Settings & Compliance
Settings & Compliance
Section titled “Settings & Compliance”Last Updated: January 26, 2026
Overview
Section titled “Overview”Proper configuration of settings and compliance controls is essential for secure, compliant B2B2G operations. This guide covers organization settings, user preferences, POPIA compliance configuration, and security settings.
Settings page with navigation to all configuration sections
Accessing Settings
Section titled “Accessing Settings”Navigate to Settings
Section titled “Navigate to Settings”- Log into ThriveSend dashboard
- Click Settings in the left sidebar
- You’ll see the settings navigation
Settings navigation showing all available sections
Settings Sections:
- Organization
- User Preferences
- Compliance
- Security
- Integrations
- Notifications
- Billing
- Data & Privacy
Organization Settings
Section titled “Organization Settings”Organization Profile
Section titled “Organization Profile”Configure your service provider organization:
Organization profile settings
Organization Details:
| Field | Description | Example |
|---|---|---|
| Organization Name | Official business name | Marketing Solutions SA |
| Service Type | B2B, B2G, or B2B2G | B2B2G |
| Industry | Primary industry sector | Marketing & Advertising |
| Company Size | Number of employees | 11-50 |
| Phone Number | Primary contact number | +27 11 123 4567 |
| Physical Address | Business address | 123 Main St, Johannesburg |
| Website | Company website | https://company.co.za |
| Tax ID | Company tax/VAT number | 1234567890 |
Branding Settings
Section titled “Branding Settings”Configure your organization’s branding:
Branding configuration interface
Branding Options:
| Element | Description | Formats |
|---|---|---|
| Logo | Company logo | PNG, SVG (max 2MB) |
| Primary Color | Main brand color | Hex color code |
| Secondary Color | Accent color | Hex color code |
| Font Family | Brand typography | Google Fonts or Custom |
| Email Signature | Default email signature | Rich text |
Logo Requirements:
- Recommended size: 200x200 pixels or larger
- Transparent background preferred
- Will be used in emails and campaigns
Business Hours
Section titled “Business Hours”Set your organization’s operating hours:
Business hours configuration
Purpose:
- Determines campaign send times
- Sets support availability expectations
- Influences auto-response timing
- Affects analytics reporting periods
Configuration:
Monday - Friday: 08:00 - 17:00 (SAST)Saturday: ClosedSunday: ClosedTimezone: Africa/Johannesburg (GMT+2)User Preferences
Section titled “User Preferences”Personal Information
Section titled “Personal Information”Update your personal profile:
User profile settings
Editable Fields:
- Full name
- Email address (requires verification)
- Phone number
- Profile photo
- Job title
- Department
Display Preferences
Section titled “Display Preferences”Customize your user interface:
User interface customization
Display Options:
| Preference | Options | Default |
|---|---|---|
| Theme | Light, Dark, Auto | Light |
| Language | English, Afrikaans, Zulu | English |
| Date Format | DD/MM/YYYY, MM/DD/YYYY, YYYY-MM-DD | DD/MM/YYYY |
| Time Format | 12-hour, 24-hour | 24-hour |
| Timezone | Select from list | Africa/Johannesburg |
| Dashboard Layout | Grid, List, Compact | Grid |
Notification Preferences
Section titled “Notification Preferences”Configure how you receive notifications:
Notification settings configuration
Notification Channels:
| Event | In-App | Push | SMS | |
|---|---|---|---|---|
| Campaign Approval Required | ✅ | ✅ | ✅ | ❌ |
| Client Created | ✅ | ✅ | ❌ | ❌ |
| Compliance Alert | ✅ | ✅ | ✅ | ✅ |
| Team Member Invited | ✅ | ✅ | ❌ | ❌ |
| Campaign Completed | ✅ | ✅ | ❌ | ❌ |
| Performance Milestone | ✅ | ✅ | ❌ | ❌ |
| System Maintenance | ✅ | ✅ | ✅ | ❌ |
Frequency Options:
- Immediately
- Hourly digest
- Daily digest
- Weekly summary
- Never (disable notification)
Compliance Settings
Section titled “Compliance Settings”POPIA Compliance Configuration
Section titled “POPIA Compliance Configuration”Configure POPIA compliance controls:
