Cupcake uses Slack's new Granular Permissions in order to request only the permissions we need to make the app function. When you install Cupcake on your Slack workspace Slack will be present you with a list of the specific permissions that Cupcake requests, and you will have an opportunity to approve or reject those permissions.
Channel and Message Access
Cupcake's access to messages in Slack is quite limited, for two main reasons:
- Cupcake only has access to messages in channels or DMs where Cupcake is a member, and only the messages sent while Cupcake is in the channel (i.e. messages sent before Cupcake joins or after Cupcake leaves the channel are not accessible).
- Cupcake only needs to be in the channel(s) that you want to use for Cupcake celebrations. Consequently Cupcake will only be a member of channels that a user invites it to or where a user explicitly sets up Cupcake celebrations.
This means that Cupcake does not have access to anyone's private DMs (unless it's a DM with Cupcake), nor does Cupcake have access to any public or private channel content unless someone from your team has explicitly added Cupcake to the channel.
Cupcake is hosted on Heroku and benefits from their world-class security. We leverage Slack’s OAuth for signing into our website, making Cupcake as secure as Slack. Our website and servers use HTTPS over SSL (TLS 1.3) to protect your data. Cupcake is being used by Fortune 500, FinTech, and cloud-security companies, among others.