> ## Documentation Index
> Fetch the complete documentation index at: https://docs.gitnotifier.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security and Privacy

> Review GitNotifier security and privacy practices, including OAuth protections, webhook signature checks, token handling, and minimal data storage.

## Authentication and Integrations

* GitHub and Slack integrations use OAuth flows.
* Request signatures are validated for Slack and GitHub webhooks.
* OAuth state and PKCE protections are used in the Slack-initiated GitHub flow.

For detailed Slack OAuth scopes and rationale, see [Slack Permissions](./slack-permissions).

## Token Handling

* Integration tokens are stored server-side.
* Reconnect flows are supported when tokens expire or are revoked.

## Data Scope

GitNotifier stores only data needed to deliver notifications and preferences (for example, account mapping and reminder/mute preferences).

## Team Access Model

* Only the admin needs to complete initial app setup.
* Team members connect later via invitation or Slack App Home flow.
