External Article Draft | 2026-04-02 | Author: grapeot + Claude Opus 4.6
On April 1, 2026, a large number of Slack users discovered that their workspaces had been abruptly deactivated. The affected workspaces were those with billing addresses in mainland China, Hong Kong, or Macau — both paid and free-tier users were hit. After deactivation, all historical messages, files, channels, and integrations became inaccessible, and Slack simultaneously started a 90-day data deletion countdown.
This story warrants a long-form piece for three reasons. First, Slack’s execution was exceptionally heavy-handed — even if the underlying motivation was a defensible business decision, the user-side experience felt like data hostage-taking. Second, this is not an isolated event but a signal within a broader trend of tiered global SaaS delivery: segmenting services by jurisdiction is becoming the norm. Third, it provides a concrete case study for thinking through the question: when an infrastructure platform you depend on decides to exit your market, how long can your data and business continuity hold up?
On July 24, 2019, Salesforce announced a strategic partnership with Alibaba, making Alibaba Cloud the exclusive provider of Salesforce CRM in mainland China, Hong Kong, Macau, and Taiwan (Salesforce official blog). The agreement covered Sales Cloud, Service Cloud, Commerce Cloud, and Salesforce Platform.
On December 18, 2023, Salesforce announced that Sales Cloud, Service Cloud, and Salesforce Platform were generally available on Alibaba Cloud (Salesforce press release), targeting multinational companies operating in mainland China to meet data localization and compliance requirements.
As a product Salesforce acquired in 2020 for $27.7 billion, Slack logically fell under the same channel arrangement. However, Slack’s actual availability and migration experience on Alibaba Cloud lacked any public documentation before 2025.
Evidence strength: Confirmed (the partnership agreement itself); the specifics of how Slack was incorporated into this agreement’s execution are inferred for the period before 2025.
In November 2025, The Information first reported that Slack had notified users in mainland China, Hong Kong, Taiwan, and Macau to migrate their accounts to Alibaba Cloud by February 2026 (Breaking The News, citing The Information). The report cited a Slack customer in an affected region and an Alibaba Cloud employee.
On HN, users posted two different versions of notification emails from Slack (HN thread). Larger teams received an email directing them to continue purchasing Slack through Alibaba Cloud, with the original text stating: “As you may know, on July 24, 2019, Salesforce and Alibaba announced a strategic partnership, establishing Alibaba Cloud as the exclusive provider of Salesforce CRM to customers in mainland China, Hong Kong, Macau and Taiwan.” Smaller teams received a straightforward termination notice: “We are writing to let you know that due to changes in how Salesforce services are provided in mainland China, Slack will no longer be renewing your workspace… Effective February 1, 2026, we will suspend all access to your workspace… Your workspace and all associated data will be deleted within 90 days thereafter.”
A critical distinction here: larger paying customers were directed to migrate to Alibaba Cloud, while smaller teams were terminated outright with no migration option offered. One user in the HN thread went further, noting that after contacting Alibaba Cloud, the response was: “Slack is no longer selling in China mainland, neither by SFDC nor by Alibaba Cloud.”
The Information’s report attributed the service termination to “a privacy and data security law entered into force” — pointing to China’s Cybersecurity Law, Data Security Law, and Personal Information Protection Law framework.
Evidence strength: Strong inference. The original emails were posted publicly by HN users (not an official Slack release), but multiple independent sources cross-corroborate the email contents. The Information is a paywalled outlet; the original report could not be accessed directly, relying instead on secondary citations.
February 1, 2026 was the termination date stated in the notices. Multiple posts appeared on Reddit’s r/Slack on April 1, 2026 reporting that workspaces had been actually deactivated:
A Hong Kong-based user (Reddit: workspace suddenly suspended, posted 2026-04-01) described their company’s paid workspace being suddenly suspended on April 1, with complete loss of access to files and historical data. They stated they had not received any prior notification (or it was caught by spam filters), and that migrating to Alibaba Cloud required signing a minimum one-year contract.
