It depends entirely on the tool — and most tools won't tell you the answer directly.

"Anonymous" is one of the most overused words in workplace software. It usually means someone promised not to look, not that the information doesn't exist. For an employee deciding whether to raise something sensitive, that difference matters a lot.

What "anonymous" usually means

Most anonymous feedback tools work by routing your message through a bot. The message appears without your name attached. But somewhere in the system — a database, a log file, an API call record — your user ID or email was part of the transaction.

Whether anyone connects the dots depends on policy. The admin could look it up; they've agreed not to. The vendor could access it; they've promised not to.

Policy promises can be broken. Architecture can't.

HA
🔒 HushAsk · Direct Message
HA
HushAskToday at 3:02 PM
🔒 Your identity has been anonymized. Your Slack ID was hashed immediately — it is not stored anywhere.
"I think our review process isn't applied consistently across teams."
🤫 Your Slack identity will never be stored or shared.
The moment a message is sent — identity hashed, original discarded.

What cryptographic anonymity actually means

When you send a message through HushAsk, your Slack user ID is immediately passed through a SHA-256 hash function. SHA-256 is a one-way cryptographic process: it converts your ID into a 64-character string. There is no reverse operation.

HushAsk also adds a private salt — a unique value specific to your deployment — before hashing. Even someone with a complete list of every Slack user ID couldn't match hashes to users by brute force.

The original ID is discarded. Not stored in a hidden column, not archived in a log. What exists in HushAsk's database is the hash, the message content, and routing metadata. The hash cannot be reversed to reveal who that person is.

The admin who reads your message sees the message. That's all.

HA
🔒 HushAsk · Direct Message
HA
HushAskToday at 3:45 PM
Response from HR
"Thanks for raising this. We're reviewing the policy and will share an update with the team by end of quarter."
🤫 Delivered anonymously · HushAsk
The reply arrives anonymously — no name attached, on either end.

This isn't a promise. It's a structural property of how the system works.

What Slack itself can see

HushAsk is a Slack app. When you send a message to any Slack bot, that interaction passes through Slack's API — and Slack logs API events according to their own privacy policy.

For most organizations — those on Slack's Free, Pro, or Business+ plans — this logging isn't accessible to your Slack admin.

Enterprise Grid is the exception. On Enterprise Grid plans, Slack provides workspace administrators with an audit log that includes bot interaction metadata. Your Slack admin could potentially see that you sent a DM to HushAsk — independently of anything HushAsk stores or controls.

HushAsk discloses this in its privacy documentation. It's a Slack platform constraint, not a HushAsk one.

To check: open Slack on the web and go to [yourworkspace].slack.com/account/workspace-settings. The plan is listed under Overview. No admin access needed. If it says Enterprise Grid, the caveat applies. For teams on Free, Pro, or Business+, it doesn't.

So — is it actually anonymous?

With most tools: anonymous in practice, if the people with database access keep their word.

With HushAsk, on a non-Enterprise Grid workspace: anonymous by design. The information needed to identify you doesn't exist in HushAsk's system.

If that distinction matters to the feedback you need to give — or the feedback your team needs to feel safe giving — it's worth knowing before you choose a tool.