Two-factor authentication (2FA)
- Required for all users before app access
- Required for sensitive actions: email change, password change, org deletion
- Trusted devices — skip the 2FA prompt on devices you mark as trusted
Session security
- Idle sign-out — signed-in users are automatically signed out after inactivity, with a countdown warning and a "Stay signed in" option
- Idle sign-out is suspended while you are facilitating a live exercise, so a running tabletop is never interrupted
Room security
- Exercises require room code + password (8+ chars)
- Password shared separately from join link
Participant data
- Participants don't create accounts
- Identity stored as display name + browser session
- Optional data protection mode per exercise Plus Pro — session data, responses, and the report are purged after the org retention window (default 48 hours, configurable in Organization settings); such runs show a Temporary badge in the facilitator view
Transactional email via Resend: invites, verification, password reset, billing notifications.