Deckchair

Privacy Policy

Last updated: May 12, 2026

Avenus ("Avenus", "we", "our", "us") operates the Deckchair platform ("Deckchair") and is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Deckchair.

Information We Collect

We collect information you provide directly to us:

  • Account information: name, email address, and organisation details when you sign up
  • Leave data: leave requests, approvals, balances, and related records created through the platform
  • Payment information: billing details processed securely through Stripe (we never store card numbers)
  • Communications: messages you send us through the contact form or email
  • Slack integration (if your organisation installs the Slack app): OAuth bot and user tokens, Slack workspace, user, and channel identifiers, and basic profile information (name, email) used to match Slack users to their Deckchair accounts. We also receive payloads from the /deckchair slash command, button interactions (e.g. Approve / Decline clicks on leave requests), and Slack event subscriptions such as app_uninstalled and tokens_revoked.

How We Use Your Information

  • To provide and maintain our service
  • To process transactions and send billing-related communications
  • To send service notifications (leave request updates, approvals, invitations)
  • To respond to your enquiries and support requests
  • To improve our platform and develop new features

Data Sharing

We do not sell your personal data. We share data only with:

  • Service providers: Stripe (payments), Resend (email delivery), and hosting providers necessary to operate the platform
  • Slack (when your organisation enables the integration): we send leave-related direct messages, daily who's-off digests, slash command responses, and scheduled status updates to Slack on your behalf, and Slack returns tokens and interaction payloads as described above. Use of the integration is also governed by Slack's own privacy policy.
  • Your organisation: leave data is visible to authorised members within your organisation as determined by role permissions
  • Legal requirements: when required by law or to protect our rights

Data Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encryption at rest for sensitive credentials such as Slack OAuth bot and user tokens (AES-256-GCM), secure session management, and rate limiting.

Data Retention

We retain your data for as long as your account is active. When you delete your account, we remove your personal data within 30 days, except where we are required to retain it by law. Slack OAuth tokens and integration-specific records are deleted immediately when your organisation uninstalls the Slack app or when an individual member disconnects their Slack account from Preferences, and are also revoked automatically when we receive an app_uninstalled or tokens_revoked event from Slack.

Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Export your data in a portable format. Sign in and use Preferences → Your data → Download my data. We return a JSON archive containing your profile, memberships, leave requests, balances, and notification preferences.
  • Delete your data. Email us at hello@avenus.co to request deletion. We respond within 30 days. If you belong to an organisation managed by an employer, your leave records are part of that organisation's HR data - please contact your organisation's admin first to discuss removal from their system, since the employer is the controller for that data and may have statutory retention obligations we are not empowered to override.

Contact Us

If you have questions about this Privacy Policy, contact us at hello@avenus.co.