Account & troubleshooting

Your account and your customers' data, kept safe

Vera.Support protects sign-ins, conversations and uploaded files without you configuring anything. This page explains what is already working and the few things that are in your hands.

Read this when you want to know how your customer data is handled, when someone on your team is locked out, or when a customer asks you to erase their information.

Step by step

1

Wait out a sign-in lock

Ten failed sign-in attempts within an hour lock that IP address out for one hour. The message shown is "Too many login attempts. Please retry again in a few hours." There is nothing to reset; wait, then sign in again with the correct details.

2

Turn off directory listing on your server

Uploaded files are renamed with a random alphanumeric prefix, so nobody can guess their web address. That protection only holds if directory listing is switched off on your server, so your folders cannot be browsed.

3

Change a password to end active sessions

Changing an admin's or an agent's password or details signs out all of their active sessions. This happens when sensitive operations run, or within one hour.

4

Delete a user to erase their data

Deleting a user permanently deletes their conversations, messages and attachments, including files held in cloud storage. There is no way back, so use it when you mean it.

5

Ask visitors to accept your privacy policy

The privacy message enforces acceptance of your privacy policy before a visitor writes to you. It has its own guide in this help centre.

Settings reference

SettingWhat it does
Privacy message Requires visitors to accept your privacy policy before they can send a message.

Good to know

The lockout message overstates the wait

The text says to retry in a few hours, but the lock lifts after one hour. It applies to the IP address, so everyone on that connection is affected.

Sessions may take up to an hour to close

After a password or profile change, existing sessions end when a sensitive operation runs, or within one hour at the latest. It is not always instant.

Deleting a user reaches cloud storage too

Attachments stored in cloud storage go with the user, not only the records in the panel. Download anything you need to keep before you delete.

Encryption and request checks are built in

Sensitive data such as active session login data is protected with AES-256. Sensitive user input is sanitised against XSS, and every request is validated against the login cookie and the client-side login string to block CSRF.

Audited by outside experts

Security is reviewed periodically by security experts. You do not need to arrange or configure anything for this.

Common questions

I am locked out and see "Too many login attempts". What do I do?
That is brute-force protection. Ten failed sign-in attempts within an hour lock the IP address for one hour. Wait for the hour to pass and sign in again with the correct password.
Can someone find the files my customers upload?
Uploads are renamed with a random alphanumeric prefix, so the addresses cannot be guessed. Make sure directory listing is disabled on your server, otherwise the folder contents could be browsed.
What exactly happens when I delete a user?
Their conversations, messages and attachments are permanently deleted, including any files in cloud storage. Save anything you need first.
If I change an agent's password, are they signed out everywhere?
Yes. Changing an admin's or agent's password or details terminates all active sessions, either when a sensitive operation runs or within one hour.
Is my data encrypted?
Sensitive data such as active session login data is protected with AES-256 encryption.
Does anyone independent check your security?
Yes. Security is audited periodically by security experts.

Ready to end the chaos?

Unify your messages, automate the repetitive questions, and turn conversations into revenue — starting today.

Get Started
Plans from $7/month · Cancel anytime