Effective Date: November 4, 2025
At TeamWeaver, we believe that understanding team collaboration shouldn't compromise individual privacy. This Privacy Policy explains how we collect, use, protect, and share information when you use our platform, including our integrations with Slack and Microsoft Teams.
Information We Collect
1. Account Information
When you create a TeamWeaver account, we collect:
- Name and email address
- Organization details (company name, size, industry)
- Role and department (if provided via org chart integration)
- Account credentials (securely hashed passwords)
2. Workspace Integration Data
When you connect TeamWeaver to your Slack or Microsoft Teams workspace, we collect:
From Slack:
- Workspace metadata: Workspace name, ID, and configuration
- User directory: User IDs, display names, email addresses, roles, and team assignments
- Channel information: Channel names, IDs, member lists, and creation dates
- Message metadata: Timestamps, sender/recipient information, thread structure, reaction counts
- Communication patterns: Message frequency, response times, cross-team interactions
From Microsoft Teams:
- Tenant metadata: Organization name, ID, and configuration
- User directory: User IDs, display names, email addresses, roles, and team assignments
- Team and channel information: Team names, channel names, IDs, member lists
- Message metadata: Timestamps, sender/recipient information, thread structure, reaction counts
- Communication patterns: Message frequency, response times, cross-team interactions
3. What We DON'T Collect
We want to be clear about what we do not access or store:
- ❌ Message content or text (we analyze patterns, not what you say)
- ❌ File attachments or shared documents
- ❌ Private/direct messages (only public channels and team communications)
- ❌ Personal communications outside work channels
- ❌ Passwords or authentication tokens (beyond initial OAuth)
- ❌ Location data, browsing history, or device information
4. Usage Data
We automatically collect:
- Platform usage: Features accessed, pages viewed, time spent
- Analysis history: When analyses are run, which teams are analyzed
- Performance data: Load times, errors, system health metrics
How We Use Your Information
We use collected information exclusively for the following purposes:
Primary Uses
Collaboration Analysis: Calculate SignalWeave, SyncWeave, and CycleWeave scores. Identify communication patterns and network topology. Detect decision cycles and learning patterns. Measure team participation and engagement.
Insights and Recommendations: Generate personalized improvement suggestions. Provide research-backed coaching (via Basil AI). Show trend analysis over time. Benchmark against industry standards.
Platform Operations: Authenticate users and maintain accounts. Provide customer support. Improve and optimize our algorithms. Ensure security and prevent misuse.
Secondary Uses
Aggregated Research: Create anonymized, aggregate insights about collaboration trends. Validate our algorithms against research findings. Improve our scoring models.
Important: We NEVER use your data for:
- ❌ Advertising or marketing to you
- ❌ Selling or renting data to third parties
- ❌ Employee monitoring or surveillance
- ❌ Individual performance evaluation (our analysis is team-level only)
Data Retention
We retain different types of data for different periods:
Retention Periods:
- Account data: Retained while your account is active
- Message metadata: Retained for 90 days for trend analysis, then automatically deleted
- Aggregated scores: Retained permanently (anonymized, team-level only)
- Analysis history: Retained for 2 years or until account deletion
- Support tickets: Retained for 3 years for legal/operational purposes
When You Delete Your Account:
- Account data deleted within 30 days
- All personal metadata permanently removed
- Only anonymized, aggregated statistics remain (no individual identifiers)
- Workspace integrations immediately disconnected
Legal Hold Exception: Data may be retained longer only if required by law, legal process, or to protect rights and safety.
