Workspaces
Workspaces for clients. Without the leak risk.
Create isolated, permissioned spaces for teams and external clients. Granular roles. Expiring share links. Workspace-level retention policies. Full audit trails on every action.
Why workspaces
When clients share files, email is a leak.
You back up files for clients. They need to upload to you. They need to download finished work from you. They need to comment, and you need to control who sees what. Email attachments and shared Drive folders were never designed for this. Workspaces are isolated, permissioned spaces — one per client, one per team, one per project — with role-based access, expiring share links, and audit trails.
Granular access. Per workspace.
Every workspace carries its own roles, so a client never sees another client's data and a reviewer never gets write access by accident. Three roles cover the full spectrum.
- Viewer — read-only: browse, search, and download when allowed.
- Contributor — read + write: upload, comment, and mark up.
- Approver — adds a sign-off gate before documents are marked final.
Click to enlargeRoles
Three roles, one isolated space.
Viewer
Can browse, search, and download (when downloads are allowed). No uploads, no edits — the safe default for auditors, reviewers, and read-only clients.
Contributor
Can upload, comment, and mark up. The everyday role for teammates and clients who actively work inside the workspace.
Approver
Everything a Contributor can do, plus an approval gate — sign off on documents before they are marked "final."
Share. Then auto-revoke.
Create a share link with an expiration — 24h, 7d, 30d, or custom. After expiry, the link revokes automatically, so access never outlives the engagement. Never email a 'perpetual' Drive link again.
- Auto-expiring links — set the window once and forget the cleanup.
- Optional download password on any share.
- Restrict by domain so only @client-co.com recipients can open a link.
Policies
Each workspace has its own retention.
A long-lived client and a one-off project should not share the same retention rules. Workspace policies let each space keep exactly what it needs — and clean up exactly what it doesn't.
Long-lived client workspaces
Clients with retention obligations get a workspace policy: 7-year retention, WORM-locked, with an audit log on every download.
Short-term project workspaces
Spin up a workspace for a single engagement, then let it auto-clean at 90 days. No manual teardown, no orphaned data lingering.
Every action. Time-stamped.
Every upload, download, share-link generation, role change, and deletion is logged with user, timestamp, and IP. Searchable. Exportable. Compliance-ready — so you can prove who touched what, and when.
- A full record of every workspace event, attributable to a user.
- Filter by user, file, action, or date range.
- Export to CSV, JSON, or PDF for regulators and SIEM ingestion.
Click to enlargeHow it works
From empty workspace to tracked hand-off in four steps.
Create the workspace
Name it, pick a retention policy, and add branding if you need it.
Invite people, set roles
Send a secure invite and assign each person Viewer, Contributor, or Approver.
Share or request files
Upload files for access, or request specific documents back with a secure upload link.
Track every action
Watch uploads, downloads, share-link activity, and role changes in the live log.
Availability
Workspaces on every paid Resilience tier — unlimited on Pro.
Workspaces are not a metered add-on. Standard includes 10; Pro and Enterprise are unlimited — spin up one per client, per team, and per project.
Organize your clients without the leak risk.
Workspaces are included on every paid Resilience tier.