Memberships & Roles

Invitations, role assignments, audit logs, and safeguards to prevent lockouts — a full membership lifecycle tailored for enterprise teams.

What Is This Feature?

Every person who accesses your platform does so through a membership — a link between their account and an organization, with a defined role that controls what they can see and do. This feature covers the full lifecycle of those memberships: inviting new members, assigning roles, changing permissions, and maintaining a complete history of who did what and when.

Why It Matters to Your Business

When you're selling to businesses, the people using your platform aren't all the same. An administrator needs different access than a read-only viewer. An owner needs to be able to add and remove colleagues. Without a proper roles and membership system, you either lock everything down too tightly (frustrating power users) or leave it too open (a security risk).

Enterprise readiness. Business buyers expect role-based access control. It's often a checklist item in procurement and security reviews.
Delegation without risk. An organization owner can invite colleagues and assign them appropriate roles — without handing over full admin access.
Accountability. Every role change is recorded with who made it, when, and why. If something goes wrong, you can trace exactly what happened.
Accident recovery. The system is designed to prevent lockouts — for example, you can't accidentally remove the last owner of an organization without a safeguard kicking in. And if something does go wrong, support teams have a clear, auditable path to restore access.

How It Works (No Technical Jargon)

An owner sends an invite through the admin panel. The system generates a secure, time-limited invitation link and sends it to the recipient.
The recipient clicks the link and their membership is activated. The system records who invited them, when they joined, and what role they were given.
Roles can be changed by authorized administrators. Every change is logged with the reason, so there's always a clear record.
Transferring ownership — the highest-privilege action — requires a second approval step. An ownership transfer can't happen with just one click from one person; it requires confirmation to prevent accidents.
If access needs to be revoked, it's immediate and audited. The removed member can no longer access the organization's data.

Roles and What They Can Do

Typical tiers look like this:

Owner — Full access, can transfer ownership, manage billing
Admin — Manage members, configure assistants, view all data
Member — Use the assistant, view their own conversations
Viewer — Read-only access to reports and dashboards

Audit Trail: What Gets Recorded

Every membership action creates a permanent audit record, including:

Invitations sent (and by whom)
Invitations accepted or expired
Role changes (from what role, to what role, by whom, with a reason)
Member removals
Ownership transfers (including the approval step)

This audit history is accessible to owners and administrators and can be exported for compliance purposes.

Protecting Against Lockouts

One of the most painful situations for any SaaS customer is accidentally losing access to their own account. The platform has specific safeguards:

You cannot demote or remove the last owner of an organization without explicit multi-step confirmation
If a lockout does occur, support teams have a documented, secure recovery process to restore access within 24 hours
All recovery actions are themselves audited

What to Expect on the Roadmap

The team is working on:

A full membership audit log visible in the admin UI (estimated 4 weeks)
An owner-transfer approval flow requiring multi-step confirmation
Support tooling for account recovery scenarios

Once these are in place, you'll have a complete, enterprise-grade access control system you can confidently demonstrate to security reviewers and compliance teams.