POPIA compliance configuration
Compliance Controls:
| Setting | Description | Options |
|---|---|---|
| Consent Management | How consent is obtained and tracked | Explicit, Opt-in, Double opt-in |
| Data Retention | How long data is retained | 1-7 years, Custom |
| Audit Logging | What activities are logged | All, Critical only, Custom |
| Data Residency | Where data is stored | South Africa (required) |
| Access Controls | Who can access what data | Role-based, Custom |
Consent Management
Section titled “Consent Management”Configure consent collection and tracking:
Consent management configuration
Consent Settings:
Consent Collection Method:☑ Double Opt-In (Recommended for POPIA compliance) - User signs up - Verification email sent - User clicks confirmation link - Consent timestamp recorded
☐ Single Opt-In - User provides consent - Immediate consent recorded - Higher risk of invalid consents
Consent Renewal:☑ Require consent renewal after 12 months of inactivity
Consent Records:☑ Store consent timestamp☑ Store consent IP address☑ Store consent method (form, email, phone)☑ Store purpose of processingData Retention Policies
Section titled “Data Retention Policies”Configure data retention:
Data retention policy configuration
Retention Policies:
| Data Type | Default Retention | Customizable |
|---|---|---|
| Client Data | Indefinite | Yes (minimum 2 years) |
| Campaign Data | 5 years | Yes (minimum 2 years) |
| Content Assets | 3 years | Yes (minimum 1 year) |
| Analytics Data | 2 years | Yes (minimum 6 months) |
| Audit Logs | 7 years | No (POPIA requirement) |
| Government Data | Permanent | No (compliance requirement) |
| Team Member Data | 2 years after departure | Yes |
Auto-Deletion:
☑ Enable automatic data deletion when retention period expires☑ Send notification 30 days before deletion☑ Require approval for deletion of government dataAudit Log Configuration
Section titled “Audit Log Configuration”Configure audit logging:
Audit log configuration
Logged Activities:
| Category | Activities Logged |
|---|---|
| Authentication | Login, logout, failed attempts |
| Data Access | Client views, campaign views, content access |
| Data Modification | Create, update, delete operations |
| Permission Changes | Role changes, access grants/revokes |
| Compliance | Consent changes, DSR processing |
| Security | Clearance changes, security incidents |
| Export | Data exports, report generation |
Log Retention:
- Minimum: 5 years (POPIA requirement)
- Maximum: Permanent
- Storage: South African data centers
Data Subject Rights (DSR)
Section titled “Data Subject Rights (DSR)”Configure data subject request handling:
Data subject rights configuration
Supported DSR Types:
| Right | Description | Response Time |
|---|---|---|
| Access | Provide copy of personal data | 30 days |
| Correction | Correct inaccurate data | 7 days |
| Deletion | Delete personal data | 30 days |
| Portability | Export data in machine-readable format | 30 days |
| Objection | Object to data processing | Immediate |
| Restriction | Restrict data processing | 7 days |
DSR Workflow:
Request Received → Verify Identity → Process Request → Respond
Timeline:- Acknowledgment: Within 24 hours- Identity verification: Within 3 days- Request processing: Within 30 days- Response delivery: Email + In-app notificationSecurity Settings
Section titled “Security Settings”Password Policy
Section titled “Password Policy”Configure password requirements:
Password policy configuration
Password Requirements:
Minimum Length: 12 characters (recommended 14+)Required Complexity:☑ At least one uppercase letter☑ At least one lowercase letter☑ At least one number☑ At least one special character (!@#$%^&*)
Password History:☑ Cannot reuse last 5 passwords
Password Expiration:☐ Passwords expire after 90 days (optional)
Lockout Policy:☑ Lock account after 5 failed attempts☑ Lockout duration: 30 minutes☑ Notify user and admin on lockoutTwo-Factor Authentication (2FA)
Section titled “Two-Factor Authentication (2FA)”Configure 2FA requirements:
Two-factor authentication configuration
