Since Jolly is deeply integrated into your Slack organization and gains access to the list of users and their birthdays, you may have some concerns regarding the security of Jolly.

What authentication does Jolly use?

Jolly is built on top of Slack's OAuth2 protocol and gains access to your Slack workspace only by that protocol. Please visit https://oauth.net/2 to learn more about OAuth2 and https://api.slack.com/authentication/oauth-v2 to learn more about Slack's OAuth2 protocol.

How are requests from Slack authenticated?

Every time you or your team member clicks "Set my birthday" or has any interaction with Jolly, Slack sends an HTTP request to Jolly's servers. Those requests are verified to make sure they are actually coming from Slack, and each request contains a specific token that identifies your workspace. Read more: https://api.slack.com/authentication/verifying-requests-from-slack

Visiting Jolly via the browser

Managing your workspace's billing settings, manually managing your Jolly users and onboarding Jolly into your workspace is all performed via the web browser.

Visiting Jolly via the web browser will prompt you to sign in with your Slack account. The sign-in flow is built on top of Slack's OpenID Connect protocol to gain access to your Slack user account. Please visit https://openid.net/developers/how-connect-works/ to learn more about OpenID Connect and https://api.slack.com/authentication/sign-in-with-slack to learn more about Slack's OpenID Connect protocol.

Access to Jolly webpages is restricted to HTTPS-encrypted connections with TLS 1.2 and higher.

Where is Jolly data stored?

Jolly's database is hosted and managed within Amazon's secure data centers and utilize the Amazon Web Service (AWS). Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon's data center operations have been accredited under:

Can Jolly read messages? What permissions does it have?

No, Jolly cannot read any messages sent in any public nor private channels or direct messages between users. Jolly can only read messages that are directly sent to it via the "Messages" tab in the Jolly's App Home.

Permssions that Jolly has in your workspace are:

What data does Jolly collect? (apart from birthdays & work anniversaries)

On our own servers and databases, Jolly collects the following information about your Slack workspace and your Slack users:

Your workspace's name, unique Slack ID and avatar URL

This data is only used to display name and avatar when onboarding, managing billing settings and managing users for easier identification. We may also occasionally reach out to you to ask for your feedback about Jolly.

Authorization token for your workspace

We need to interact with Slack API on behalf of your workspace, send data to your Slack workspace, send celebrations, etc. This token is provided to us by Slack upon installation and encrypted at rest using AES-256 encryption.

User's names, avatar, unique Slack ID and email address

Both name and email are encrypted at rest using AES-256 encryption. We collect them so that we can offer a better experience for our customers — for importing birthdays/anniversaries from a file, for integrating with HRIS systems, etc.

Request logs

Every time somebody from your workspace interacts with Jolly, sends it a message, or when Jolly interacts back with your workspace, we store that interaction. However, this is only done so we can investigate potential errors. We encrypt every request payload, and every response from Slack API at rest using AES-256 encryption.

All logs are completely removed from our database after a week.


Even though our complete payment system is handled by Paddle, we store all past invoices for your workspace. We need to store them even if you remove your Jolly account for legal purposes.

Join hundreds of teams already using Jolly

"Since adding Jolly to our organization, the days of scrambling to remember everyone's special day or trying to organize last-minute celebrations are gone"