as well as installation instructions.

 

 

2. Access

  • Access is granted through authentication using either the Slack or Microsoft API (depending on the chosen platform). The installation user will be given Administrator privileges, and we can grant the same privileges to additional users upon request. These users will be able to alter matching schedules, change messages that match receive, and alter other configurations within the LEADBot application.

 

 

3. Security Measures

  • Our team undergoes quarterly security reviews and has in place an Incident Response Policy for any security-related issues and also manages a Vulnerability Disclosure Program.
  • Our Internal Threat Model documentation contains more details on our infrastructure and security, and is available upon request for eligible customers.

 

 

4. Payment Information

  • We do not currently have payment integration on our platform. Any future integrations will be PCI compliant, and our team plans to onboard with Stripe for Enterprise plans later this year.

 

 

5. Hosting Provider Details

  • All data is hosted on encrypted volumes in Amazon AWS in the US-East-1 Region
  • All servers use EBS volume encryption, databases are stored on volume encrypted RDS instances, database backups are stored on encrypted S3 volumes and deleted after 7 days, and all data in transit is encrypted. Additionally, select sensitive fields are field level encrypted in the database.

 

 

6. Do you have hosting possibilities in Europe?

  • At present, we’re only able to host in the United States. We do have hundreds of European companies using us this way, however if there is sufficient customer demand we’d be able to work on regional offerings.

 

 

7. Does the LEAD.bot chat window allow users to share files or capture or record of a conversation? 

  • The LEAD.Bot chat window only allows users to exchange plain text messages. For security and privacy reasons, no media (gifs, images, video), executables, documents, or other content can be shared through LEAD.Bot.

 

 

8. What data does LEAD.bot collect for Microsoft Teams? 

  • The user data collected is limited to first name, last name, given name, email address, account type (Administrator, etc) and messages that users send directly to LEAD.Bot. The organization data we are granted access to primarily comes in the form of randomized IDs. The sensitive organization data we collect is limited to the Team name of the Team LEAD.Bot has been added to. This is used when we match users we can send them a message in format: “<User1> you’ve been matched with <User2> because you’re both members of the Team: Coffee Matching“.

 

 

9. Will this solution be offered to all users on the platform?

  • LEAD.Bot can be added to an existing Team in Microsoft Teams, or Channel in Slack, to enable matching for a particular set of users. Some users, instead, create a new Team (in Microsoft Teams) or channel (in Slack) and announce to their users that they can join to opt-in to matching. Only users that are members of a Team or Channel that LEAD.Bot has been added to will be available to LEAD.Bot for matching.

 

 

10. In the Privacy Document, there is a paragraph written as this: LEAD Collect and store content that you send and receive, the groups you belong to, and your interaction with your friends, mentors and colleagues. This content includes any information about you that you may choose to include. Examples of content we collect and store include: the title of your matching channel/Team names, surveys created and the audience you are sending them to. Content also includes the messages and links you upload to the Services. What does this actually mean? 

  • Most of what this statement covers applies to users on our web-based product, which offers more advanced functionality, but is not relevant to the Teams product.

    Many areas will not be relevant for the Teams product (such as surveys, group membership, interactions with other users). For our Teams product, we have access to the name of the Team that our bot has been added to, messages sent to our bot by users, and basic user profile information for users in the Team that LEAD.bot has been added to (first name, last name, email, account type). 

    See the answer above to the question “What data does LEAD.bot collect for Microsoft Teams?“ for a complete list of data we collect, and how we use it.

 

 

11. Is the data you collect differently between the paid plans and free plans?

  • Yes. The content detailed in this document primarily answers the privacy & security questions for our free product offerings in Slack and Microsoft Teams.
  • We are at capacity for onboarding new paid partners at the moment. However, if you would like to inquire about our paid plans, please email hi@lead.app with your ideal use cases, or schedule a Zoom call with our customer success department.
  • We encourage new customers to try out our free product first as we believe most of the frequently requested features are covered in the free product. 

 

 

12. Have the terms of service and privacy documents in your company reviewed and approved by legal & privacy experts?

  • Yes. Please check out the dates on the documents to see the dates they are approved. All legal documentation is built in collaboration with company lawyers who specialize in privacy.

 

 

13.  Is this application developed by Microsoft or part of their certification program?

  • No, however, LEAD went through a review process with Microsoft before our apps were approved to list in their stores. Additionally, LEAD is part of Microsoft’s startup program.

 

 

14. Is this application developed by Slack or part of their certification program?

  • No, however, LEAD went through a review process with Slack before our apps were approved to list in their store, and Slack employees are required to approve all API permissions requests for our app. 

 

 

Have other questions? email security@lead.app for any technical questions, or hi@lead.app for business-related questions. Thank you very much!