Google Workspace, governed at the admin plane.
Admin roles, sharing defaults, Vault retention, and Gemini scope — proven continuously, with content never crossing to us.
The admin plane, kept honest.
Workspace governance lives in the admin console: who has elevated roles, how sharing defaults are set, what Vault retains, and where Gemini is enabled. We watch that plane and record that it matches your rules.
- Admin and super-admin roles reviewed and recorded.
- Sharing defaults and external-access settings proven.
- Vault retention and Gemini scope kept current.
Evidence from the admin plane.
Workspace governance lives in the admin console, and that is exactly where Bylaw observes. A worker packet asks one read-only question (“is external sharing still restricted on these org units?”) and returns a structured verdict with a hash — never the Docs, the Drive files, or the Gmail behind it. Content never crosses; the console state does.
Verdicts are computed by our sealed engine on the far side of a wall, reached with a key you control, reasoning only over configuration. The edge wall rejects names and identifiers before anything leaves, and every reading is hash-chained and three-signature-gated. Run on a cadence, the packets turn a once-a-year console screenshot into a continuous record.
The result answers SOC 2, ISO 27001, GDPR, and the EU AI Act’s Gemini scope check together — Google Workspace security evidence, Drive sharing governance, Vault retention proof, and Gemini data-scope oversight, all from the admin plane.