Another user (Reddit: Hong Kong / China / Taiwan based Slack Suspended, posted 2026-04-01) shared the full text of Slack Support’s template response: “Your workspace was impacted by a previously communicated change to terminate direct Slack services in mainland China, Hong Kong, and Macau. A notice was sent to workspace Owners and Admins advising that affected workspaces would be suspended beginning early 2026. As of April 1, 2026, your workspace is no longer accessible… the workspace and all associated data are scheduled to be permanently deleted within 90 days.”
Notably, the Slack Support template response listed the affected regions as “mainland China, Hong Kong, and Macau” — Taiwan was not mentioned. Yet the November 2025 notification emails and The Information’s report had included Taiwan. This could mean Taiwan is on a different enforcement timeline, or Slack adjusted its approach for Taiwan, but there is currently no clear public evidence confirming which scenario applies.
Evidence strength: First-hand user reports (Reddit), with Slack Support response text posted as screenshots/verbatim. These are credible first-hand user accounts, but not official Slack announcements.
Viewed in isolation, the relevant constraints are not complicated: the issue Slack faced was not about identifying Chinese companies but about regional service delivery.
The legal backdrop for this exit comes primarily from the Chinese regulatory side: the Cybersecurity Law, the Data Security Law, the Personal Information Protection Law, and the Regulations on Network Data Security Management that took effect on January 1, 2025. This regulatory framework imposes stringent requirements on cross-border data transfer, data localization, and security assessments. For Slack/Salesforce, continuing to provide SaaS services directly in China would require deploying infrastructure within Chinese borders, completing data security assessments, and submitting to regulatory review — all at extremely high compliance costs.
The execution pathway, meanwhile, had been laid out since the 2019 Salesforce–Alibaba partnership framework. In other words, this looks more like a regional service restructuring whose groundwork was set years ago and was cashed in during 2025–2026: exit from direct operations, switch to channel partners, migrate some customers, terminate the rest.
The more defensible interpretation of this news, therefore, is: Slack’s contraction or termination of direct services in Greater China was driven by data governance compliance costs and channel strategy, not a targeted action against Chinese company identities. The signal that triggered deactivation was the billing address and sales region, and the action taken was a regional service adjustment — not identity-based discrimination.
The previous section clarified the motivation and legal logic. But whether the motivation is reasonable and whether the execution is appropriate are two different questions. This service termination triggered an intense perception of hostility among users, and that perception has clear operational origins worth examining point by point.
Notification delivery failure. Multiple users on Reddit and HN claimed they never received any prior notification, or that the notification email landed in their spam folder. Slack Support’s template response insisted that “a notice was sent to workspace Owners and Admins,” but provided no delivery logs or confirmation mechanism. For an operation involving data deletion, relying solely on one-way email delivery — without in-product pop-ups or banner alerts — is a glaring execution deficiency. By comparison, mainstream SaaS platforms executing terms-of-service changes typically employ a triple channel: in-product notification + email + account status page. There is no public evidence that Slack used in-product notifications, the most reliable of these channels.
Access lockout and data hostage dynamics. The execution method was to immediately cut off all access — including historical messages, files, channels, integrations, and workflows. Users could not log in to export their data after deactivation, creating a de facto data hostage situation. In one Reddit user’s words: “We are completely locked out and have zero access to our files, client communications, and historical data… It feels like our data is being held to ransom.” This design binds “service termination” and “data seizure” together: either you sign a new contract (through Alibaba Cloud) or you lose everything in 90 days. No matter how neutral the business rationale for exiting, this execution model feels indistinguishable from extortion on the user’s end.
The 90-day deletion countdown. After workspace deactivation, data is scheduled for permanent deletion within 90 days. Layered on top of the inability to log in and export, this means the user’s only recourse is to contact Slack Support to request a data export — and Support’s response speed and process are uncontrollable variables for users facing a data destruction deadline.
