OfficeLunch

Legal

Privacy Policy

Last updated May 12, 2026

This Privacy Policy describes how Office Lunch Management (“we”, “us”, or “the Service”) collects, uses, and shares information when you use our web application at officelunch.app and the related Slack integration.

Information we collect

Account information

When you create an account we store your name, email address, and authentication identifiers from the OAuth provider you sign in with (GitHub or Google). We also store the organizations you are a member of and your role within each organization.

Lunch and opt-in data

We store the restaurants, orders, votes, and daily opt-ins that you and your teammates create inside the Service so we can render the dashboards and reminders the product is built to provide.

Slack workspace data

When an admin installs the Office Lunch Management Slack app for an organization, we store:

  • The Slack workspace (team) ID and team name.
  • An OAuth bot access token, encrypted at rest, used only to send messages on behalf of the connected workspace.
  • The Slack user IDs of members in your organization, linked to their accounts in our Service by matching email addresses, so we can deliver direct messages.
  • A record of reminders and notifications we have sent so we do not send duplicates.

We do not read messages from your Slack workspace, do not request access to channels or files, and only request the minimum scopes needed to send DMs and look up users by email (chat:write, im:write, users:read, users:read.email).

Usage and operational data

We log standard request metadata (IP address, user-agent, timestamps, and error traces) to operate, secure, and debug the Service. We do not sell this information.

How we use information

  • To operate the Service: render dashboards, accept orders, and track opt-ins.
  • To deliver Slack reminders and winner notifications you have opted into.
  • To authenticate you and protect your account from abuse.
  • To respond to support requests you send to us.
  • To comply with legal obligations.

How we share information

We share data with the service providers required to run the Service — our hosting provider, our database provider, our email delivery provider, and Slack (when you use the Slack integration). We do not sell personal information, and we do not share it with advertisers.

Data retention

We retain account and lunch data for as long as your account is active. You can delete your account or disconnect the Slack integration at any time from the admin dashboard, which removes the stored Slack tokens and member links for that workspace. Backups are purged on a rolling 30-day schedule.

Your choices

  • Disconnect Slack: An organization owner or admin can disconnect the Slack workspace from Admin → Integrations → Slack at any time. Disconnecting deletes the stored bot token and member links.
  • Opt out of reminders: Individual users can adjust their Slack reminder preferences from /slack/preferences.
  • Delete your account: Contact us at [email protected] and we will delete your account and associated data.

Security

Slack bot tokens are encrypted at rest. We use HTTPS for all traffic and follow standard industry practices for securing user data. No system is perfectly secure, but we work continuously to protect the information you entrust to us.

Children

The Service is not directed to children under 13 and we do not knowingly collect their data.

Changes to this policy

We will update this page when this policy changes and revise the “Last updated” date above. Material changes will be communicated through the Service.

Contact

Questions about this Privacy Policy or about how your data is handled can be sent to [email protected] or submitted via our contact form.