Skip to content

Settings & Compliance

Last Updated: January 26, 2026


Proper configuration of settings and compliance controls is essential for secure, compliant B2B2G operations. This guide covers organization settings, user preferences, POPIA compliance configuration, and security settings.

Settings page with navigation to all configuration sections


  1. Log into ThriveSend dashboard
  2. Click Settings in the left sidebar
  3. You’ll see the settings navigation

Settings navigation showing all available sections

Settings Sections:

  • Organization
  • User Preferences
  • Compliance
  • Security
  • Integrations
  • Notifications
  • Billing
  • Data & Privacy

Configure your service provider organization:

Organization profile settings

Organization Details:

FieldDescriptionExample
Organization NameOfficial business nameMarketing Solutions SA
Service TypeB2B, B2G, or B2B2GB2B2G
IndustryPrimary industry sectorMarketing & Advertising
Company SizeNumber of employees11-50
Phone NumberPrimary contact number+27 11 123 4567
Physical AddressBusiness address123 Main St, Johannesburg
WebsiteCompany websitehttps://company.co.za
Tax IDCompany tax/VAT number1234567890

Configure your organization’s branding:

Branding configuration interface

Branding Options:

ElementDescriptionFormats
LogoCompany logoPNG, SVG (max 2MB)
Primary ColorMain brand colorHex color code
Secondary ColorAccent colorHex color code
Font FamilyBrand typographyGoogle Fonts or Custom
Email SignatureDefault email signatureRich text

Logo Requirements:

  • Recommended size: 200x200 pixels or larger
  • Transparent background preferred
  • Will be used in emails and campaigns

Set your organization’s operating hours:

Business hours configuration

Purpose:

  • Determines campaign send times
  • Sets support availability expectations
  • Influences auto-response timing
  • Affects analytics reporting periods

Configuration:

Monday - Friday: 08:00 - 17:00 (SAST)
Saturday: Closed
Sunday: Closed
Timezone: Africa/Johannesburg (GMT+2)

Update your personal profile:

User profile settings

Editable Fields:

  • Full name
  • Email address (requires verification)
  • Phone number
  • Profile photo
  • Job title
  • Department

Customize your user interface:

User interface customization

Display Options:

PreferenceOptionsDefault
ThemeLight, Dark, AutoLight
LanguageEnglish, Afrikaans, ZuluEnglish
Date FormatDD/MM/YYYY, MM/DD/YYYY, YYYY-MM-DDDD/MM/YYYY
Time Format12-hour, 24-hour24-hour
TimezoneSelect from listAfrica/Johannesburg
Dashboard LayoutGrid, List, CompactGrid

Configure how you receive notifications:

Notification settings configuration

Notification Channels:

EventEmailIn-AppPushSMS
Campaign Approval Required
Client Created
Compliance Alert
Team Member Invited
Campaign Completed
Performance Milestone
System Maintenance

Frequency Options:

  • Immediately
  • Hourly digest
  • Daily digest
  • Weekly summary
  • Never (disable notification)

Configure POPIA compliance controls:

POPIA compliance configuration

Compliance Controls:

SettingDescriptionOptions
Consent ManagementHow consent is obtained and trackedExplicit, Opt-in, Double opt-in
Data RetentionHow long data is retained1-7 years, Custom
Audit LoggingWhat activities are loggedAll, Critical only, Custom
Data ResidencyWhere data is storedSouth Africa (required)
Access ControlsWho can access what dataRole-based, Custom

Configure consent collection and tracking:

Consent management configuration

Consent Settings:

Consent Collection Method:
☑ Double Opt-In (Recommended for POPIA compliance)
- User signs up
- Verification email sent
- User clicks confirmation link
- Consent timestamp recorded
☐ Single Opt-In
- User provides consent
- Immediate consent recorded
- Higher risk of invalid consents
Consent Renewal:
☑ Require consent renewal after 12 months of inactivity
Consent Records:
☑ Store consent timestamp
☑ Store consent IP address
☑ Store consent method (form, email, phone)
☑ Store purpose of processing

Configure data retention:

Data retention policy configuration

Retention Policies:

Data TypeDefault RetentionCustomizable
Client DataIndefiniteYes (minimum 2 years)
Campaign Data5 yearsYes (minimum 2 years)
Content Assets3 yearsYes (minimum 1 year)
Analytics Data2 yearsYes (minimum 6 months)
Audit Logs7 yearsNo (POPIA requirement)
Government DataPermanentNo (compliance requirement)
Team Member Data2 years after departureYes

