slackscraperpilot
// slack ediscovery

Slack eDiscovery without Enterprise Grid

Collect and export approved Slack channels for litigation and investigations using read-only access — no Enterprise Grid or Discovery API required. Slackscraper produces checksummed JSONL exports with chain-of-custody manifests and a full operator audit trail.

// the enterprise grid gap

Most Slack eDiscovery tools start at Enterprise Grid. We don't.

Slack's Discovery API and native legal holds are limited to Enterprise Grid. Teams on Free, Pro, and Business+ are left with manual exports — at best a workspace-wide raw JSON dump with no manifest, no chain of custody, and no way to scope a collection to a matter. Slackscraper works across those plans for approved public and private channels, read-only, and adds the evidence files a standard export doesn't.

Capability (native Slack)FreeProBusiness+Enterprise Grid
Standard export (public channels)YesYesYesYes
Compliance export of private channels + DMsNoNoYes*Yes
Discovery API (third-party eDiscovery)NoNoNoYes
Native legal holdsNoNoNoYes

* Business+ private-channel/DM export is application-gated and workspace-wide. Slack plan capabilities follow Slack's published documentation and can change — confirm current terms with Slack.

// collection + export

Where Slackscraper fits in your eDiscovery process

Slackscraper covers the identification, collection, and export of Slack channel data — the front of the EDRM process. It is not a legal-hold, review, or production platform; it produces a defensible, well-documented export that you hand to counsel or a review workflow.

Read-only collection

Connect approved public and private channels with read-only Slack scopes. No message-writing, no impersonation, no broad workspace access — the app only reads what admins approve.

Review the security model

Scoped, governed search

Search by query, channel, actor, and time window so reviewers narrow to what is relevant for the matter instead of dumping an entire workspace of unrelated chatter.

Checksummed JSONL exports

Produce current-state JSONL with a manifest that records counts, byte sizes, SHA-256 checksums, and chain-of-custody fields — written to your own local or S3-compatible storage.

See the export format

Deletion-aware results

Message deletions are tracked as tombstones. Stale event replay cannot resurrect deleted content, and exports reflect the current state of the channel at collection time.

Retention + audit workflows

Operator audit trail

Credential lifecycle, access-profile edits, deletion requests, and export creation emit audit events with sensitive values redacted — a documented record of who did what, when.

Your storage, not ours

Exports land in customer-controlled storage. The collected data and the evidence files stay under your control rather than inside a third-party vendor cloud.

// scope, in plain terms

What's collected — and what isn't

A defensible collection starts with knowing exactly what it covers. Slackscraper is deliberately channel-focused, and the export manifest records the boundaries so reviewers and opposing counsel can see them.

In scope

  • Approved public and private channels
  • Message text, author, and timestamps
  • Thread relationships and update metadata
  • Current-state channel history
  • SHA-256 checksummed JSONL exports
  • Chain-of-custody manifest fields
  • Operator audit trail
  • Customer-controlled storage destinations

Not included

  • Direct messages and multi-person DMs
  • Recovery of deleted-message content
  • Legal hold / preservation enforcement
  • RSMF or review-platform load files
  • SOC 2 / HIPAA / GDPR certifications
  • Guarantees of courtroom admissibility
// how a collection runs

From read-only connect to a checksummed export

01

Connect read-only

Install the Slack app with read-only scopes for the channels in scope. No Enterprise Grid, no Discovery API access required.

02

Scope to approved channels

Admins approve which public and private channels are collected. Access profiles bind who can retrieve what, and every result handle is actor- and version-scoped.

03

Search & identify

Narrow by query, channel, actor, and time window to the messages relevant to the matter — then expand results only after authorization is rechecked.

04

Export with chain of custody

Generate JSONL with a manifest (record counts, SHA-256 checksums, chain-of-custody fields) to your local or S3-compatible storage.