Templated customer service responses. Multiple users reported that Slack Support sent identical template replies with no case-specific handling. The templates did not even provide a specific process or timeline for data export. For some users, the Support response itself was the first time they learned the reason for the termination, because they had never received any prior notification.
Differentiated treatment by customer size. Larger paying customers received migration guidance for Alibaba Cloud; smaller teams received outright termination notices. This differentiation is commercially understandable (large customers have channel-transfer value; small ones do not), but when small customers are terminated with no migration option, they face a pure ultimatum: accept data loss, or sign a new contract on Alibaba Cloud — a platform they have never used. More critically, at least one user reported that after contacting Alibaba Cloud, the response was that Slack is no longer selling in mainland China at all, meaning the “migrate to Alibaba Cloud” option may have been an empty promise from the start for some users.
These five factors compound into a cumulative effect: even if Slack’s business exit was entirely compliance-driven with no political intent, what users experienced was “a foreign platform locked down my data without warning and threatened to delete it in 90 days.” The gap between this perception and the actual rationale is Slack’s execution-level failure, and the primary source of anger in Chinese-speaking communities.
If the Slack case were merely a regional exit of a messaging tool, the impact would be limited. But it exposes a deeper problem: how many critical dependencies in modern enterprise operations rest on access rights that platforms can unilaterally revoke — while users habitually treat those access rights as stable infrastructure.
Today Slack, tomorrow who? If we extrapolate from Slack’s execution template — a global SaaS platform decides to exit a market because compliance costs in a particular jurisdiction are too high, notifies affected users by email, sets a deadline, then cuts access and starts a data deletion countdown — this template can be applied to any SaaS service that has users in China but no infrastructure deployed there.
The critical point is that different types of SaaS produce vastly different levels of damage when this template is applied. Slack’s termination resulted in communication disruption and historical data loss — serious, but not directly involving funds. If Stripe executed the same pattern, what gets frozen is cash flow and transaction capability. If Supabase terminated service, what gets locked is the application backend’s database and runtime. The risk profiles of these three are fundamentally different, and each is analyzed below.
The global SaaS delivery model is shifting from unified global service to tiered delivery. Over the past decade, the default SaaS assumption was: sign up for an account and use it globally, with uniform terms of service and data stored in whatever region the platform chooses. This assumption is being eroded by multiple forces: national data sovereignty legislation (China’s Data Security Law, the EU’s GDPR/Data Act, India’s DPDP Act), platforms’ own risk management logic (exiting markets where compliance costs exceed revenue), and regulatory uncertainty driven by geopolitical friction. The common direction of these forces is: tiering service delivery by jurisdiction, risk category, and channel relationship. For enterprises that depend on global SaaS, this means the old paradigm of “sign up and it works globally” is becoming “your service continuity depends on the jurisdiction of your billing address, your KYC status, and the platform’s commercial judgment about your market.”
The Slack event can be placed within a more general power-analysis framework. In any SaaS dependency relationship, at least three actors interact: the regulatory regime of the service provider’s home country, the regulatory regime of the customer’s country, and the platform’s own commercial decision-making authority. The customer sits at the end of this chain.
The platform holds de facto control: it determines data storage location, access rights, terms of service, pricing, and the timing and manner of service termination. Nation-states on both ends exert pressure on the platform through legislation and enforcement; the platform performs cost-benefit calculations in the middle; the customer is at the tail end of the power chain.
This framework explains why Slack users’ anger was directed at Slack rather than at China’s data security laws: because it was Slack — not a government — that directly terminated service, locked down data, and set the deletion countdown. Within this chain, the platform is both a responder to regulation and the direct agent of force against customers.
