Privacy Policy

Last updated: 25 April 2026.

Leavely is operated by Valar Digital ("we", "us"). We built Leavely to track PTO for small Slack teams. This policy explains exactly what data we collect, what we do with it, and the controls you have.

Data we collect

When a Slack workspace installs Leavely, we store:

• Slack workspace ID and user IDs of your team members — these are opaque identifiers from Slack, not email addresses or full names.
• Bot token, encrypted at rest with AES-256-GCM. We use it to post approval messages, DMs, and announcements on the app's behalf.
• User tokens (only for users who click "Connect your status"), also AES-256-GCM encrypted. Used exclusively to set that user's Slack status during approved PTO.
• PTO requests you submit: start/end dates, leave type (vacation/sick/personal), optional free-text note, approval status.
• Workspace configuration: annual allowance, year-start month, approver, announcement channel, holiday country list, per-user allowance overrides.

We do not collect: email addresses, real names, profile photos, Slack messages outside of what is sent to Leavely, IP addresses beyond what's needed for the app to serve a request, or any data from channels or DMs that don't involve the app.

How we use it

• Route approval requests to your configured approver.
• Post approved-PTO announcements to the channel you picked.
• Calculate your balance when you ask.
• Update your Slack status to 🍃 during approved leave, if you've opted in.
• Generate CSV exports for your workspace admin on request.

We never use your data to train AI models, sell it to third parties, or send marketing messages.

Where it lives

Leavely stores data in a SQLite database on an encrypted Fly.io volume in the US East region (Ashburn, IAD). Fly.io holds a current SOC 2 Type II attestation. We do not sell, rent, or share your data with advertisers, data brokers, or any other third party for their own use. Data leaves our servers only in the specific cases listed below.

Who we share data with

Leavely transmits data to a small, fixed set of third-party processors, and only for the purposes described:

• Slack Technologies, LLC — we send messages, modals, status updates, and user-info lookups to the Slack workspace that installed Leavely. This is the core function of the app.
• Google LLC (Google Calendar API) — for users who connect Google Calendar, we send all-day event creates and deletes to www.googleapis.com on that user's primary calendar. See the dedicated section below.
• Fly.io, Inc. — our hosting provider. They store the encrypted database volume and snapshots. They do not access application data outside of platform operations.
• Functional Software, Inc. (Sentry) — our error monitoring provider. Stack traces and request metadata are sent here when the app errors. Bot tokens, user tokens, OAuth codes, and Google access/refresh tokens are scrubbed before transmission.

We do not share, transfer, or disclose data to any other third party. We do not use sub-processors beyond the four named above. We do not transfer data to advertising networks, analytics services, AI training providers, or affiliates. We will only disclose data outside this list if compelled by valid legal process, in which case we will notify the affected workspace admin unless legally prohibited from doing so.

Google user data

If you click "Connect Google Calendar" inside Leavely, you complete a Google OAuth flow that grants us the https://www.googleapis.com/auth/calendar.events scope. With this scope:

• What we access: Nothing is read from your calendar. We only call events.insert and events.delete on your primary calendar — we create one all-day event when your PTO is approved, and delete that event if the request is later cancelled.
• What we store: Your Google OAuth access token and refresh token, both AES-256-GCM encrypted at rest, plus the Google event IDs we created so we can delete them later. We do not store your email, name, calendar contents, or any other Google profile data.
• Who we share Google user data with: No one. Your Google tokens and event IDs are stored only on our Fly.io database volume. We do not transfer them to any third party, including advertisers, analytics providers, or AI/ML training systems. The only outbound calls that use your Google credentials go directly to Google's own APIs (oauth2.googleapis.com and www.googleapis.com) on your behalf.
• How we protect it: Tokens are encrypted with AES-256-GCM. The encryption key is held in Fly's secrets vault, separate from the database. Access tokens, refresh tokens, and OAuth authorization codes are stripped from any error reports sent to Sentry.
• How long we keep it: Until you disconnect (Slack app home → "Disconnect Google Calendar"), revoke access in your Google account, or your Slack workspace uninstalls Leavely. On any of these events the tokens are deleted within five minutes.

Leavely's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data to develop, improve, or train generalized AI/ML models.

How long we keep it

Until your workspace admin uninstalls Leavely from Slack. On uninstall we delete every row keyed to your workspace across every table (leave requests, user tokens, overrides, holidays, users, workspace config) within five minutes. For operational disaster recovery only, Fly.io takes automated daily volume snapshots with a 5-day rolling retention; these expire automatically and are never accessed outside a recovery incident.

Your rights

If you are a user of a workspace with Leavely installed, you can ask your workspace admin to:

• Export your PTO history at any time (/pto export).
• Delete your individual user override or stored user token (contact [email protected] — we'll verify the request through the workspace admin and action within 7 days).
• Uninstall Leavely and delete all workspace data (admin uninstalls through Slack; data deletion is automatic).

For GDPR / CCPA requests directly from an end user, please email [email protected]. We reply within 7 days. We are based in India; EU/UK data subjects retain all applicable rights regardless.

Security

• All traffic is HTTPS, enforced via HSTS.
• Slack signing secrets verify every inbound request — we reject unsigned payloads.
• Bot tokens and user tokens are encrypted with AES-256-GCM. The encryption key is held in Fly's secrets vault, not in the database.
• Production errors flow to Sentry with secrets and tokens redacted before they leave the app.

Changes

We'll update this page when our practices change. Material changes will be announced in the Leavely app's home tab at least 14 days before they take effect.

Contact

Questions, requests, bug reports: [email protected].