Security Policy Statement

MonitorWorkspace is built for IT admins who manage sensitive organizational data. We treat your organization's Google Workspace data with the same care you do. This document outlines how we protect your data, what we access, and the principles that guide our security decisions.

MonitorWorkspace connects to your Google Workspace domain through a service account with domain-wide delegation that you create and control in your own Google Cloud project. We never ask for your Google admin password.

The service account accesses:

• User directory data — names, email addresses, aliases, organizational units, suspension status
• Gmail data — email metadata and content for monitored accounts (read-only for monitoring; write access only for admin-initiated email transfers)
• Google Chat data — chat spaces and messages (read-only, for export purposes)
• Google Groups data — group memberships, settings, and permissions
• License data — Workspace license assignments and utilization

We access only what is needed for the features you use. The Google OAuth scopes are narrowly defined and documented on our GCP setup page.

We do not store your email or chat content. Email and chat data is fetched in real-time from Google's APIs when an admin views it and is not persisted on our servers.

What we do store:

• User metadata — names, emails, and org structure synced from your directory (for the dashboard)
• Audit logs — records of every admin action (who viewed what, when) for your accountability and compliance
• Transfer and export records — job metadata for email transfers and chat exports you initiate
• Chat exports — when you explicitly export chat messages, the exported file is stored in encrypted cloud storage (Vercel Blob) and accessible only to your organization

Audit log retention depends on your plan: 7 days (Free), 30 days (Pro), 90 days (Business), or 1 year (Enterprise).

• In transit — all data between your browser, our servers, and Google's APIs is encrypted via TLS 1.2+ (HTTPS). No data is ever transmitted in plaintext.
• At rest — all stored data (user metadata, audit logs, chat exports) is encrypted at rest using AES-256 encryption provided by our infrastructure providers (Supabase and Vercel).
• Service account credentials — your GCP service account key is stored encrypted and is never exposed to other tenants or in client-side code.

Admin email allowlist. Only Google Workspace super admins whose email addresses are explicitly authorized can access the MonitorWorkspace dashboard. There is no way for regular Workspace users to access the tool.

Multi-tenancy isolation. Every organization's data is isolated by tenant ID. Database queries are automatically scoped to the requesting tenant — there is no way for one organization to access another's data.

Audit trail. Every action taken in MonitorWorkspace is logged: who performed the action, what was accessed, and when. These audit logs are available to your admins and cannot be modified or deleted.

MonitorWorkspace allows authorized super admins to view email and chat content directly through the dashboard. We believe this is appropriate for our target audience — small-to-medium organizations where the admin is often the business owner or sole IT person and operational speed matters.

Every content access is fully audit-logged with the admin's identity and timestamp. We recommend that customers:

• Inform employees about monitoring practices in their employment agreements or acceptable use policies
• Limit the admin allowlist to the minimum number of people who need access
• Regularly review audit logs to ensure access is appropriate

For organizations that require multi-party approval before content can be viewed, we recommend evaluating tools like GAT Labs that offer approval workflows (GAT Unlock).

• Application hosting — Vercel (edge network, SOC 2 Type II compliant)
• Database — Supabase (PostgreSQL on AWS, SOC 2 Type II compliant, with Row-Level Security policies)
• File storage — Vercel Blob (for chat exports, encrypted at rest)
• Google API access — via Google Cloud Platform service accounts with domain-wide delegation

We do not operate our own data centers. All infrastructure is provided by SOC 2 compliant vendors.

MonitorWorkspace relies on SOC 2 Type II certified infrastructure providers for all data processing and storage:

• Vercel — application hosting (SOC 2 Type II)
• Supabase — database on AWS (SOC 2 Type II, with Row-Level Security enforced)
• Google Cloud Platform — API access (SOC 2, ISO 27001, FedRAMP)

CASA Security Assessment. MonitorWorkspace will complete the Cloud Application Security Assessment (CASA) as part of the Google OAuth verification process, assessed by a Google-approved third-party auditor.

Data Processing Agreement (DPA). We offer a Data Processing Agreement for organizations that require one. Contact legal@monitorworkspace.com to request a copy.

Data residency. Application servers run on Vercel's edge network (primary region: US East). Database is hosted on Supabase (AWS us-east-1). Chat export files are stored in Vercel Blob (US). We do not currently offer EU-only data residency but can discuss options for Enterprise customers.

We store only the minimum data necessary to operate the service. Specific retention periods:

• Email and chat content — not stored. Fetched in real-time from Google APIs and never persisted on our servers.
• User directory metadata — synced from your Workspace directory and retained while your account is active. Deleted within 30 days of account cancellation.
• Admin audit logs — retained per your plan tier: 7 days (Free), 30 days (Pro), 90 days (Business), 1 year (Enterprise). Logs are immutable and cannot be modified.
• Chat export files — retained until you delete them or cancel your account. All exports are encrypted at rest.
• Billing records — retained for 7 years as required by financial regulations.

In the event of a security incident affecting your data, we will:

• Notify affected organizations within 72 hours of discovery
• Provide a clear description of what data was affected and what actions we are taking
• Cooperate fully with your internal investigation

Report security concerns to security@monitorworkspace.com.

Your Google Workspace data belongs to you. At any time, you can:

• Revoke access by removing the domain-wide delegation from your GCP service account
• Delete your account and all associated data by contacting support
• Export your audit logs before account deletion

We do not retain your Google Workspace data after you revoke access or delete your account.