Guides, FAQs and best practices for every SyntrixOne feature.
How we keep your workspace safe.
Required before any workspace action.
Every new account must verify their email before being allowed to write data. Verification emails are sent via Resend.
Resend limit: 10 verifications per email per day. Cooldown: 60 seconds between attempts.
Workspaces require a closed-beta code.
During the closed beta, you cannot create a workspace without an invite code. This prevents abuse while we onboard our launch customers.
Each user can create at most one workspace.
Manual admin review of every new workspace.
Every new workspace enters the "pending approval" state. Our team reviews and approves within 24 hours during business days.
While pending, writes are blocked server-side with HTTP 403 workspace_pending_approval — protecting both you and us during onboarding.
Owner / admin / agent permissions.
Each member has one role: Owner (full control + billing), Admin (everything except billing), Agent (operate inbox + CRM only).
Sensitive endpoints (admin tools, billing, team management) check role server-side. No client-only enforcement.
Mongo-backed sliding-window limits.
We rate-limit registration (5 per hour per IP and per email), forgot-password (5 per hour per IP and per email) and verification resends (10 per day per email, 50 per day per IP).
When you hit a limit, we return HTTP 429 with a Retry-After header.
Throwaway addresses are blocked.
We block sign-ups from 15+ disposable email providers (Mailinator, Guerrilla, 10 Minute Mail, Yopmail, etc.).
Please use your work or primary email address.
Sensitive actions are logged.
Workspace approval changes, role changes, MFA toggles and billing events are recorded in an append-only audit log.
Workspace owners can review the audit trail from /dashboard/settings (audit log tab).
Our team replies to support tickets within one business day.
