Admin settings

Hartwell & Co · 8 sensitive actions require step-up MFA

Step-up MFA and audit logging are mandatory

Sensitive settings changes are routed through MFA prompts and emit audit events before they can be applied.

8 guarded actions

Workspace branding

Client-facing firm identity used on booking, email, consent, and waiting room.

Configured
Firm name
Hartwell & Co Accountants
Sender
Hartwell Sessions
Support email
[email protected]

Retention preset

Default artifact retention policy for recordings, transcripts, recaps, and audit packs.

UK default visible
Preset
UK default: 7 years after session closeUK accounting records default must stay visible.
Legal hold override
Active holds can block deletion

Notification channels

Email and WhatsApp send configuration, with allowance visibility.

Ready
Email domain
updates.sessions.im · verified
WhatsApp sender
Hartwell Sessions · connected
WhatsApp allowance
412 / 50088 WhatsApp notifications remain this month.

API keys

Masked API keys for public API and widget access. Reveal, rotate, and revoke require MFA.

2 active
Website widget
sim_live_****_9f3aLast used 09 Jul 2026
Demo sandbox
sim_test_****_42abNever used

API key controls

Keys are always masked here. Reveal, rotate, revoke, and creation are sensitive actions.

Sensitive action audit routing

The core settings model rejects sensitive actions without both MFA and an audit event.

Edit brandingsettings.workspace_branding.edit-brandingStep-up MFA required
Change presetsettings.retention.change-retentionStep-up MFA required
Open holdsettings.legal_holds.open-legal-holdStep-up MFA required
Edit channelssettings.notification_channels.edit-notification-channelsStep-up MFA required
Create keysettings.api_keys.create-api-keyStep-up MFA required
Rotate keysettings.api_keys.rotate-api-keyStep-up MFA required
Invite membersettings.team_roles.invite-team-memberStep-up MFA required
Change rolesettings.team_roles.change-team-roleStep-up MFA required