How We Share Information
We take data sharing seriously and limit it to these scenarios:
Within Your Organization
- Authorized users (admins, team leaders) can view team-level insights
- No individual-level data is ever shown in reports or dashboards
- Access controls based on organizational roles
Service Providers
We work with trusted partners who help us operate TeamWeaver:
- Cloud hosting: Microsoft Azure (encrypted storage and compute)
- AI services: Azure OpenAI (for Basil AI coaching and analysis)
- Authentication: NextAuth.js (open-source, self-hosted)
- Analytics: Error tracking and performance monitoring
All service providers:
- ✅ Are contractually obligated to protect your data
- ✅ Can only use data for providing services to us
- ✅ Must comply with this Privacy Policy
- ✅ Are subject to regular security audits
Legal Requirements
We may disclose information if required to:
- Comply with valid legal process (subpoena, court order)
- Enforce our Terms of Service
- Protect rights, property, or safety of TeamWeaver, users, or public
- Prevent fraud or security threats
Business Transfers
If TeamWeaver is involved in a merger, acquisition, or sale:
- Your data may be transferred to the new entity
- You'll be notified before any transfer
- Privacy protections will continue to apply
Integration-Specific Details
Slack Integration
Permissions Requested:
- channels:read - Read public channel information
- channels:history - Access public channel message metadata
- users:read - Access user directory and profiles
- team:read - Access workspace information
OAuth Scope: We use Slack's OAuth 2.0 for secure, user-authorized access. You can revoke access anytime through Slack's App Management.
Data Flow: You authorize TeamWeaver via Slack OAuth. We fetch metadata (not content) for selected channels. Data is processed to calculate collaboration scores. Scores are displayed in TeamWeaver dashboard. Metadata is automatically deleted after 90 days.
Microsoft Teams Integration
Permissions Requested:
- Team.ReadBasic.All - Read team names and descriptions
- Channel.ReadBasic.All - Read channel names and structures
- ChannelMessage.Read.All - Read message metadata (timestamps, participants)
- TeamMember.Read.All - Read team member list and roles
- User.Read - Read user profile information
Azure AD Integration: We use Microsoft's Azure AD multi-tenant authentication for secure access. You can revoke access through your organization's Azure AD app permissions.
Data Flow: You authorize TeamWeaver via Azure AD consent. We fetch metadata (not content) for selected teams/channels. Data is processed to calculate collaboration scores. Scores are displayed in TeamWeaver dashboard. Metadata is automatically deleted after 90 days.
Resource-Specific Consent (RSC): For Teams, we use RSC permissions that are granted per-team, giving you granular control over which teams TeamWeaver can analyze.
Data Security
We implement industry-standard security measures to protect your information:
Technical Safeguards:
- Encryption in transit: TLS 1.3 for all data transmission
- Encryption at rest: AES-256 encryption for stored data
- Access controls: Role-based access with principle of least privilege
- Authentication: Multi-factor authentication available for all accounts
- Secure infrastructure: Microsoft Azure with SOC 2 Type II compliance
Organizational Safeguards:
- Regular security audits and penetration testing
- Employee training on data protection
- Incident response plan with 24-hour notification commitment
- Limited personnel access to production systems
- Comprehensive audit logging
Monitoring:
- Continuous monitoring for unauthorized access
- Automated alerts for suspicious activity
- Regular vulnerability scanning and patching
Your Privacy Rights
Depending on your location, you may have specific rights under privacy laws like GDPR (Europe) or CCPA (California). We honor these rights globally for all users:
1. Access & Portability
- Request a copy of all personal data we hold about you
- Receive data in a portable, machine-readable format (JSON)
- Response time: 30 days
2. Correction & Update
- Update inaccurate or incomplete information
- Available directly through your account settings
- Changes reflected immediately
3. Deletion ("Right to be Forgotten")
- Request complete deletion of your account and data
- Processing time: 30 days
- Some data may be retained if required by law
4. Restriction & Objection
- Limit how we process your data
- Object to certain processing activities
- We'll honor requests unless we have compelling legitimate grounds
5. Data Portability
- Export your data to another service
- Includes all scores, analysis history, and settings
- Available in JSON format
6. Withdraw Consent
- Revoke authorization for Slack/Teams integration anytime
- Disconnect integration through Settings
- Data deletion follows our retention policy
How to Exercise Your Rights:
Option 1: Self-Service - Log into TeamWeaver. Go to Settings → Privacy. Use privacy dashboard tools.
