Last updated: March 2026
MonitorWorkspace is built for IT admins who manage sensitive organizational data. We treat your organization's Google Workspace data with the same care you do. This document outlines how we protect your data, what we access, and the principles that guide our security decisions.
MonitorWorkspace connects to your Google Workspace domain through a service account with domain-wide delegation that you create and control in your own Google Cloud project. We never ask for your Google admin password.
The service account accesses:
We access only what is needed for the features you use. The Google OAuth scopes are narrowly defined and documented on our GCP setup page.
We do not store your email or chat content. Email and chat data is fetched in real-time from Google's APIs when an admin views it and is not persisted on our servers.
What we do store:
Audit log retention depends on your plan: 7 days (Free), 30 days (Pro), 90 days (Business), or 1 year (Enterprise).
Admin email allowlist. Only Google Workspace super admins whose email addresses are explicitly authorized can access the MonitorWorkspace dashboard. There is no way for regular Workspace users to access the tool.
Multi-tenancy isolation.Every organization's data is isolated by tenant ID. Database queries are automatically scoped to the requesting tenant — there is no way for one organization to access another's data.
Audit trail. Every action taken in MonitorWorkspace is logged: who performed the action, what was accessed, and when. These audit logs are available to your admins and cannot be modified or deleted.
MonitorWorkspace allows authorized super admins to view email and chat content directly through the dashboard. We believe this is appropriate for our target audience — small-to-medium organizations where the admin is often the business owner or sole IT person and operational speed matters.
Every content access is fully audit-logged with the admin's identity and timestamp. We recommend that customers:
For organizations that require multi-party approval before content can be viewed, we recommend evaluating tools like GAT Labs that offer approval workflows (GAT Unlock).
We do not operate our own data centers. All infrastructure runs on Google Cloud Platform.
We request only the Google API scopes necessary for the features you use. You control which scopes are granted when you configure domain-wide delegation in your GCP project, and you can revoke access at any time.
MonitorWorkspace relies on SOC 2 Type II certified infrastructure providers for all data processing and storage:
TX-RAMP Level 2 — Provisional Certification. Issued by the Texas Department of Information Resources (DIR), May 2026. Listed on the official DIR certified cloud products registry — Texas state agencies, K–12 districts, and higher education institutions can contract immediately. Assessed against NIST SP 800-53 Rev 5 Moderate baseline (125 controls). Assessment ID: TXRAMP-1896964-001.

CASA Tier 2 — Cloud Application Security Assessment. Assessed by TAC Security, an App Defence Alliance authorized lab. All 14 OWASP ASVS Level 1 categories passed — input validation, authentication, session management, access control, cryptography, error handling, and data protection. Cert ID: 57dbae42. Valid through April 2027.
Data Processing Agreement (DPA). We offer a Data Processing Agreement for organizations that require one. Contact [email protected] to request a copy.
Data residency. Application servers run on Google Cloud Run (primary region: us-central1). Database is hosted on Google Cloud SQL (us-central1). Chat export files are stored in Google Cloud Storage (US). We do not currently offer EU-only data residency but can discuss options for Enterprise customers.
We store only the minimum data necessary to operate the service. Specific retention periods:
In the event of a security incident affecting your data, we will:
Report security concerns to [email protected].
MonitorWorkspace holds TX-RAMP Level 2 Provisional Certification issued by the Texas Department of Information Resources (DIR) in May 2026. MonitorWorkspace is listed on the official DIR certified cloud products registry, permitting Texas state agencies, K–12 districts, and higher education institutions to contract for MonitorWorkspace immediately.
TX-RAMP Level 2 is assessed against the NIST SP 800-53 Revision 5 Moderate baseline — the same control set used for FedRAMP Moderate authorization. The assessment covers 125 controls across access control, audit logging, incident response, configuration management, contingency planning, personnel security, and system integrity.
Security documentation — including the CASA Tier 2 evidence package, TX-RAMP Security Plan (125 controls), Authorization Boundary Diagram, and Data Flow Diagram — is available to procurement teams under NDA. [email protected]
Your Google Workspace data belongs to you. At any time, you can:
We do not retain your Google Workspace data after you revoke access or delete your account.