Info: > Note: Last Updated on 06 Nov 2025

Users & Permissions

Our Users & Permissions Capability is designed to manage user access, roles, and data visibility across our platform. This ensures that every user operates securely within the correct organisational scope, with access tailored to their responsibilities. By combining robust permissions with strict compliance controls, we maintain the integrity and trustworthiness of our platform for all partners.

How Users Relate to Organisations

Every user on our platform is associated with a specific organisation. This relationship determines what data they can view or modify, ensuring that information is only accessible to those with a legitimate need. Whether you are a partner admin, channel user, or sales agent, your access is governed by both your organisational membership and your assigned permissions.

Example: User Types and Access Levels

| User Type

Organisation Scope

Typical Access Level

Example Actions

| | --- | --- | --- | --- | |

Partner Admin

Partner Org

Full (manage users, view all data)

Add/remove users, view bookings, manage finance

| |

Channel User

Channel Org

Limited (view bookings only)

View assigned bookings

| |

Sales Agent

Partner/Channel

Restricted (view own bookings)

View and manage own bookings

| |

Supplier

Supplier Org

Scoped (manage own products)

Update product info, view bookings

Note: Actual access is determined by both organisation and permissions.

Access Control & Permissions

Permissions provide an additional layer of control beyond organisational assignment. Each user’s actions are limited by the permissions granted to them, ensuring sensitive data remains protected.

Example 1: A user with permission to view bookings but not finance can see booking records but not related financial data.
Example 2: Access to sensitive or personally identifiable information (PII) requires special permissions. All such access is rate-limited, logged, and audited to protect consumer data.

This layered approach ensures that only authorised individuals can access or modify information, maintaining privacy, compliance, and trust.

How Features Power the Users & Permissions Capability

1. Users

Security Principal Users are a foundational element of our platform, enabling secure, flexible, and efficient management of user access and permissions for all partners, agencies, and suppliers. By assigning each user to a specific organisational context known as a “security principal”, the platform ensures that every action and data access is governed by robust, role-based controls. This approach empowers partners to confidently connect with suppliers, manage multiple brands or sub-entities, and support their teams in delivering exceptional experiences to end consumers, all while maintaining the highest standards of data security and compliance.

Contribution: Ensures every action is traceable to a specific user within a defined organisational context.
Data Protection/Compliance: Prevents unauthorised access by ensuring users only see data relevant to their organisation.
Value to Partners: You can confidently manage your team’s access and responsibilities, knowing each user’s actions are scoped and auditable.

2. Permissions

What it does: Governs what users can do or view within the platform.
Contribution: Allows fine-grained control over access to features and data, tailored to each user’s role.
Data Protection/Compliance: Restricts access to sensitive information, supporting privacy and regulatory requirements.
Value to Partners: You maintain control over who can access what, reducing risk and supporting compliance.

3. Security

Our Security Features are designed to ensure that access to the platform is controlled, appropriate, and aligned with the needs of different users and teams. Whether someone is signing in to manage bookings, access reporting, or support consumers, our system ensures that each user only sees and interacts with the information relevant to their role. Users access the platform through secure login methods and are granted permissions that reflect their responsibilities, whether they are part of your consumer service team, sales team, or technical team.

Contribution: Ensures only verified users can access the platform, and all actions are monitored for unusual activity.
Data Protection/Compliance: All access requests are logged and audited, supporting transparency and accountability.
Value to Partners: Your data and operations are protected by industry-standard security practices.

4. PII Encryption

Protecting consumers’ personal information is a top priority for us. To ensure privacy and compliance with regulations like GDPR, all personally identifiable information (PII), such as names, emails, and phone numbers shared through our shopping cart and checkout, is encrypted and access-controlled. Only authorised users with the right permissions can view or manage this sensitive data.

Contribution: Ensures that even if data is accessed, it remains unreadable without proper authorisation.
Data Protection/Compliance: Supports compliance with data protection regulations by encrypting PII at rest and in transit.
Value to Partners: You can assure your customers that their data is handled with the highest level of security.

Summary

Our Users & Permissions Capability ensures that every user has safe, compliant, and structured access to the platform. By combining user management, granular permissions, robust security, and advanced encryption, we keep your data protected while enabling your team to operate efficiently. This layered approach gives you confidence in both the security and flexibility of our platform.

Support / Questions

If you have questions or need support regarding user access or permissions, please contact your account manager or our support team.