User Profile¶
Profile (icon in the top-bar right) — personal account settings.
Particulars¶
- First and last name — how teammates see you.
- Avatar — upload a photo or auto-generate from initials.
- Email — used for login and notifications. Changing requires verification of the new address.
- Phone — optional, for SMS notifications about critical findings (Enterprise).
- Job title — for context in reports ("approved by Jane Doe, CISO").
Security¶
Changing password¶
- Profile → Security → Change password.
- Enter current password + new twice.
- Save.
All active sessions except the current one are automatically terminated (force logout).
Two-factor authentication¶
See Sign Up and Login.
Active sessions¶
Profile → Security → Active sessions — list of all your active sessions (browser, OS, IP, last activity).
- Sign out — a specific session.
- Sign out everywhere — all except the current one.
API tokens¶
If you use the platform via API (your own automation, scripts):
- Profile → API tokens → Generate new.
- Give it a name (for clarity).
- Pick scopes (read-only / read-write / specific permissions).
- Save the token — it's shown only once, only a hash is stored afterward.
Details — REST API.
Preferences¶
- Language — Ukrainian / English. Applied immediately without re-login.
- Theme — Light / Dark / System.
- Timezone — for timestamp display. Defaults to the organization's tz.
- Email digest —
instant/hourly/daily/weekly— how often to receive a notification digest.
Notification preferences¶
Per-user settings (in addition to the organization's rules):
- Which finding types to show as in-app notifications.
- Whether to receive digests.
- Digest delivery time (e.g., "09:00 in my timezone").
Report subscriptions¶
The list of reports you're subscribed to. You can:
- Unsubscribe — stop receiving.
- Subscribe — to an existing report.
Account deletion¶
- Profile → Account → Delete account.
- If you are the only Admin of an organization — promote another user to Admin first.
- Confirm with password.
- 30 days to cancel — message support and your account is restored.
- After 30 days — data is permanently removed. Attribution in findings/audit log becomes
[deleted user].