Purpose
This page summarizes how AzAd Labs approaches security, privacy, and regulatory expectations for AzAd Workspace on azadworkspace.com. It is informational and does not replace a signed data processing agreement (DPA) or enterprise contract where one is required.
Roles and responsibilities
- Your organization is typically the controller of employee and customer data you place in mailboxes, contacts, CRM records, and admin settings.
- AzAd Labs acts as a processor when we host and process that data solely to provide the Services you configure.
- End users must follow your acceptable-use and workplace policies; we enforce platform-level security and abuse controls.
Security measures
We design the platform with defense in depth, including:
- TLS encryption for web, API, and standard mail client protocols;
- Authentication with optional multi-factor authentication (MFA) policies;
- Role-based admin access, audit logging, and session controls;
- Per-organization isolation in the control plane and mail tenancy model;
- Monitoring and rate limiting to reduce abuse and cost-related attacks.
Report suspected vulnerabilities to [email protected]. Do not access data that is not yours.
Privacy and data subject rights
Our Privacy Policy for azadworkspace.com describes categories of data, purposes, retention, and subprocessors at a high level. Mailbox users should contact their organization administrator first for access, correction, export, or deletion requests. Administrators and data protection leads may contact [email protected].
Infrastructure and subprocessors
The Services run on modern cloud infrastructure. Typical subprocessors and service categories include:
- Application hosting — secure cloud edge compute and static web delivery;
- Mail delivery and storage — mail server infrastructure and outbound relay providers configured for your environment;
- Payments — payment processor for subscriptions when billing is enabled;
- Security — bot and abuse protection on sign-in and public forms.
We use subprocessors under contractual confidentiality and security expectations. A detailed subprocessor list is available to enterprise customers on request.
Data location and transfers
Data may be processed in countries where our infrastructure providers operate. If you require specific residency or transfer mechanisms (such as Standard Contractual Clauses), contact us before deploying regulated workloads. We will work with you on enterprise arrangements where feasible.
Acceptable use and content
Organizations must not use the Services for spam, phishing, malware distribution, or unlawful content. We may suspend tenants that harm deliverability or other customers. Full rules are in our Terms of Service.
Cookies and marketing site
The public marketing site (azadworkspace.com) is largely static. We may use essential cookies or similar technologies for security challenges (Turnstile) on forms and sign-in flows hosted on our apps. We do not sell personal data from the marketing site. Aggregated analytics on azadworkspace.com and our sibling marketing host are described in the Privacy Policy.
Business continuity
We target high availability for production services and maintain backups appropriate to our architecture. No service level agreement (SLA) applies unless specified in a separate written agreement. Status and maintenance windows may be communicated to administrators when possible.
Regulatory and industry notes
- Customers in regulated industries (health, finance, government) are responsible for their own compliance assessments and configuration (retention, MFA, access reviews).
- We do not provide legal advice; engage qualified counsel for jurisdiction-specific obligations (GDPR, UK GDPR, PECR, etc.).
- Pakistan-based customers: PKR list pricing and local invoicing practices are described on Subscription structure.
Enterprise compliance requests
For security questionnaires, DPAs, subprocessor lists, or penetration-test summaries, email [email protected] or use the contact form on azadworkspace.com (Sales or General enquiry, as appropriate).