← All docs

Team, roles & client access

Invite teammates, scope client users to their own data, and shape custom roles.

Inviting people

Team → Invite sends an email invitation. The invitee clicks the link, sets a password, and lands in your workspace with the role you chose. Pending invites can be revoked until accepted.

Roles

System roles cover the usual shapes:

  • Agency owner / Agency admin — everything (owner can't be demoted by anyone below owner)
  • Account manager — day-to-day: leads, reports, tracking
  • Client admin / Client user — for your clients' own people
  • Viewer — read-only everywhere

Roles lets admins create custom roles from granular permissions (leads.edit, leads.export, integrations.manage, users.manage…). A member can never grant a permission they don't hold themselves — enforced in the database.

Scoping users to a client

When inviting (or editing a member), choose whole agency or tick specific accounts. An account-scoped user sees only those accounts' leads, reports and settings — other clients don't exist for them. This is enforced by row-level security in the database, not just hidden in the interface.

Safety rails worth knowing

  • The last agency owner can't be removed or demoted.
  • Every membership and permission change is audit-logged.
  • Members manage their own profile (name, password) and lead-alert preferences.