Security & Compliance FAQ #17

MoniWork · 2026-02-09T21:39:51Z

MoniWork
Feb 9, 2026
Maintainer

Security & Compliance FAQ

MonitorWorkspace handles sensitive organizational data, so security is a top priority. Here are answers to common security and compliance questions.

How is data transmitted?

All data is transmitted over HTTPS/TLS 1.3. We use Google's official APIs with OAuth 2.0 and domain-wide delegation — no plaintext or insecure connections.

What data do you store?

Data Type	Stored?	Details
User metadata (names, emails)	Yes	Cached for directory features
Group memberships	Yes	Cached for group health features
Email content	No	Viewed in real-time via Gmail API, not stored
Chat messages	No	Viewed in real-time via Chat API, not stored
Audit logs	Yes	Admin actions logged for compliance
License data	Yes	For license management features
Billing/payment info	No	Handled entirely by Stripe/PayPal

What Google API scopes do you use?

We request only the scopes necessary for each feature:

admin.directory.user.readonly — Read user directory
admin.directory.group.readonly — Read group information
admin.directory.group.member.readonly — Read group memberships
gmail.readonly — Read email metadata and content
chat.messages.readonly — Read chat messages
chat.spaces.readonly — Read chat space information
apps.licensing — Read license assignments
mail.google.com — Required for email transfers (write access)

Can employees see that they're being monitored?

Plan	Behavior
Free	Yes — employees are notified when their email/chat is viewed. Content is redacted.
Pro/Business/Enterprise	No — monitoring is silent with full content access.

Your organization's acceptable use policy should inform employees about monitoring regardless of plan tier.

Is MonitorWorkspace SOC 2 compliant?

We are working toward SOC 2 Type II compliance. Enterprise customers can request our current security documentation.

Can I run MonitorWorkspace on-premises?

Not currently. MonitorWorkspace is a cloud-hosted SaaS application. On-premises deployment is being considered for Enterprise customers — if this is important to you, please add your vote to the Ideas category.

How do I report a security vulnerability?

DO NOT post security vulnerabilities in public discussions or issues.

Email: security@monitorworkspace.com

We follow responsible disclosure practices and will acknowledge reports within 48 hours.

Have a security question? Ask below — but remember, never post credentials, tokens, or real user data!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security & Compliance FAQ #17

Uh oh!

{{title}}

Uh oh!

Replies: 0 comments

Select a reply

Uh oh!

Security & Compliance FAQ #17

Uh oh!

MoniWork Feb 9, 2026 Maintainer