Get Help
FAQ
What would/do you know about me? Is the data safe/secure?
It's worth noting you can read our Privacy Policy for the most accurate and up to date information. That said, we thought we might provide a bit more information and context here.
Unfortunately, the nature of an account system means we need to collect some amount of Personally Identifiable Information (PII). This includes:
- Your name (though this can be nicknames etc...)
- Your email
- Your phone number (Optional)
- Your pronouns (Optional)
- PII you might use as part of your security questions
To that extent, we make the best efforts to ensure that your data is safe and secure. This includes numerous security measures but to name a few:
- For the most sensitive data we only store the encrypted format (which is one-way only)
- We use dedicated security focused solutions to store sensitive data
- Isolation/Separation/Limitations of concerns to try to limit data to what is needed ("over-fetching" protections, etc...)
- Relatively fine-grained access controls at multiple levels (namely app scopes AND user permissions)
- Both protocol level (TLS) and application level (Signed/Encrypted JWT) message encryption
- Transparent/Auditable activity trail
- Among others...
While no system can guarantee data safety and security, we do our best to ensure that your data is safe and secure. We also do our best to be transparent about what data we collect and how we use it.
Why am I seeing activity about a "delegated token"?
We fully admit, "delegated tokens" are a bit complicated. The easiest way we've found to think about it is by using examples. Which we'll attempt to walk you through below.
So, the idea (at least in our system) is that someone who has authority to view/act on behalf of someone else is exercising that authority. This probably feels a bit confusing at first, but some examples in semi-regular day life might be things like
- A parent has authority to view their child's grades.
- A landlord has permission to enter the unit they rent out (with the proper notice).
- A lawyer has permission to act on behalf of their client.
- Etc...
In our case this is usually an account administrator (or someone with equivalent permissions) can view or act on behalf of a user on the same account. This is useful in a pretty wide range of situations. But to give a few example:
- Where an administrator is trying to review the activity for a (or multiple) user(s). Maybe for auditing/security purposes.
- Where an administrator is trying to help a user identify or resolve an issue they've encountered.
- Where an administrator is making an account wide change that applies to all users because of a new policy.
- Etc...
For us, it was important that this functionality was available, but also that it was clear when it was being used. So, we've tried to make it clear on both sides when a delegated token was created/used. Reflecting back on those semi-regular life examples:
- When a parent is viewing their child's grades, the child has to bring their report card home (Okay, maybe we're showing our age a bit with this one 😆).
- When a landlord enters a unit, they need to give notice.
- When a lawyer files a motion, there are public records and the client is usually aware that the lawyer is doing so.
- Etc...
So, the bottom line is, if you seeing activity about a "delegated token" it's because either your account administrator (or equivalent) viewed/changed some data about you. Or you viewed/changed some data about someone else on your account.
Submit Requests/Info
The form below allows you to ask a question, report an issue, or suggest a feature. We make no promises about response time, implementation or otherwise. But by submitting here your helping us stay organized and learn where to focus our efforts.