Nudge Security for Slack nudges
Nudge Security helps modern organizations manage SaaS security and governance at scale. Its patented approach to SaaS discovery provides a continuous inventory of SaaS assets starting from Day One without any reliance on network or endpoint monitoring systems. AI-powered insights surface high-priority areas of risk and opportunities to optimize SaaS spend. With a human-centric approach to automatically engaging SaaS users, customers can regain control of technology governance while minimizing friction for the business.When you use Nudge Security with Slack (this app), you’ll be able to send automated Slack messages that nudge SaaS end users and business owners to take simple, yet effective steps to help secure your SaaS apps, identities, and data. Users can review and respond to nudges directly from Slack.Examples of nudges:
• Provide info on why and how you’ll use a new SaaS tool
• Enable multi-factor authentication on your SaaS accounts
• Acknowledge an AI acceptable use policy as you experiment with AIIn addition, Nudge Security administrators can subscribe to receive custom Slack notifications and alerts.Nudge Security rallies everyone in the organization to secure and manage access to the SaaS and AI tools you rely on without disrupting the pace of modern work. Learn more at www.nudgesecurity.com
• Provide info on why and how you’ll use a new SaaS tool
• Enable multi-factor authentication on your SaaS accounts
• Acknowledge an AI acceptable use policy as you experiment with AIIn addition, Nudge Security administrators can subscribe to receive custom Slack notifications and alerts.Nudge Security rallies everyone in the organization to secure and manage access to the SaaS and AI tools you rely on without disrupting the pace of modern work. Learn more at www.nudgesecurity.com
Permissions
Nudge Security for Slack nudges will be able to view:
Nudge Security for Slack nudges will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
General
Developer
Nudge Security, Inc.
Company headquarters location
United States
Terms of service
Privacy & data governance
Data retention policy
Customer data is retained for as long as the account is in active status. Data enters an “expired” state when
the account is voluntarily closed. Expired account data will be retained for 30 days. After this period, the
account and related data will be removed. Customers that wish to voluntarily close their account should
download their data manually or via the API prior to closing their account.
If a customer account is involuntarily suspended, then there is a 30 days grace period during which the
account will be inaccessible but can be reopened if the customer meets their payment obligations and
resolves any terms of service violations.
If a customer wishes to manually backup their data in a suspended account, then they must ensure that
their account is brought back to good standing so that the user interface will be available for their use.
After 7 days, the suspended account will be closed and the data will enter the “expired” state. It will be
permanently removed 30 days thereafter (except when required by law to retain).
Data archiving and removal policy
Customer data is retained for as long as the account is in active status. Data enters an “expired” state when
the account is voluntarily closed. Expired account data will be retained for 30 days. After this period, the
account and related data will be removed. Customers that wish to voluntarily close their account should
download their data manually or via the API prior to closing their account.
If a customer account is involuntarily suspended, then there is a 30 days grace period during which the
account will be inaccessible but can be reopened if the customer meets their payment obligations and
resolves any terms of service violations.
If a customer wishes to manually backup their data in a suspended account, then they must ensure that
their account is brought back to good standing so that the user interface will be available for their use.
After 7 days, the suspended account will be closed and the data will enter the “expired” state. It will be
permanently removed 30 days thereafter (except when required by law to retain).
Data storage policy
Nudge Security hosts on Amazon Web Services (AWS) in the US-East-1 (N. Virginia) region by
default.
All Nudge Security employees adhere to the following processes to reduce the risk of compromising
Production Data:
• Implement and/or review controls designed to protect Production Data from improper alteration
or destruction.
• Ensure that confidential data is stored in a manner that supports user access logs and automated
monitoring for potential security incidents.
• Ensure Nudge Security Customer Production Data is segmented and only accessible to
Customer authorized to access data.
• All Production Data at rest is stored on encrypted volumes using encryption keys managed by
Nudge Security.
• Volume encryption keys and machines that generate volume encryption keys are protected from
unauthorized access. Volume encryption key material is protected with access controls such that
the key material is only accessible by privileged accounts.
Nudge Security employee access to production is guarded by an approval process and by default is
disabled. When access is approved, temporary access is granted that allows access to production.
Production access is reviewed by the security team on a case by case basis.
Customer data is logically separated at the database/datastore level using a unique identifier for the
customer. The separation is enforced at the API layer where the client must authenticate with a chosen
account and then the customer unique identifier is included in the access token and used by the API to
restrict access to data to the account. All database/datastore queries then include the account identifier.
Data center location(s)
United States
Data hosting details
Cloud hosted
Data hosting company
Amazon AWS
App/service has sub-processors
no
App/service uses large language models (LLM)
no
Certifications & compliance
SOC attestation
Data deletion request procedure
We allow in-product requests to delete all data from an organization once a trial has started or a customer is deployed.
HIPAA compliant
no
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack Marketplace, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Security
Date of latest pen test
2024-07-11
Executive summary is available to potential customers upon request
yes
Supports Single Sign On (SSO) with the following providers
Google Workspaces, Office 365, Okta
Supports Security Assertion Markup Language (SAML)
no
Has a dedicated security team
yes
Contact for security issues
Has a vulnerability disclosure program
no
Has a bug bounty program
no
Requires third party authorization/connections
yes
Third party services used by this app
AWS, Teleport, Google Cloud, Atlassian, Segment, Auth0, Datadog..
Uses token rotation
yes