Notification payloads are intentionally minimal. Each event contains
- Event type (approval.created, approval.decided, approval.expired)
- Tool name
- A PII-scrubbed reason string (max 200 characters, automatic redaction of common PII patterns before storage)
- The oakallow reference id (REF-XXXXXXXX-XXXX) for cross-system traceability
- For decided events: the decision (approved or denied), the decider, and any note
What we do NOT send
- Tool input arguments or parameters
- End-user identities, names, or other identifying details
- Customer data of any kind beyond the tool name itself
- API keys, tokens, or any credential material
The purpose of notifications is to tell you that a decision is needed, not to relay the data the decision is about. Anything sensitive stays inside oakallow itself — open the request in the dashboard or the mobile app to see the full context.
The destinations you configure (Slack workspaces, PagerDuty services, webhook endpoints) are services you choose. Their handling of these notifications is governed by their own data policies, not oakallow's. You are responsible for what you configure.