Your account and your customers' data, kept safe
Vera.Support protects sign-ins, conversations and uploaded files without you configuring anything. This page explains what is already working and the few things that are in your hands.
Read this when you want to know how your customer data is handled, when someone on your team is locked out, or when a customer asks you to erase their information.
Step by step
Wait out a sign-in lock
Ten failed sign-in attempts within an hour lock that IP address out for one hour. The message shown is "Too many login attempts. Please retry again in a few hours." There is nothing to reset; wait, then sign in again with the correct details.
Turn off directory listing on your server
Uploaded files are renamed with a random alphanumeric prefix, so nobody can guess their web address. That protection only holds if directory listing is switched off on your server, so your folders cannot be browsed.
Change a password to end active sessions
Changing an admin's or an agent's password or details signs out all of their active sessions. This happens when sensitive operations run, or within one hour.
Delete a user to erase their data
Deleting a user permanently deletes their conversations, messages and attachments, including files held in cloud storage. There is no way back, so use it when you mean it.
Ask visitors to accept your privacy policy
The privacy message enforces acceptance of your privacy policy before a visitor writes to you. It has its own guide in this help centre.
Settings reference
| Setting | What it does |
|---|---|
| Privacy message | Requires visitors to accept your privacy policy before they can send a message. |
Good to know
The lockout message overstates the wait
The text says to retry in a few hours, but the lock lifts after one hour. It applies to the IP address, so everyone on that connection is affected.
Sessions may take up to an hour to close
After a password or profile change, existing sessions end when a sensitive operation runs, or within one hour at the latest. It is not always instant.
Deleting a user reaches cloud storage too
Attachments stored in cloud storage go with the user, not only the records in the panel. Download anything you need to keep before you delete.
Encryption and request checks are built in
Sensitive data such as active session login data is protected with AES-256. Sensitive user input is sanitised against XSS, and every request is validated against the login cookie and the client-side login string to block CSRF.
Audited by outside experts
Security is reviewed periodically by security experts. You do not need to arrange or configure anything for this.
Common questions
I am locked out and see "Too many login attempts". What do I do?
Can someone find the files my customers upload?
What exactly happens when I delete a user?
If I change an agent's password, are they signed out everywhere?
Is my data encrypted?
Does anyone independent check your security?
Ready to end the chaos?
Unify your messages, automate the repetitive questions, and turn conversations into revenue — starting today.
Get Started