Skip to main content
FeaturesPricingFor TeamsEnterpriseDocs
Log in to your account

Card required to begin • Setup in 5 minutes

BeginnerAccount and Billing

Account Settings

Manage profile, workspace, security, SSO, white label, and compliance settings in NimbusOS, with per-role permission boundaries.

8 min read
Updated April 23, 2026
1,700 words

Account Settings is where you configure who you are, who can access your workspace, how the platform authenticates, and how it presents to sub-clients. This article walks through the seven settings sections, the permission boundaries (who can change what), and the settings that affect the entire workspace versus only your personal profile.

The Seven Sections

Account Settings is grouped into seven sections:

  1. Profile. Personal identity.
  2. Workspace. Org-level configuration.
  3. Security. Authentication and sessions.
  4. Team. Members and roles (covered in Team Management).
  5. White label. Branding and custom domain.
  6. Compliance. GDPR, audit, data retention.
  7. Integrations. Third-party credentials (covered in Integration Overview).

Accessible at /settings.

Profile

Your personal identity in the workspace.

Display name. Shown in activity logs, reply attributions, and sender signatures if you are a sending user.

Profile photo. Shown in the team list, comments, and activity feeds.

Email. The email you log in with. Changing it requires re-verification via the new email address.

Time zone. Your personal time zone. Affects how dashboard metrics render time-of-day data for you specifically.

Notification preferences. Granular control over which events produce email notifications. Default is "alerts and critical events only".

API keys. Your personal API keys, distinct from workspace-level keys. Covered in Authentication.

Workspace

Org-level configuration. Only owners and admins can change these.

Workspace name. Organization display name. Shown in the platform header.

Workspace URL slug. Short identifier used in white-label URLs. Changeable but breaks any external links if changed.

Default time zone. Applied to new users and to workspace-level analytics.

Default sending behavior. Campaign defaults: default campaign type, default send window, default rate limits. New campaigns inherit these unless overridden.

Fiscal year settings. Affects quarterly and annual analytics rollups.

Industry. Used by the Growth Brain to surface relevant benchmarks.

Business address. Required for CAN-SPAM compliance. Appears in the unsubscribe footer of every email.

Security

Authentication, session management, and access controls.

Password policy. Minimum length, required character classes, rotation interval. Workspace-wide enforcement.

2FA policy. Off, optional, or required. Setting to required forces every member to enable 2FA before their next login.

SSO configuration. Enterprise tier. SAML 2.0 or OIDC setup. Covered in detail in the SSO article.

Session lifetime. Default 12 hours. Configurable down to 1 hour for high-security workspaces.

IP allowlisting. Restrict login to specific IP ranges. Useful for office-only or VPN-only access.

Audit log retention. 12 months default. Configurable up to 7 years for compliance.

Login activity. View recent logins with IP, user agent, and location. Force logout of suspicious sessions.

Team

Covered in Team Management. Invite members, assign roles, manage permissions.

White Label

Agency configuration. Define how sub-client portals present.

Logo. Upload a logo shown in the sub-client portal header. Supports PNG and SVG.

Favicon. Shown in browser tabs.

Primary color. Accent color across the portal.

Custom domain. Sub-client portal domain. For example, clients.youragency.com. Requires DNS setup (CNAME) and SSL. NimbusOS handles SSL automatically through Let's Encrypt.

Email sender name. Reply attribution name shown in client-side notifications. Defaults to agency name.

Default portal visibility. Which sections are visible in new sub-client portals. Per-portal overrides still work.

White label is agency-only. Single-team workspaces do not see this section.

Compliance

Data governance and regulatory settings.

Data retention policy. How long to retain contact data after last activity. Defaults to "indefinite". Configurable to auto-soft-delete contacts after N days of no engagement.

GDPR deletion workflow. Configuration for GDPR deletion requests: auto-confirm on receipt, require manual review, retention period after deletion before hard delete.

Suppression list scope. Whether workspace suppression syncs to other workspaces in the same agency. Defaults to per-workspace.

Audit log access. Who can view audit logs. Default is owners and admins.

Export controls. Whether contacts can be exported, who can do it, audit trail on exports.

Compliance certifications. Track which compliance framework the workspace operates under (SOC 2, GDPR, CCPA, HIPAA). Does not enforce compliance; tracks which framework your team has committed to.

Integrations

Covered in the Integration Overview. API keys, OAuth connections, webhook endpoints.

Permission Boundaries

Who can change what.

Owner. All settings in all sections.

Admin. All settings except workspace-level destructive ones (deleting the workspace, changing billing).

Member. Profile section only. Read-only view of other sections.