Different SaaS layers exhibit vastly different risk intensities and portability when facing regional exits or compliance-driven contraction. The following is ordered by lock-in strength and potential damage:
Payments layer (Stripe as representative): Highest risk. Payment platforms control cash flow itself. If Stripe executed a Slack-style regional exit, affected businesses would face immediate fund freezes and transaction disruptions — consequences far more severe than communication interruption. Stripe has precedents of freezing accounts, withholding funds, and forcibly closing accounts for specific countries or high-risk industries (a known pattern in fintech compliance). Payment-layer portability theoretically exists (you can switch to another payment gateway), but the risks of funds in transit during migration, re-signing merchant agreements, and negotiating withdrawal of withheld funds make actual migration costs extremely high. More critically, the payments layer involves cross-border fund flows subject to regulation in both origin and destination countries, meaning the platform actually has more unilateral decision-making space (since it can cite compliance requirements from either side as justification for action).
Identity and authentication layer (Auth0/Okta as representatives): Second-highest risk. Identity service termination means login and permission management for all downstream applications fail simultaneously. Although the identity layer does not directly involve fund freezes, its cascading effects are immediate: every application depending on that identity service becomes unavailable at once. Portability depends on whether standard protocols (OIDC/SAML) were used — if so, switching providers is theoretically feasible; if identity data and permission configurations are deeply bound to a specific platform’s proprietary extensions, migration costs increase significantly.
Communications and collaboration layer (Slack as representative): Moderate portability, strong data lock-in. Communication tools have abundant alternatives (Teams, Feishu/Lark, Discord, Mattermost), and migrating core functionality is manageable. The real lock-in lies in historical data: years of channel conversations, files, workflows, and integrations that are either lost or severely degraded during migration. The most fatal aspect of this Slack incident was precisely that it locked down data exports at the same time it cut off service, turning what could have been a moderate-risk service exit into a high-intensity event.
Database and backend platform layer (Supabase as representative): Portability depends on openness of the foundation. Supabase’s risk profile is fundamentally different from Slack’s or Stripe’s. Supabase is built on PostgreSQL, an open-source, standardized database engine. If Supabase terminated service, users could theoretically export data and migrate to any PostgreSQL-compatible environment (self-hosted, AWS RDS, other managed services). Supabase itself is also open source — in an extreme scenario, you could self-host an instance. This means Supabase’s lock-in strength is concentrated in platform add-ons (Auth, Realtime, Edge Functions, Storage) rather than the core data layer. Core data portability is significantly higher than for Slack and Stripe. Of course, if users heavily adopt Supabase’s non-standard extensions, migration costs rise too — but the floor guarantee (data is exportable, the engine is replaceable) is something Slack and Stripe do not offer.
AI infrastructure layer (OpenAI API, Anthropic API, cloud GPUs as representatives): Risk manifests in availability and supply continuity. AI infra regional restrictions primarily show up in KYC access (some APIs only accept registrations from certain countries), model availability (some models are unavailable in specific regions due to policy), quota and pricing differences, and supply continuity (GPU supply chains affected by semiconductor controls). AI infra typically does not involve deep user data lock-in (inference requests are stateless; fine-tuned models can be migrated across platforms), but the risk is this: if your product’s core functionality depends on a specific AI provider’s model quality and API availability, switching providers means changes in model behavior and potential product quality degradation.
| Dimension | Stripe | Slack | Supabase |
|---|---|---|---|
| Core locked asset | Cash flow + transaction relationships | Historical communication data + workflows | Application data + platform features |
| Immediate impact of termination | Fund freeze, transaction disruption | Communication disruption, data inaccessible | Backend outage |
| Portability | Low (funds-in-transit risk, merchant agreements) | Medium (many alternatives, historical data hard to migrate) | High (PostgreSQL foundation, open source, self-hostable) |
| Source of compliance pressure | Dual (financial regulation in both origin and destination countries) | Primarily data localization regulations | Data localization + infrastructure compliance |
| Platform’s unilateral decision space | Largest (financial compliance grants maximum leverage) | Medium | Smallest (open-source foundation limits lock-in capability) |
| Worst-case scenario | Funds frozen for months, unable to withdraw | Historical data permanently deleted after 90 days | Must rebuild platform features, core data preserved |
The previous section may leave the impression that platforms are omnipotent and customers powerless. In reality, several countervailing forces exist that constrain the speed and severity of unilateral platform action, and explain why not every SaaS will follow Slack’s path.
