API Documentation

Privacy Policy for Slack

Your privacy is important to us. No, seriously, it is important to us. This statement was written by the Founder & CEO of MetaCert. So it’s a promise from management, rather than a typical legal statement copied from another website.

The way we use information

We will never share the personally identifiable information provided to us online. We use Google analytics and Mixpanel to help us better understand how people find out about us and to help us improve the user experience of our website.

We do not use cookies to collect or store any kind of information about you.

We will never opt you into any email marketing campaigns. If you sign up for blog post notifications, we will only email you about new posts. If you sign up for our Security API service, we will only email you about important updates related to this service. We will not try to cross sell other services to you.

We will never share your email address with anyone for any reason.

Slack Installation

When installing the MetaCert security app for Slack, you give us Admin Permissions. This is necessary for us to provide the level of protection that is required of open communities such as those within the Cryptocurrency world.

We request a list of OAuth scopes as part of an OAuth-based installation process, getting assigned specific scopes and resource combinations by the installer ( when call them the MetaCert “Champion”). But it’d be pretty tedious for every user that wants to be protected by our app to have to also go through this installation flow.

OAuth scopes let us specify exactly how our app needs to access a Slack user’s account. As an app developer, we specify our desired scopes in the initial OAuth authorization request. When a user is responding to our OAuth request, the requested scopes will be displayed to them when they are asked to approve our request.

Slack’s system of OAuth permission scopes governs usage of Slack Apps and their use of the Web API, Events API, RTM API, Slash Commands, and Incoming Webhooks.


By default, our app is installed into every Public Channel and Private Channel. While this isn’t necessary for most third-party apps and chatbots on Slack, it has been the most requested feature by our customers as they feel it’s important to the security of their organization or community. You can deselect both Public and Private Channels from your dashboard at any time and it’s very easy to use.

Direct Messages

By default, and with an exception of the Champion who installed our app, MetaCert does not monitor URIs inside Direct Messages (DMs).

To enable link check protection inside of DMs each user has to authorize MetaCert to do so.

We encourage Cryptocurrency Communities to ask users to authorize MetaCert to monitor their DMs so it can protect them from phishing attacks. Users can only authorize MetaCert to monitor URIs inside their DMs when our app has already been installed to a Team administrator.

Users can authorize MetaCert to protect their DMs by visiting https://metacert/auth/users They will receive an authorization page similar to the screenshot above. Again, MetaCert is not designed to read message content. Our app only has the ability to monitor and analyze URIs.

Slackbot Reminders

MetaCert monitors all URIs posted by users via the Slackbot Reminder as this is one of the most widely used attack vectors inside Slack on Cryptocurrency Communities.

MetaCert does not read message content

MetaCert does not read any message content. Our app is designed to listen out for and analyze URIs.

Our commitment to data security

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

How you can access or correct your information

You can access all your personally identifiable information that we collect online by contacting us at the following email address partners@metacert.com

To protect your privacy and security, we will also take reasonable steps to verify your identity before granting access or making corrections.