Viewer. Profile section only. No read access to workspace-level configuration.

Attempting to change a setting above your permission level returns an inline error explaining which role is required.

Workspace Deletion

Owners can delete a workspace from Workspace -> Danger Zone. Deletion is a multi-step process:

  1. Confirm by typing the workspace name.
  2. 7 day waiting period with daily reminder emails.
  3. Full purge on day 7 unless canceled.

During the waiting period the workspace continues to operate. Canceling restores everything.

Hard deletion removes the database records, storage objects, and all associated data. The GDPR retention log persists to prove deletion for audit.

Change Log

Every setting change writes an AuditLog row with user, timestamp, field, and before/after values. The change log is viewable in the Audit section.

The change log is immutable. Even owners cannot edit it retroactively. This is a compliance property, not a permissions limitation.

Workspace Usage and Limits

The Workspace section shows current usage against plan limits:

  • Contacts used vs limit
  • Team members used vs limit
  • Email accounts connected vs limit
  • API requests this month vs limit
  • Enrichments this month vs limit

Approaching a limit fires a warning alert. Crossing the limit pauses operations for that category until the limit is raised or consumption drops below the limit.

See Usage and Limits for the full treatment.

Two-Factor Recovery

If you lose access to your 2FA device, recovery options:

Backup codes. Generated at 2FA enrollment. Each single-use. Store somewhere safe.

Admin reset. A workspace owner or admin can reset your 2FA. The reset sends a confirmation email to you and logs the action.

Support recovery. As a last resort, support can initiate recovery with identity verification. This is a slow process (business days) to prevent social engineering attacks.

Email Notification Settings

Granular notification preferences.

Campaign alerts. Auto-pause events, resume gate blocks, critical deliverability alerts.

Engagement notifications. Positive replies, meetings booked, new opens on high-priority contacts.

System notifications. Maintenance windows, platform updates, new feature announcements.

Digest. Daily or weekly digest of activity. Reduces email volume versus per-event notifications.

Default: alerts and critical events only. Adjust per your preference.

Language and Regional Settings

Interface language. English default. Spanish, French, German, Portuguese supported.

Date format. MM/DD/YYYY, DD/MM/YYYY, YYYY-MM-DD.

Currency. Display currency for billing and revenue analytics.

These are personal settings. Workspace-level has a default that new users inherit.

Troubleshooting

"I cannot change the workspace name even though I am an owner"

Workspace name changes are subject to a 30 day cooldown after creation. This prevents accidental name churn. Wait or contact support to force the change.

"Custom domain shows 'verification pending' for hours"

DNS propagation can take up to 48 hours. If the CNAME is correct and it has been over 48 hours, contact support. A common error is pointing the CNAME to the wrong target; the required target is shown in the custom domain setup screen.

"2FA setup fails with 'code invalid'"

Clock skew between your phone and the NimbusOS server. Ensure your phone's time is set automatically (network time). TOTP is sensitive to clock drift beyond 30 seconds.

"My IP allowlist is blocking me after a change"

If you locked yourself out, support can temporarily suspend the allowlist for you to log back in. This requires email verification.

Frequently Asked Questions

Can I run multiple workspaces on one account?

Yes. An email can be a member of multiple workspaces. Switch between workspaces from the workspace picker in the app header.

Is there a dark mode?

Yes. Profile -> Theme. Dark is the default for most of the agency-facing views.

Can I export all my settings to migrate to another workspace?

Not in one click. Critical settings (team members, integrations, white label) can be exported individually and re-imported. Full workspace migration is an enterprise-supported operation that requires manual coordination.

Do setting changes apply immediately?

Yes, within seconds. Some settings (SSO, IP allowlist) take effect on the next login rather than the current session for safety.

What to Read Next

Useful next pages after this one: Team Management for members and roles, Plans and Pricing for subscription management, and Usage and Limits for quota visibility.

Related articles

Account and Billing

Plans and Pricing

NimbusOS pricing, the 14-day card-required free trial, and how to manage your subscription through the Stripe Customer Portal.

Account and Billing

Team Management

Invite team members, assign roles, configure permissions, and manage access in NimbusOS with owner, admin, member, and viewer roles.

Account and Billing

Usage and Limits

Understand NimbusOS usage quotas for contacts, sends, enrichments, API calls, and seats; monitor consumption and handle overages before they impact campaigns.

Analytics and Reporting

A/B Testing

Test subject lines, openers, CTAs, and send timing in NimbusOS with multi-variant traffic allocation, automated winner selection, and statistical confidence gating.

Still stuck?

Our team answers every support ticket. If the answer is not in the docs, open a ticket and we will write the missing page.

Contact supportBook a demo