User Settings¶

URL: /dashboard/user/settings — single-scroll page anchored by a sticky scroll-spy sidebar Workspace settings: Anything affecting your team or workspace lives under Team Settings; this page covers your individual account.

Manage your profile, security posture, sessions, appearance, and notification preferences in one scrolling page. The left sidebar pins five sections (plus a Danger anchor for account deletion); the right column is the actual form fields.

Section 1 — Profile¶

The personal-identity section. Avatar, name, contact, and time zone.

Avatar¶

Upload — JPG, PNG, or GIF up to 2 MB. The page shows a live preview before save.
Remove — drops the avatar back to the auto-generated initials placeholder.
Transparent images — the avatar slot uses a transparency-safe circular crop, so PNG avatars with transparency render correctly without a checker pattern.

Name and email¶

Name — your display name across the platform.
Email — your account email. Changing it triggers a re-verification message to the new address; the old address remains active until you confirm.

Phone (international)¶

The phone input is intl-tel-input powered. Pick your country from the dropdown; the input formats to that country's local convention, but the value stored on your account is the full E.164 (+1 555 123 4567) form. This means SMS notifications and 2FA work regardless of which country you're calling from when you log in.

Time zone¶

Time zone lives on the Profile section (not Preferences). Changing it affects scheduled reports, notification timing, and how dates render across the dashboard.

Section 2 — Security¶

Password, two-factor authentication, and active sessions.

Password change¶

Standard current-password / new-password / confirm-new-password flow. The password is hashed (bcrypt) and never visible after save; the only way to change it again is to enter the current password.

Two-factor authentication¶

Vellocity uses TOTP-based 2FA via the Google2FA library. When enabled:

The page shows a QR code you scan with an authenticator app (Google Authenticator, 1Password, Authy, etc.).
After scanning, enter a 6-digit code from the app to confirm setup.
Save the recovery codes that appear once — they're shown a single time and let you regain access if you lose your authenticator.

Once enabled, every login asks for a current TOTP code after password verification.

Active sessions¶

A live list of every device with an active session on your account. For each session:

Device / browser / OS detected from the user agent
Approximate location from IP geolocation
Last activity timestamp
A revoke button to terminate that specific session

The current session is flagged so you don't accidentally revoke the one you're using. With more than five sessions, the list collapses and a "Show N more sessions" link expands it. There's also a "Revoke all other sessions" button in the section header that nukes everything except the current session — useful after a suspected compromise.

Stale sessions are pruned automatically; the list reflects what's currently active.

Section 3 — Appearance¶

Theme and visual preferences.

Theme — Light / Dark / System (follows the OS). The choice persists across devices via the user record.
Color and density options surface as they ship.

Section 4 — Preferences¶

Notification preferences and account-level toggles.

Notification channels¶

Per-channel toggles for the categories of notification Vellocity sends. The categories include:

Security alerts — login from new device, password changed, 2FA changes (always on; cannot be silenced)
Payment confirmations — receipts and billing actions (always on)
Marketplace updates — listing changes, review activity, new offers
Partner emails — co-sell invitations, joint-campaign updates
Product news — releases and announcements

Setting a category to "Security alerts only" suppresses everything except the security and payment categories — useful when you want a reduced-volume mailbox without missing critical account actions.

Other preferences¶

Display language
Email digest cadence (immediate / daily / weekly)
Default landing page after login

Section 5 — Danger¶

Account deletion. Treat this section as a one-way door — once a deletion is confirmed, the account is queued for irrecoverable removal of personal data.

Confirms by typing your email
Requires password re-entry
Triggers a 7-day grace window before final deletion (you'll receive an email confirming the deletion was scheduled and how to cancel it)

Workspace data your account owns (companies, listings, agents, generated content) is reassigned to the workspace owner before personal data is purged.

Save behavior¶

Each section saves independently. The save button on Profile only saves Profile fields; the save button on Security only changes the password; the Active Sessions card revokes per-session inline.

After a save:

The save button shows a brief "Saved ✓" confirmation
Validation errors render inline next to the offending field with a red border
The Avatar preview clears once the upload completes successfully

A subtle "unsaved changes" indicator appears in the sidebar when you've edited fields in a section but haven't clicked save — useful when you scroll away mid-edit.

Team Settings vs. User Settings¶

User Settings (this page) is your personal account. Team Settings is the shared workspace — billing, integrations, team members, partner-API keys, brand-voice context. They live at different URLs and have separate permission models.

Concern	Where to manage it
Your name, password, sessions	User Settings (this page)
Your phone, time zone, language	User Settings
Your notification preferences	User Settings
Team billing and plan	Team Settings → Billing
Cloud Connector setup (AWS, Azure, GCP)	Cloud Connectors
Brand voice and company profile	Team Settings → Brand Voice
Partner API keys	Team Settings → API Keys (also see Partner API Authentication)
Inviting team members	Team Settings → Members

If you can't find a setting, it's almost always because it lives in Team Settings rather than here.