Feature
Team Management
Invite team members, define roles, and manage permissions across workspaces and projects. Built for agencies and distributed teams handling sensitive client workflows.
Member invitations
Invite team members by email. They join with the role and permissions you define.
Role-based permissions
Assign granular roles at the workspace and project level — view, edit, admin.
Revocable access
Remove a team member's access at any time. Their sessions are invalidated immediately.
Activity visibility
Workspace owners see all member activity in the audit log — who did what, and when.
Per-project permissions
Grant access to specific projects only. Keep sensitive client work isolated from the broader team.
The problem with ad hoc team access
When credentials live in Slack, everyone in the channel has them. When you email an API key to a new hire, it's in their inbox until they leave — and after. There's no revocation. No record of who was supposed to have access. No way to know who still does.
Teams grow. People change roles. Contractors come and go. Without structured access control, every transition leaves a trail of credentials that nobody's actively managing.
Roles and what they mean
doconvoy uses three workspace-level roles:
Owner — Full access to everything. Can manage team members, rotate encryption keys, and modify workspace settings. There's typically one or two owners per workspace.
Admin — Can manage most settings and team members. Can create and manage secrets, requests, and projects. Cannot modify encryption keys or billing.
Member — Can create and access secrets and requests within the projects they're assigned to. Can't manage team membership or workspace settings.
Per-project permissions
A team member's role doesn't have to be the same across every project. You can make someone an Admin on a specific client project while keeping them a Member everywhere else. This matters in practice: your junior account manager shouldn't see your largest client's credentials just because they're on your team.
Project-scoped roles let you give people exactly the access their work requires.
How inviting someone works
Team access in doconvoy is intentional. When you invite a member:
- They receive an invite and accept it
- The workspace owner finalizes the invitation, distributing encrypted access through the workspace key
This three-step process isn't bureaucracy — it's how encryption key distribution works safely. The owner's device participates in the process, so no credential is transmitted in plaintext at any point.
Revoking access
Remove a member and their access is invalidated immediately. Not after a session timeout. Immediately.
For workspaces handling sensitive client data, you can also rotate keys after a member departure — ensuring that old encrypted material stays protected even if something was previously cached or captured.
Join agencies, consultants, and remote teams who handle sensitive information securely. 3-day trial per workspace. No credit card required.
Manage Your Team