Auto-Deletion:

☑ Enable automatic data deletion when retention period expires
☑ Send notification 30 days before deletion
☑ Require approval for deletion of government data

Configure audit logging:

Audit log configuration

Logged Activities:

CategoryActivities Logged
AuthenticationLogin, logout, failed attempts
Data AccessClient views, campaign views, content access
Data ModificationCreate, update, delete operations
Permission ChangesRole changes, access grants/revokes
ComplianceConsent changes, DSR processing
SecurityClearance changes, security incidents
ExportData exports, report generation

Log Retention:

  • Minimum: 5 years (POPIA requirement)
  • Maximum: Permanent
  • Storage: South African data centers

Configure data subject request handling:

Data subject rights configuration

Supported DSR Types:

RightDescriptionResponse Time
AccessProvide copy of personal data30 days
CorrectionCorrect inaccurate data7 days
DeletionDelete personal data30 days
PortabilityExport data in machine-readable format30 days
ObjectionObject to data processingImmediate
RestrictionRestrict data processing7 days

DSR Workflow:

Request Received → Verify Identity → Process Request → Respond
Timeline:
- Acknowledgment: Within 24 hours
- Identity verification: Within 3 days
- Request processing: Within 30 days
- Response delivery: Email + In-app notification

Configure password requirements:

Password policy configuration

Password Requirements:

Minimum Length: 12 characters (recommended 14+)
Required Complexity:
☑ At least one uppercase letter
☑ At least one lowercase letter
☑ At least one number
☑ At least one special character (!@#$%^&*)
Password History:
☑ Cannot reuse last 5 passwords
Password Expiration:
☐ Passwords expire after 90 days (optional)
Lockout Policy:
☑ Lock account after 5 failed attempts
☑ Lockout duration: 30 minutes
☑ Notify user and admin on lockout

Configure 2FA requirements:

Two-factor authentication configuration

2FA Options:

MethodDescriptionSecurity Level
SMSCode sent via SMSMedium
Authenticator AppTOTP app (Google Authenticator, Authy)High
EmailCode sent via emailLow-Medium
Hardware TokenPhysical security key (YubiKey)Very High

2FA Policy:

☑ Require 2FA for all team members
☐ Require 2FA only for admins
☐ Require 2FA for government client access
☑ Require 2FA for CONFIDENTIAL clearance holders
☐ Make 2FA optional (not recommended)
Trusted Devices:
☑ Allow trusted devices (30-day validity)
☑ Require 2FA on new device
☑ Email notification when new device added

Restrict access to specific IP addresses:

IP whitelist configuration

Whitelist Configuration:

IP Whitelist (Optional):
- Office Network: 102.134.XXX.XXX/24
- VPN Gateway: 102.135.XXX.XXX
- Home Office (CEO): 102.136.XXX.XXX
Policy:
☐ Enforce IP whitelist for all users
☑ Enforce IP whitelist for admins only
☐ Enforce IP whitelist for government data access
☐ Send alert when access attempted from non-whitelisted IP

Use Cases:

  • High-security government work
  • Restricting access to office network
  • Preventing unauthorized remote access
  • Compliance with government security requirements

Configure session security:

Session management configuration

Session Policies:

Session Timeout:
- Idle timeout: 30 minutes (adjustable: 15-120 minutes)
- Maximum session duration: 8 hours
- Extend session on activity: Yes
Concurrent Sessions:
- Allow multiple concurrent sessions: Yes
- Maximum concurrent sessions: 3
- Notify on new session: Yes
Session Security:
☑ Invalidate sessions on password change
☑ Invalidate sessions on role change
☑ Log all session activity
☑ Require re-authentication for sensitive operations

Configure API access for integrations:

API access configuration

API Keys:

Production API Key: sk_live_xxxxxxxxxxxxxxxxxxxxx
Test API Key: sk_test_xxxxxxxxxxxxxxxxxxxxx
API Key Permissions:
☑ Read client data
☑ Read campaign data
☑ Create campaigns
☐ Delete data (restricted)
☑ Read analytics
☐ Manage team (restricted)
API Rate Limits:
- Requests per minute: 60
- Requests per hour: 1,000
- Requests per day: 10,000

Creating API Keys:

  1. Click Generate API Key
  2. Name the API key
  3. Select permissions
  4. Set expiration (optional)
  5. Copy and securely store key (shown once!)

