Security Settings
Company SettingsWhere to Configure
Security settings are managed under Company >
PII & Security in the sidebar. Only the company owner
can modify most security settings.
PII Access Control
When PII restriction is enabled, sensitive fields (phone
numbers) are masked for all users except those explicitly
granted access. Access is managed by selecting specific user
emails that are allowed to view caller numbers.
When PII restriction is active, TrackDrive support staff
cannot impersonate users who have PII access.
See the dedicated "PII Redaction" article (https://trackdrive.com/features/pii_redaction) for the full
auto-redaction system that permanently removes aged data.
API Security
- Restrict API Access by IP Address?: when enabled, API requests using access tokens must come from one of the whitelisted IP addresses.
- Whitelisted IP Addresses: the list of allowed IP addresses; multiple IPs can be pasted at once, one per line.
- Require Authorization for Lead Creation?: when enabled, API requests that create leads must include a valid authorization token.
Support Access
Two toggles control what TrackDrive support staff can do:
- Allow Support to Become Team Members: lets
support staff access the account as a standard user.
- Allow Support to Become Superuser's: let's support
staff access the account with full permissions.
Only the company owner can change these settings.
Two-Factor Authentication
2FA is a per-user setting, not a company-wide toggle. It is
auto-enforced in specific situations: when a user creates
their first Offer, or when a team grants sensitive
permissions (buying DIDs or updating buyers). There is no
company-wide 2FA enforcement switch.
Session Timeout
There is no per-company session timeout setting. Sessions
are managed at the application level via encrypted cookies.