2FA Options:
| Method | Description | Security Level |
|---|---|---|
| SMS | Code sent via SMS | Medium |
| Authenticator App | TOTP app (Google Authenticator, Authy) | High |
| Code sent via email | Low-Medium | |
| Hardware Token | Physical security key (YubiKey) | Very High |
2FA Policy:
☑ Require 2FA for all team members☐ Require 2FA only for admins☐ Require 2FA for government client access☑ Require 2FA for CONFIDENTIAL clearance holders☐ Make 2FA optional (not recommended)
Trusted Devices:☑ Allow trusted devices (30-day validity)☑ Require 2FA on new device☑ Email notification when new device addedIP Whitelisting
Section titled “IP Whitelisting”Restrict access to specific IP addresses:
IP whitelist configuration
Whitelist Configuration:
IP Whitelist (Optional):- Office Network: 102.134.XXX.XXX/24- VPN Gateway: 102.135.XXX.XXX- Home Office (CEO): 102.136.XXX.XXX
Policy:☐ Enforce IP whitelist for all users☑ Enforce IP whitelist for admins only☐ Enforce IP whitelist for government data access☐ Send alert when access attempted from non-whitelisted IPUse Cases:
- High-security government work
- Restricting access to office network
- Preventing unauthorized remote access
- Compliance with government security requirements
Session Management
Section titled “Session Management”Configure session security:
Session management configuration
Session Policies:
Session Timeout:- Idle timeout: 30 minutes (adjustable: 15-120 minutes)- Maximum session duration: 8 hours- Extend session on activity: Yes
Concurrent Sessions:- Allow multiple concurrent sessions: Yes- Maximum concurrent sessions: 3- Notify on new session: Yes
Session Security:☑ Invalidate sessions on password change☑ Invalidate sessions on role change☑ Log all session activity☑ Require re-authentication for sensitive operationsIntegration Settings
Section titled “Integration Settings”API Access
Section titled “API Access”Configure API access for integrations:
API access configuration
API Keys:
Production API Key: sk_live_xxxxxxxxxxxxxxxxxxxxxTest API Key: sk_test_xxxxxxxxxxxxxxxxxxxxx
API Key Permissions:☑ Read client data☑ Read campaign data☑ Create campaigns☐ Delete data (restricted)☑ Read analytics☐ Manage team (restricted)
API Rate Limits:- Requests per minute: 60- Requests per hour: 1,000- Requests per day: 10,000Creating API Keys:
- Click Generate API Key
- Name the API key
- Select permissions
- Set expiration (optional)
- Copy and securely store key (shown once!)
Webhook Configuration
Section titled “Webhook Configuration”Set up webhooks for event notifications:
Webhook configuration
Webhook Events:
| Event | Description | Payload |
|---|---|---|
campaign.created | New campaign created | Campaign object |
campaign.approved | Campaign approved | Campaign object |
campaign.completed | Campaign finished | Campaign + Analytics |
client.created | New client added | Client object |
content.approved | Content approved | Content object |
compliance.alert | Compliance issue detected | Alert details |
Webhook Endpoint:
Endpoint URL: https://your-domain.com/webhooks/thrivesendSecret: whsec_xxxxxxxxxxxxxxxxxxxxx
Events:☑ campaign.created☑ campaign.approved☑ campaign.completed☑ compliance.alert
Retry Policy:- Retry on failure: Yes- Maximum retries: 3- Retry interval: Exponential backoff (1m, 5m, 15m)Third-Party Integrations
Section titled “Third-Party Integrations”Connect third-party services:
Third-party integration marketplace
Available Integrations:
| Service | Category | Purpose |
|---|---|---|
| Google Analytics | Analytics | Track campaign performance |
| Mailchimp | Sync email lists | |
| HubSpot | CRM | Sync contacts and campaigns |
| Salesforce | CRM | Enterprise CRM integration |
| Slack | Communication | Team notifications |
| Microsoft Teams | Communication | Team collaboration |
| Zapier | Automation | Connect 1000+ apps |
| Google Drive | Storage | Store campaign assets |
| Dropbox | Storage | Cloud file storage |
Connecting Integration:
- Select integration from marketplace
- Click Connect
- Authenticate with third-party service
- Configure sync settings
