Security & access
Settings > Security: MFA (TOTP), password update, email update, linked accounts (OAuth), account deletion. Account vs workspace, FAQ and see also.
Security & access
Joinways is built with security at its core: strong authentication, role-based access control and data encryption. Here's how to manage your account security.
Where to find security settings
Path: Account settings > Security
Two-factor authentication (MFA)
Two-factor authentication adds a security layer to your login:
- Go to Account settings > Security.
- Click Enable two-factor authentication.
- Scan the QR code with an authenticator app (Google Authenticator, Authy, etc.).
- Enter the verification code.
You can disable MFA from the same page.
Password
You can change your password at any time from Account settings > Security.
Sessions and devices
View the list of devices connected to your account. You can revoke access for a specific device if needed.
Data protection
- All data is encrypted in transit and at rest.
- Data is hosted in Europe.
- Joinways is GDPR compliant.
- Each workspace is isolated: data from one workspace is never accessible from another.
Best practices
- Enable MFA for all team members.
- Use strong, unique passwords.
- Regularly review active sessions.
Team security policy
Data security is a collective responsibility. Establish a clear policy for your team and make sure every member knows and follows it.
- Strong passwords — require passwords of at least 12 characters combining letters, numbers, and special characters.
- Two-factor authentication (2FA) — enable 2FA for all members, especially those with admin or owner roles.
- Regular access reviews — every quarter, review the member list and remove access for people who are no longer part of the team.
- Monitor email connections — verify that only active email accounts are connected — disconnect obsolete accounts.
In case of a breach
If you suspect an account has been compromised, act immediately: change the affected member's password, disconnect their active sessions, and check the recent modification history in events and contacts.
⚠️ Never share your login credentials with a third party, even a vendor. Create a temporary guest account if needed.
Is the data encrypted?
Yes, all data is encrypted in transit (TLS/SSL) and at rest. Sensitive information like email connection tokens is stored securely and is never accessible in plain text.
Troubleshooting
Team member can't access certain features?
Check their role in Settings > Members. Permissions are tied to roles — an admin has broader access than a standard member. Adjust the role if needed.
Locked out of your account?
Use the password reset feature on the login page. If you've enabled two-factor authentication, make sure you have access to your authenticator app. Contact support if you're completely locked out.
FAQ
Can I enforce MFA for all team members?
MFA is configured individually by each member. As a workspace owner, you can require it as a team policy and verify compliance in Settings > Team.
How do I revoke a device's access?
Go to Account settings > Security > Sessions. Click the revoke button next to the device you want to disconnect. The session ends immediately.
Is Joinways GDPR compliant?
Yes, all data is hosted in Europe, encrypted in transit and at rest, and Joinways follows GDPR guidelines including data export and deletion rights.
See also
- Configure your team
- Notifications
Ready to centralize your event leads?