05

Hand off for review

Provide the export and its manifest to counsel or your review workflow. The manifest documents exactly what was collected — and what was excluded.

slackscraper search "rollback plan" --workspace acme --channel eng-platform
slackscraper export create --workspace acme --format jsonl
# manifest.json
#   "record_count": 4821,
#   "sha256": "9f2c…",
#   "chain_of_custody": { "excludes_dm_mpim": true, "excludes_deleted_messages": true }
// on defensibility

Verified integrity, honestly framed

Under the Federal Rules, discovery must be relevant and proportional (FRCP 26), ESI should be produced as ordinarily maintained or in a reasonably usable form with metadata intact (FRCP 34), and the duty to preserve attaches once litigation is reasonably anticipated (FRCP 37(e)). No tool makes a collection “court-certified” — defensibility is earned through a reasonable, repeatable, documented process.

Slackscraper supports that process: read-only collection, access scoped by approved channel and actor, SHA-256 checksums so a qualified person can verify the exported copy is unaltered, and an audit log of operator actions. One important distinction we keep clear: integrity verification confirms the copy matches what was collected — it does not by itself prove the collection captured everything. Completeness depends on your Slack plan, retention settings, and the channels in scope.

Slackscraper is a data collection and export tool, not a law firm. This page is general information, not legal advice. Defensibility and admissibility depend on your full process and applicable law — consult qualified counsel for any specific matter. Not affiliated with Slack Technologies.

// faq

Slack eDiscovery questions

Do you need Slack Enterprise Grid for eDiscovery?+

No. Slack's Discovery API and native legal holds require Enterprise Grid. Slackscraper collects approved public and private channels through standard read-only Slack scopes, so teams that are not on Enterprise Grid can still produce checksummed exports. What is available to collect depends on your Slack plan's retention and history limits.

Are Slack messages discoverable in litigation?+

Yes. Courts generally treat Slack messages as electronically stored information (ESI) that is discoverable much like email, and failing to preserve relevant data can lead to spoliation sanctions under FRCP 37(e). This page is general information, not legal advice — consult qualified counsel about any specific matter.

Does Slackscraper place a legal hold on Slack?+

No. Slackscraper does not place or enforce legal holds. Native legal holds are an Enterprise Grid feature; on other plans, preservation is typically handled through Slack retention settings and your organization’s hold process. Slackscraper covers the collection and export stage — it captures current-state channel history and produces checksummed exports with a documented chain of custody.

What's included in a Slackscraper export, and what isn't?+

Exports cover approved public and private channels in their current state: message text, author, timestamps, thread relationships, deletion state, and update metadata, written as JSONL with a manifest that records counts and SHA-256 checksums. Exports do not include direct messages or multi-person DMs, and they do not reproduce the content of deleted messages. The manifest records these boundaries explicitly (for example, excludes_dm_mpim and excludes_deleted_messages).

Can it capture direct messages or deleted-message content?+

No. Slackscraper is channel-focused: it does not collect DMs or multi-person DMs, and deleted messages are recorded as tombstones rather than preserved in full. If a matter requires DMs or recovery of deleted content, that typically requires Slack Enterprise Grid tooling or a different collection method.

What format are exports, and do they work with review platforms?+

Exports are JSONL with an accompanying manifest (record counts, SHA-256 checksums, chain-of-custody fields). JSONL loads cleanly into data pipelines and many review workflows. Slackscraper does not currently output RSMF (Relativity Short Message Format) or DAT/OPT load files, so a review platform that requires those formats may need a conversion step.

How does Slackscraper support a defensible collection?+

Defensibility comes from a reasonable, repeatable, well-documented process, not from any single tool. Slackscraper supports that process with read-only collection, access scoped by approved channel and actor, SHA-256 checksums that let a qualified person verify the exported copy is unaltered, and an audit log of operator actions. Integrity verification confirms the export matches what was collected; it does not by itself prove the collection captured everything. Completeness depends on your Slack plan, retention settings, and the channels in scope.

Facing a matter on a deadline?

Tell us the workspace, the channels in scope, and the timeline. We'll walk through a read-only pilot and what a checksummed export looks like for your matter.

Plan a pilot →