- Test connection
- Save integration
Billing Settings
Section titled “Billing Settings”Subscription Management
Section titled “Subscription Management”View and manage your subscription:
Subscription management page
Subscription Details:
Current Plan: ProfessionalMonthly Cost: R 4,999 / monthBilling Cycle: MonthlyNext Billing Date: February 1, 2026
Plan Includes:✅ Unlimited campaigns✅ Up to 50,000 contacts✅ 10 team members✅ Advanced analytics✅ Priority support✅ POPIA compliance tools✅ Government client supportPlan Actions:
- Upgrade Plan
- Downgrade Plan
- Cancel Subscription
- Update Payment Method
Payment Methods
Section titled “Payment Methods”Manage payment methods:
Payment method management
Accepted Payment Methods:
- Credit/Debit Card (Visa, Mastercard)
- Bank Transfer (EFT)
- Direct Debit
Adding Payment Method:
- Click Add Payment Method
- Select type (card, bank account)
- Enter payment details
- Verify payment method
- Set as default (optional)
Billing History
Section titled “Billing History”View past invoices and payments:
Invoice history and payment records
Invoice Details:
- Invoice number
- Billing period
- Amount
- Payment status
- Payment method
- Download PDF
- Email invoice
Data & Privacy Settings
Section titled “Data & Privacy Settings”Data Export
Section titled “Data Export”Export your organization’s data:
Data export interface
Export Options:
| Data Type | Format | Size Estimate |
|---|---|---|
| All Data | ZIP (Multiple files) | Large |
| Clients | CSV, Excel | Small |
| Campaigns | CSV, Excel, JSON | Medium |
| Analytics | CSV, Excel | Medium |
| Content | ZIP (Files + Metadata) | Large |
| Audit Logs | CSV, JSON | Large |
| Team Data | CSV | Small |
Export Process:
- Select data to export
- Choose format
- Apply filters (date range, clients, etc.)
- Request export
- Receive email when ready
- Download from secure link (24-hour validity)
Data Deletion
Section titled “Data Deletion”Request data deletion:
Data deletion request interface
CRITICAL - POPIA Compliance:
⚠️ IMPORTANT: Data deletion has legal and compliance implications.
Restrictions:❌ Cannot delete audit logs (5-year minimum retention)❌ Cannot delete government client data (permanent retention)❌ Cannot delete data subject to active legal hold✅ Can delete business client data (after retention period)✅ Can delete expired campaign data (after retention period)
Before Deleting:1. Export data for records2. Verify retention period has passed3. Confirm no active legal obligations4. Get approval from compliance officer
Process:1. Submit deletion request2. Compliance review (3-5 days)3. Admin approval required4. 30-day waiting period5. Final confirmation6. Irreversible deletionPrivacy Policy
Section titled “Privacy Policy”Configure privacy policy:
Privacy policy configuration
Privacy Policy Settings:
Privacy Policy URL: https://company.co.za/privacyLast Updated: January 1, 2026
Display Settings:☑ Show privacy policy link in footer☑ Require acceptance on first login☑ Require re-acceptance when policy updates☑ Email notifications when policy changes
POPIA-Specific Clauses:☑ Data processing purposes☑ Data storage location (South Africa)☑ Third-party data sharing☑ Data subject rights☑ Contact information for data queries☑ Retention periods☑ Security measuresAdvanced Settings
Section titled “Advanced Settings”Maintenance Mode
Section titled “Maintenance Mode”Enable maintenance mode for platform updates:
Maintenance mode configuration
Maintenance Mode:
Status: Disabled
When Enabled:- All users except admins are blocked from accessing platform- Custom maintenance message displayed- Scheduled campaigns continue running (optional)- Email notifications continue (optional)
Scheduled Maintenance:Date: February 15, 2026Time: 02:00 - 04:00 SASTDuration: 2 hoursReason: Database upgrade and performance optimization
Notifications:☑ Email all users 7 days before☑ Email reminder 24 hours before☑ Show in-app banner 48 hours beforeCustom Domain
Section titled “Custom Domain”Configure custom domain for campaigns:
Custom domain configuration