Option 2: Contact Us - Email privacy@teamweaver.ai with subject "Privacy Request - [Your Name]". We'll respond within 30 days.
Option 3: Data Protection Officer - Available for GDPR-related requests. Contact through privacy@teamweaver.ai.
International Data Transfers
TeamWeaver is based in the United States. If you're accessing our service from outside the U.S., your information will be transferred to, stored, and processed in the United States.
Safeguards:
- We comply with applicable data protection laws
- Use Standard Contractual Clauses (SCCs) for EU data transfers
- Implement additional safeguards as required by law
Your Consent: By using TeamWeaver, you consent to the transfer of your information to the United States and other countries where we operate.
Children's Privacy
TeamWeaver is designed for workplace use and is not intended for children under 16. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us at privacy@teamweaver.ai.
Cookies and Tracking
We use cookies and similar technologies to:
- Maintain your login session
- Remember your preferences
- Analyze platform usage
- Ensure security
Types of Cookies:
- Essential: Required for platform functionality (cannot be disabled)
- Analytics: Help us understand usage patterns (can be disabled)
- Preferences: Remember your settings (can be disabled)
Your Control: Manage cookie preferences through your browser settings or our cookie banner (on first visit).
Do Not Track: We currently do not respond to Do Not Track (DNT) signals, as there is no industry standard. We may implement DNT support in the future.
Changes to This Policy
We may update this Privacy Policy to reflect:
- Changes in our practices
- Legal or regulatory requirements
- New features or integrations
Notification of Changes:
- Material changes: Email notification 30 days before effective date
- Minor changes: Updated "Last Modified" date at top of policy
- Your options: If you disagree, you may delete your account
History: Previous versions available upon request at privacy@teamweaver.ai.
Contact Us
Privacy Questions or Concerns: Email privacy@teamweaver.ai (Response Time: Within 3 business days)
Data Protection Officer (GDPR): Email dpo@teamweaver.ai (Available for GDPR-related requests, EU data subjects)
General Inquiries: Email support@teamweaver.ai, Website: https://www.teamweaver.ai
Mailing Address: TeamWeaver, Inc., San Francisco, CA, United States
Regulatory Compliance
TeamWeaver complies with applicable privacy laws and regulations, including:
- ✅ GDPR (General Data Protection Regulation) - European Union
- ✅ CCPA (California Consumer Privacy Act) - California, USA
- ✅ PIPEDA (Personal Information Protection and Electronic Documents Act) - Canada
- ✅ UK GDPR - United Kingdom
- ✅ Privacy Shield (where applicable)
Certifications and Audits:
- SOC 2 Type II compliance (in progress)
- ISO 27001 certification (planned for 2026)
- Regular third-party security audits
Appendix: Legal Basis for Processing (GDPR)
For EU users, our legal basis for processing your personal data:
Account creation & management: Contract performance
Collaboration analysis: Legitimate interest (improving team performance)
Platform improvements: Legitimate interest (product development)
Marketing communications: Consent (opt-in required)
Legal compliance: Legal obligation
Security & fraud prevention: Legitimate interest (protecting our services)
Legitimate Interest Assessment: We've assessed that our legitimate interest in analyzing team collaboration patterns does not override individual privacy rights, as:
- Analysis is team-level, not individual
- Data is pseudonymized where possible
- Retention is limited (90 days)
- Purpose is beneficial (improved team performance)
Appendix: Data Processing Addendum
For enterprise customers requiring a Data Processing Agreement (DPA), please contact sales@teamweaver.ai. Our standard DPA includes:
- Processor obligations under GDPR
- Security commitments
- Sub-processor list
- International transfer mechanisms
- Audit rights
This Privacy Policy is effective as of November 4, 2025 and supersedes all previous versions.
© 2025 TeamWeaver, Inc. All rights reserved.
