Workspace Management
Isolated workspaces for teams with role-based permissions and custom settings
Overview
Workspaces are the primary data boundary in Instafill.ai. Every object in the system - form sessions, form templates, source documents, profiles, folders, and API keys - belongs to a specific workspace. All queries are filtered by workspace, so there is no path that crosses workspace boundaries. A user in Workspace A with no membership in Workspace B cannot see, read, or modify any object owned by Workspace B - even if both workspaces are in the same organization.
Workspaces exist within organizations and represent the working environment for a team, project, department, or client. Members can belong to multiple workspaces with different roles in each. This isolation is essential for law firms handling different client matters, healthcare practices managing different departments, and agencies separating client accounts.
As an AI form filler that processes sensitive documents - credentialing applications, insurance claims, legal filings - workspace isolation ensures that the right people see only the data they need.
Key Capabilities
| Capability | What it means for you |
|---|---|
| Workspace-scoped data | Sessions, forms, sources, profiles, folders, and API keys are all scoped to a workspace. Nothing leaks between workspaces |
| Role-based access | Each workspace supports distinct roles with different permissions, so team leads can manage members without full owner privileges |
| Multi-workspace membership | A single user account can belong to multiple workspaces with different roles in each, switching context without a separate login |
| Per-workspace settings | Configure DPI, date format, time format, language, decimal digits, and data cleanup policies independently per workspace |
| Folder organization | Hierarchical folder structure for organizing forms within the workspace |
| API key management | Each workspace has its own API keys, managed from the workspace settings under Manage API Keys |
| Team notifications | When enabled, Instafill.ai sends email notifications to all organization members who have access to a form whenever a filled PDF is ready |
How notifications work: You can enable automatic email alerts from Settings > Organization > Notifications. When a form is filled, all members with access receive an email with the processing time, number of processed fields, and a direct link to the filled PDF. See How to notify your team when a filled PDF is ready for setup instructions.
How It Works
Workspace settings
To configure a workspace, click your profile icon in the top right corner and select your workspace name. This opens the workspace settings page at instafill.ai/settings/workspace/general, where you can set:
- Workspace name - display name for the workspace
- Language - default language for form processing
- Decimal digits - decimal precision for numeric fields
- Time format - HH:MM AM/PM or 24-hour
- Date format - MM/DD/YYYY, DD/MM/YYYY, etc.
- DPI - resolution for PDF rendering (default: 150)
Additional workspace settings include Manage API Keys for API access, Data cleanup for file retention policies, and Members for managing who has access to the workspace.
Workspace isolation in practice
When you open a workspace, everything you see - forms, sessions, profiles, source documents, folders - belongs to that workspace only. If you switch to a different workspace using the workspace selector, the view changes entirely to show only that workspace's data.
A user removed from a workspace loses access immediately. There is no path to retrieve data from a workspace you are not a member of.
Creating and configuring workspaces
Organization owners and admins create workspaces from the organization settings under Workspaces. After creating a workspace, you set the name and default settings, then invite members by email or assign existing organization members.
Switching between workspaces
Users with multiple workspace memberships switch via the workspace selector in the top right corner. Switching changes the context to the selected workspace - all data shown reflects only that workspace's objects.
Use Cases
Healthcare: separating departments and facility data
Healthcare practices using Instafill.ai to fill credentialing applications, CMS-1500 claims, and patient intake forms often need to keep data separated by department or facility. A multi-location practice assigns each clinic its own workspace so that credentialing forms and patient data for one location are never visible to staff at another.
See also: How a Teleradiology Practice Automated Multi-Hospital Credentialing Packages with AI - Hawkeye Physicians manages credentialing across numerous hospital facilities, each with different forms and requirements. Workspace isolation supports this type of multi-facility workflow by keeping each hospital's credentialing data separate.
Legal: isolating client matters
Law firms handling multiple practice areas - immigration, employment, real estate - use separate workspaces to ensure that the litigation team filling I-485 and I-9 forms never sees the real estate team's 1003 mortgage applications. When combined with workspace data isolation, each client matter is both access-controlled and cryptographically separated.
See also: How GHNY Law Automated Client Intake Using Instafill.ai - GHNY Law uses email automation to process client intake forms, with Instafill.ai handling extraction, field mapping, and PDF generation for their legal filings.
Agencies: separating client accounts
Agencies managing form workflows for multiple clients give each client an isolated workspace. A team member working on Client A cannot browse Client B's form templates, session history, or source documents. This makes it safe to have overlapping team members across accounts without risking data exposure.
Benefits
- Hard data isolation: Workspace boundaries are enforced at the data layer, not by UI convention. There is no way to query across workspace boundaries
- Role granularity: Read-only access lets stakeholders review completed forms without the ability to modify sessions or templates. Team leads can manage membership without full owner privileges
- Flexible membership: A consultant can be a member in a client workspace and an owner in their own workspace - the same account, different roles, enforced separately per workspace
- Independent configuration: Each workspace controls its own DPI, language, date format, and cleanup policies, so teams with different form types (e.g., medical vs. financial) configure their environment without affecting others
- Shared resources within workspace: Profiles and source documents uploaded by any workspace member are accessible to all members with appropriate roles, eliminating duplicate uploads
Security & Privacy
All data is scoped to the workspace and protected by the same authentication and encryption that applies across the platform. Instafill.ai has completed an independent penetration test aligned with OWASP Top 10 and CWE/SANS Top 25, as part of its SOC 2 Type II audit preparation.
No service endpoint returns data across workspace boundaries. Members removed from a workspace lose access on their next request. Workspace activity is logged with the acting user and timestamp for each event.
For details on how workspace data is cryptographically separated, see Workspace Data Isolation.
Common Questions
Can a user belong to multiple workspaces?
Yes. A single account can be a member of multiple workspaces, each with a different role. You switch between workspaces using the selector in the top right corner. Each workspace shows only its own data.
What happens when I remove someone from a workspace?
They lose access immediately. They can no longer see, search, or retrieve any data from that workspace. If they belong to other workspaces in the same organization, those are unaffected.
Can I configure different settings per workspace?
Yes. Each workspace has its own settings for DPI, date format, time format, language, decimal digits, and data cleanup policies. Changes in one workspace do not affect others.
How do API keys work with workspaces?
API keys are workspace-scoped. Each workspace manages its own keys from Settings > Workspace > Manage API Keys. An API key for Workspace A cannot access data in Workspace B. See the API documentation for details.
How do I create a new workspace?
Organization owners and admins can create workspaces from Settings > Organization > Workspaces. Set the workspace name, configure default settings, and invite members.
Can I move forms between workspaces?
Workspaces are isolated by design - data does not move between them. If you need the same form template in multiple workspaces, upload it separately in each one.