Custom Domain Setup:
Default Domain: campaigns.thrivesend.co.zaCustom Domain: campaigns.yourcompany.co.za
Benefits:✅ Professional branding✅ Better email deliverability✅ Increased trust✅ Custom tracking links
DNS Configuration Required:CNAME record: campaigns.yourcompany.co.za → campaigns.thrivesend.co.zaTXT record: Verification token
SSL Certificate:☑ Auto-provision Let's Encrypt SSL certificateBest Practices
Section titled “Best Practices”Settings Best Practices
Section titled “Settings Best Practices”- Regular Reviews: Review settings quarterly
- Security First: Enable all available security features
- POPIA Compliance: Ensure all compliance settings are properly configured
- Team Training: Train team on compliance requirements
- Backup Settings: Document your configuration
- Test Changes: Test in staging before production changes
- Audit Logs: Regularly review audit logs
- Password Policy: Enforce strong password requirements
- 2FA: Require 2FA for all users
- Data Retention: Set appropriate retention periods
Government Settings Best Practices
Section titled “Government Settings Best Practices”- Enhanced Security: Enable IP whitelisting for government work
- Strict 2FA: Require 2FA for CONFIDENTIAL clearance holders
- Audit Everything: Log all government data access
- Separate Environments: Consider separate environments for government work
- Regular Audits: Conduct monthly security audits
- Compliance Reviews: Quarterly compliance reviews
- Incident Response: Have incident response plan
- Access Reviews: Monthly access right reviews
- Training: Mandatory government compliance training
- Documentation: Maintain comprehensive compliance documentation
Troubleshooting
Section titled “Troubleshooting”Issue: Cannot Change Setting
Section titled “Issue: Cannot Change Setting”Symptom: Setting is grayed out or unchangeable
Solution:
- Verify you have admin permissions
- Check if setting is locked by compliance policy
- For government settings: May require compliance approval
- Some settings cannot be changed if in use
- Contact support for locked system settings
Issue: 2FA Not Working
Section titled “Issue: 2FA Not Working”Symptom: 2FA code not accepted
Solution:
- Verify time on device is correct (TOTP requires accurate time)
- Try next code (TOTP codes change every 30 seconds)
- Use backup codes if available
- Contact admin to reset 2FA
- Re-scan QR code to re-sync authenticator app
Issue: API Key Not Working
Section titled “Issue: API Key Not Working”Symptom: API calls failing with authentication error
Solution:
- Verify API key is correct (no extra spaces)
- Check API key hasn’t expired
- Verify API key has necessary permissions
- Check rate limits (may be throttled)
- Regenerate API key if compromised
POPIA Compliance Checklist
Section titled “POPIA Compliance Checklist”Essential POPIA Settings
Section titled “Essential POPIA Settings”Use this checklist to ensure POPIA compliance:
☑ Consent Management ☑ Double opt-in enabled ☑ Consent renewal configured ☑ Consent records stored
☑ Data Retention ☑ Retention policies configured ☑ Auto-deletion enabled ☑ Government data permanent retention
☑ Audit Logging ☑ All critical activities logged ☑ 5+ year retention ☑ Regular audit log reviews
☑ Data Subject Rights ☑ DSR workflow configured ☑ 30-day response time ☑ Identity verification enabled
☑ Security ☑ Strong password policy ☑ 2FA enabled ☑ Session timeout configured ☑ IP whitelist (for sensitive data)
☑ Privacy ☑ Privacy policy published ☑ Data residency: South Africa ☑ Third-party agreements documented
☑ Access Control ☑ Role-based access ☑ Security clearances assigned ☑ Regular access reviewsWhat’s Next?
Section titled “What’s Next?”You’ve completed the user guide! Here are some next steps:
Recommended Resources:
- Dashboard Overview - Return to dashboard
Getting Help
Section titled “Getting Help”If you need assistance with settings or compliance:
- Email: support@isutech.co.za
- Compliance Questions: compliance@isutech.co.za
- Video Tutorial: Settings Configuration
Previous: ← Team Management
Last Updated: January 26, 2026