Set up webhooks for event notifications:

Webhook configuration

Webhook Events:

EventDescriptionPayload
campaign.createdNew campaign createdCampaign object
campaign.approvedCampaign approvedCampaign object
campaign.completedCampaign finishedCampaign + Analytics
client.createdNew client addedClient object
content.approvedContent approvedContent object
compliance.alertCompliance issue detectedAlert details

Webhook Endpoint:

Endpoint URL: https://your-domain.com/webhooks/thrivesend
Secret: whsec_xxxxxxxxxxxxxxxxxxxxx
Events:
☑ campaign.created
☑ campaign.approved
☑ campaign.completed
☑ compliance.alert
Retry Policy:
- Retry on failure: Yes
- Maximum retries: 3
- Retry interval: Exponential backoff (1m, 5m, 15m)

Connect third-party services:

Third-party integration marketplace

Available Integrations:

ServiceCategoryPurpose
Google AnalyticsAnalyticsTrack campaign performance
MailchimpEmailSync email lists
HubSpotCRMSync contacts and campaigns
SalesforceCRMEnterprise CRM integration
SlackCommunicationTeam notifications
Microsoft TeamsCommunicationTeam collaboration
ZapierAutomationConnect 1000+ apps
Google DriveStorageStore campaign assets
DropboxStorageCloud file storage

Connecting Integration:

  1. Select integration from marketplace
  2. Click Connect
  3. Authenticate with third-party service
  4. Configure sync settings
  5. Test connection
  6. Save integration

View and manage your subscription:

Subscription management page

Subscription Details:

Current Plan: Professional
Monthly Cost: R 4,999 / month
Billing Cycle: Monthly
Next Billing Date: February 1, 2026
Plan Includes:
✅ Unlimited campaigns
✅ Up to 50,000 contacts
✅ 10 team members
✅ Advanced analytics
✅ Priority support
✅ POPIA compliance tools
✅ Government client support

Plan Actions:

  • Upgrade Plan
  • Downgrade Plan
  • Cancel Subscription
  • Update Payment Method

Manage payment methods:

Payment method management

Accepted Payment Methods:

  • Credit/Debit Card (Visa, Mastercard)
  • Bank Transfer (EFT)
  • Direct Debit

Adding Payment Method:

  1. Click Add Payment Method
  2. Select type (card, bank account)
  3. Enter payment details
  4. Verify payment method
  5. Set as default (optional)

View past invoices and payments:

Invoice history and payment records

Invoice Details:

  • Invoice number
  • Billing period
  • Amount
  • Payment status
  • Payment method
  • Download PDF
  • Email invoice

Export your organization’s data:

Data export interface

Export Options:

Data TypeFormatSize Estimate
All DataZIP (Multiple files)Large
ClientsCSV, ExcelSmall
CampaignsCSV, Excel, JSONMedium
AnalyticsCSV, ExcelMedium
ContentZIP (Files + Metadata)Large
Audit LogsCSV, JSONLarge
Team DataCSVSmall

Export Process:

  1. Select data to export
  2. Choose format
  3. Apply filters (date range, clients, etc.)
  4. Request export
  5. Receive email when ready
  6. Download from secure link (24-hour validity)

Request data deletion:

Data deletion request interface

CRITICAL - POPIA Compliance:

⚠️ IMPORTANT: Data deletion has legal and compliance implications.
Restrictions:
❌ Cannot delete audit logs (5-year minimum retention)
❌ Cannot delete government client data (permanent retention)
❌ Cannot delete data subject to active legal hold
✅ Can delete business client data (after retention period)
✅ Can delete expired campaign data (after retention period)
Before Deleting:
1. Export data for records
2. Verify retention period has passed
3. Confirm no active legal obligations
4. Get approval from compliance officer
Process:
1. Submit deletion request
2. Compliance review (3-5 days)
3. Admin approval required
4. 30-day waiting period
5. Final confirmation
6. Irreversible deletion

Configure privacy policy:

Privacy policy configuration

Privacy Policy Settings:

