WorkSpace by PROlab

Legal

Privacy Policy

This document explains what data WorkSpace collects, why we use it, how we keep it safe, and how you can manage it.

Updated May 23, 2026

01

Who we are and who controls your data

The data controller is PROlab LLC (registered as «ОсОО ПРОлаб» in the Kyrgyz Republic; "PROlab", "we"), owner of the WorkSpace service available at prolabworkspace.com and app.prolabworkspace.com.

For any privacy-related question, write to [email protected] — we reply within three business days.

02

What data we collect

We receive data in three ways: you provide it directly, it is generated automatically as you use the service, and some comes from the integrations you connect.

From you directly: - name, email, phone, role, avatar, and timezone at sign-up and in your profile; - payment details — processed by our payment provider; we only store a masked transaction reference; - content you upload to your space: messages, tasks, deals, files, customer notes.

Automatically: - technical data: IP address, device and browser type, OS version, language, timezone; - activity logs: sign-in, sign-out, errors, response time — for security and stability; - cookies and session identifiers (see the cookies section).

From integrations (only if you connect them): - messages and contacts from WhatsApp, Telegram, Instagram, Email; - calendar events from Google Calendar; - prompts and responses from AI providers (Anthropic, OpenAI, YandexGPT).

03

Why we use your data

  • to deliver the service: show your chats, tasks, deals, and sync your integrations;
  • to identify you and your team and enforce in-space permissions;
  • to keep the platform secure: detect suspicious activity, prevent brute force and spam;
  • to improve the product: understand which features people use, which are slow, which are confusing;
  • to communicate with you: respond to your requests, send important service notices;
  • to comply with applicable laws: tax and accounting reporting.

We do not use the contents of your spaces (messages, deals, files) to train third-party models, and we never expose them to other customers.

05

Who we share data with

We do not sell data. We share it only in three cases:

1) Infrastructure providers that keep the service running: hosting, backups, email delivery, payment processing, AI providers. Each is bound by a confidentiality agreement and only processes data within the scope needed for their function.

2) Inside your space — with team members you or your administrator invited. Roles and visibility are configured by the space administrator.

3) Government authorities — only in response to a lawful, properly-served request.

06

How long we keep your data

  • Active space data — for as long as the space exists.
  • After a space or account is deleted — up to 30 days in backups, then permanently erased.
  • Financial and tax records — for as long as the law requires (usually 4–5 years).
  • Security logs — up to 12 months.

You can request early deletion by writing to [email protected].

07

How we protect data

  • All traffic between you and WorkSpace runs over HTTPS (TLS 1.2+).
  • Passwords are stored as a cryptographic hash — even we cannot read them.
  • Production access is limited to a small group of engineers, each with personal keys and two-factor authentication.
  • The database is regularly backed up to encrypted, geographically-distributed storage.
  • Suspicious activity (multi-IP logins, password brute-forcing) is logged and blocked automatically.

No system is perfectly secure, but we follow the industry standard for SaaS of this class.

08

Your rights

You can: - request a machine-readable copy of your data; - correct inaccurate data — most of it is editable in your profile; - restrict or stop processing by withdrawing consent; - delete your account and the data linked to it; - ask us to explain how we handled your request.

Send requests to [email protected] with the subject "Privacy request". We reply within 30 calendar days.

09

Cookies and analytics

We use three kinds of cookies: - technical — required for authentication and basic functionality; - analytical — Google Analytics and Microsoft Clarity, to see which landing pages work and where people get stuck; the data is aggregated and does not identify you by name; - marketing — disabled by default; turned on only with your explicit consent.

You can disable cookies in your browser, but it may break login and parts of the app.

10

Children and minors

WorkSpace is built for teams and businesses, and is not intended for anyone under 16. We do not knowingly collect data from minors. If you discover that a child's data has reached us, please tell us — we will delete it.

11

International transfers

WorkSpace servers are hosted in data centres in Europe and Central Asia. If you are in a jurisdiction with data localisation requirements (for example, 152-FZ for Russian citizens), we store primary personal data within that jurisdiction and will discuss specifics with you on request.

12

Changes to this policy

We may update this policy. Material changes are announced at least 30 days in advance — both inside the app and by email. The date at the top of this document reflects the latest update. Continuing to use WorkSpace after a change means you accept the new version.

Questions left?

Write to [email protected] — we reply plainly, without templates or legal hedging.