Enterprise contracts and revenue dependency. Large customers and SaaS platforms typically have multi-year enterprise agreements that include service level agreements (SLAs), data processing terms, and termination clauses. These contracts legally bind the platform: unilateral service termination may trigger breach-of-contract damages. Slack’s decision to offer migration options to large customers while directly terminating small ones was partly because large customers’ contracts carried greater binding force. For platforms, the cost of exiting high-revenue regions is also higher, which slows exit decisions.
Competition and alternatives. If Slack were the only option in the communications and collaboration space, user anger would remain purely emotional. But the existence of alternatives — Teams, Feishu, Lark, Discord, Mattermost, Zulip — means Slack’s exit will cause permanent user migration to competitors. This competitive pressure constrains the incentive for heavy-handed execution (though Slack did not demonstrate this restraint in this instance).
Local champions. In the Chinese market, Feishu, DingTalk, and WeCom already hold the lion’s share of the communications and collaboration space. Slack’s exit from China has limited revenue impact on Slack’s global business (China-region revenue accounts for a tiny fraction), which in turn reduces Slack’s commercial incentive to handle the exit process carefully. But this also means: in domains where local champions exist, the practical impact of a global platform’s exit is absorbed by local alternatives.
Open-source foundations and open standards. This is the most fundamental counterbalance to platform lock-in. PostgreSQL is to Supabase what OIDC/SAML is to identity services, SMTP to email, and the S3 API to object storage — when the underlying protocol or engine is open, the platform’s ability to lock in users at the core functionality layer is weakened. Platforms can still create switching costs through add-on features, usability, and ecosystem integrations, but users at least retain the option of “leaving with their data.” Slack’s lesson is precisely this: its data export functionality existed during normal operations but was locked down along with the service, rendering openness ineffective at the exact moment it was needed most.
The buffering effect of inter-state competition. US-China tech competition is the macro backdrop for these events, but it is also a countervailing factor. Over-tightening by either side carries costs: restricting the Chinese market means US companies lose revenue, and excessively strict data localization requirements reduce foreign SaaS willingness to enter China. Both countries’ policies are subject to internal push-and-pull among interest groups. This means the final shape of tiered delivery will be a product of negotiation and compromise, not one side’s fully unilateral decision.
Brand and reputational costs. Slack’s service termination generated significant negative coverage on Reddit, HN, and Chinese-language social media. This reputational damage has spillover effects on Slack’s brand trust in other Asian markets (Singapore, Japan, South Korea, Southeast Asia). “If Slack can treat its China-region customers this way, would it do the same to us?” — this is a question customers in other regions will ask. In the long run, heavy-handed execution erodes platform credibility among global customers.
If you understand this event as merely another instance of a US company being unfriendly to Chinese users, you will miss what matters more. The more valuable takeaway is a judgment framework: govern by layer, and evaluate every external SaaS dependency as a revocable access right rather than stable infrastructure. Specifically:
First priority: Identify which dependencies, if revoked, would cause irreversible damage. The payments layer (Stripe, etc.) tops the list because it involves fund freezes. Any external dependency involving cash flow should have a backup channel — and that backup must be validated while the primary channel is still operational (not when things go wrong). For services like Stripe, you need at minimum: a verified backup payment gateway; minimized fund settlement balances on the platform side (increase settlement frequency); and an understanding of the platform’s fund-withholding terms in extreme scenarios.
Second priority: For data-layer dependencies, distinguish between “exportable” and “still exportable during service termination.” Slack’s lesson is this: providing data export functionality during normal operations and still allowing export during service termination are two entirely different things. For any SaaS service holding important historical data, establish a regular data backup mechanism (not “we’ll export when the time comes” but automated incremental backups), ensuring that even if the platform suddenly cuts access, data already exists in a local or otherwise controlled environment. If a SaaS product’s foundation is open source or based on open standards (e.g., PostgreSQL, S3 API), prefer those services — the floor migration cost is lower.