Privacy Policy URL: https://company.co.za/privacy
Last Updated: January 1, 2026
Display Settings:
☑ Show privacy policy link in footer
☑ Require acceptance on first login
☑ Require re-acceptance when policy updates
☑ Email notifications when policy changes
POPIA-Specific Clauses:
☑ Data processing purposes
☑ Data storage location (South Africa)
☑ Third-party data sharing
☑ Data subject rights
☑ Contact information for data queries
☑ Retention periods
☑ Security measures

Enable maintenance mode for platform updates:

Maintenance mode configuration

Maintenance Mode:

Status: Disabled
When Enabled:
- All users except admins are blocked from accessing platform
- Custom maintenance message displayed
- Scheduled campaigns continue running (optional)
- Email notifications continue (optional)
Scheduled Maintenance:
Date: February 15, 2026
Time: 02:00 - 04:00 SAST
Duration: 2 hours
Reason: Database upgrade and performance optimization
Notifications:
☑ Email all users 7 days before
☑ Email reminder 24 hours before
☑ Show in-app banner 48 hours before

Configure custom domain for campaigns:

Custom domain configuration

Custom Domain Setup:

Default Domain: campaigns.thrivesend.co.za
Custom Domain: campaigns.yourcompany.co.za
Benefits:
✅ Professional branding
✅ Better email deliverability
✅ Increased trust
✅ Custom tracking links
DNS Configuration Required:
CNAME record: campaigns.yourcompany.co.za → campaigns.thrivesend.co.za
TXT record: Verification token
SSL Certificate:
☑ Auto-provision Let's Encrypt SSL certificate

  1. Regular Reviews: Review settings quarterly
  2. Security First: Enable all available security features
  3. POPIA Compliance: Ensure all compliance settings are properly configured
  4. Team Training: Train team on compliance requirements
  5. Backup Settings: Document your configuration
  6. Test Changes: Test in staging before production changes
  7. Audit Logs: Regularly review audit logs
  8. Password Policy: Enforce strong password requirements
  9. 2FA: Require 2FA for all users
  10. Data Retention: Set appropriate retention periods

  1. Enhanced Security: Enable IP whitelisting for government work
  2. Strict 2FA: Require 2FA for CONFIDENTIAL clearance holders
  3. Audit Everything: Log all government data access
  4. Separate Environments: Consider separate environments for government work
  5. Regular Audits: Conduct monthly security audits
  6. Compliance Reviews: Quarterly compliance reviews
  7. Incident Response: Have incident response plan
  8. Access Reviews: Monthly access right reviews
  9. Training: Mandatory government compliance training
  10. Documentation: Maintain comprehensive compliance documentation

Symptom: Setting is grayed out or unchangeable

Solution:

  1. Verify you have admin permissions
  2. Check if setting is locked by compliance policy
  3. For government settings: May require compliance approval
  4. Some settings cannot be changed if in use
  5. Contact support for locked system settings

Symptom: 2FA code not accepted

Solution:

  1. Verify time on device is correct (TOTP requires accurate time)
  2. Try next code (TOTP codes change every 30 seconds)
  3. Use backup codes if available
  4. Contact admin to reset 2FA
  5. Re-scan QR code to re-sync authenticator app

Symptom: API calls failing with authentication error

Solution:

  1. Verify API key is correct (no extra spaces)
  2. Check API key hasn’t expired
  3. Verify API key has necessary permissions
  4. Check rate limits (may be throttled)
  5. Regenerate API key if compromised

Use this checklist to ensure POPIA compliance:

☑ Consent Management
☑ Double opt-in enabled
☑ Consent renewal configured
☑ Consent records stored
☑ Data Retention
☑ Retention policies configured
☑ Auto-deletion enabled
☑ Government data permanent retention
☑ Audit Logging
☑ All critical activities logged
☑ 5+ year retention
☑ Regular audit log reviews
☑ Data Subject Rights
☑ DSR workflow configured
☑ 30-day response time
☑ Identity verification enabled
☑ Security
☑ Strong password policy
☑ 2FA enabled
☑ Session timeout configured
☑ IP whitelist (for sensitive data)
☑ Privacy
☑ Privacy policy published
☑ Data residency: South Africa
☑ Third-party agreements documented
☑ Access Control
☑ Role-based access
☑ Security clearances assigned
☑ Regular access reviews

You’ve completed the user guide! Here are some next steps:

Recommended Resources:

  1. Dashboard Overview - Return to dashboard

If you need assistance with settings or compliance:


Previous: ← Team Management


Last Updated: January 26, 2026