Third priority: For the communications and collaboration layer, reduce single-platform dependency. This means critical customer communications and internal workflows should not exist solely on one platform. Archiving of important conversations and recording of key decisions should have storage independent of the communication platform. Slack, Teams, Feishu — any of them could exit a given market with just months of notice.
Fourth priority: For AI infrastructure dependencies, focus on model and API substitutability. If your product’s core functionality depends on a specific AI provider (e.g., OpenAI’s GPT-4, Anthropic’s Claude), you need to assess: if that provider suddenly imposed restrictions on your region or use case, how quickly could you switch to an alternative provider (open-source models, other commercial APIs) while maintaining acceptable product quality? The good news about AI infra is that inference requests are typically stateless, meaning lock-in intensity is lower than for the data and payments layers; the bad news is that model quality varies widely, and switching may mean product experience degradation.
A principle that cuts across all layers: Do not place all critical dependencies on platforms within the same jurisdiction. This is the true takeaway from the Slack event — Slack exiting China, Stripe tightening KYC in specific regions, Supabase potentially imposing regional restrictions in the future — the triggers differ but the underlying pattern is the same: when a platform’s compliance costs in a particular jurisdiction exceed revenue, it will choose to exit or contract, and customers’ data and business continuity occupy a subordinate position in that decision. Diversifying vendors, preferring open foundations, maintaining local backups, validating backup channels — these measures look like waste during normal times, but in scenarios like the Slack event, they are life jackets.
Taiwan’s enforcement status. The November 2025 notification included Taiwan, but the April 2026 Slack Support template mentioned only “mainland China, Hong Kong, and Macau.” Whether Taiwanese workspaces have been deactivated, deferred, or handled separately has no clear public evidence at this time.
Actual availability of Slack on Alibaba Cloud. A user on HN reported that Alibaba Cloud’s response was that Slack is no longer being sold in mainland China (“neither by SFDC nor by Alibaba Cloud”). If true, this means the “migrate to Alibaba Cloud” option may never have actually existed for mainland customers — merely a nominal exit offered on paper. This information comes from a single source and needs further confirmation.
Whether workspaces with billing addresses outside China but operational teams inside China are affected. All existing reports concern workspaces with billing addresses in Greater China. There are no counter-examples showing that workspaces billed to the US or Singapore but with employees in China were deactivated.
Treatment of free workspaces. All known cases involve paid workspaces. Whether free-plan workspaces are subject to the same policy has no public information.
Whether Slack has issued an official announcement. All information sources to date are The Information’s report, user-posted emails, and Slack Support’s template responses. No official Slack blog post or help center page confirming this policy change has been found.
| Source | URL | Nature |
|---|---|---|
| Salesforce official blog: Alibaba partnership | https://www.salesforce.com/blog/driving-customer-success-with-alibaba/ | Primary |
| Salesforce news: Alibaba Cloud GA | https://www.salesforce.com/news/stories/sales-service-platform-alibaba-cloud/ | Primary |
| Breaking The News: citing The Information | https://breakingthenews.net/Article/Salesforce’s-Slack-may-halt-direct-service-in-China/65222767 | Secondary citation |
| HN thread: user-posted Slack emails | https://news.ycombinator.com/item?id=45961157 | First-hand user report |
| Reddit: 2026-04-01 workspace deactivated | https://www.reddit.com/r/Slack/comments/1sabysj/workspace_suddenly_suspended_without_a_chance_to/ | First-hand user report |
| Reddit: 2026-04-01 Slack Support response | https://www.reddit.com/r/Slack/comments/1sadwsh/hong_kong_china_taiwan_based_slack_suspended/ | First-hand user report |
| GuruFocus: Salesforce China operations change | https://www.gurufocus.com/news/3217862/salesforce-crm-ends-direct-operations-for-slack-in-china | Independent media |
| Alibaba Cloud blog: exclusive Salesforce provider | https://www.alibabacloud.com/blog/alibaba-now-exclusive-provider-of-salesforce-crm-in-greater-china_595141 | Primary |