Team, access, and security
Manage team members, account security, MFA, data retention, and admin workflows.
Updated July 2, 2026
CafeTally separates owner dashboard work from storefront workflows. Owners and managers should have dashboard access only when they need to manage configuration, integrations, finance, products, or team settings.
Team access
Use Dashboard > Team to manage staff who need authenticated access.
Invite people with the minimum access they need for their work.
For simple stock counts, prefer shared storefront form access or QR links when a staff account is not necessary.
Account security
Use email verification before relying on an account for store operations. Use MFA for sensitive areas such as finance when available. Review active team membership when employees leave or roles change.
Store access
Store-level access protects dashboard routes for products, finance, expenses, rulebooks, and chat. If a user cannot open a store page, confirm their team membership and store access before changing the store slug. Superadmin views are for internal administration and should not be used as a replacement for customer team permissions.
Data retention
CafeTally includes public data retention and disposal information at /data-retention-disposal.
Use that page when a customer asks how retained data is handled.
Account deletion workflows should remove or anonymize user-owned data according to the product policy.
Operational review
Review team access after adding new locations, connecting finance data, or enabling automation. Security work should be part of operational setup, not a cleanup task after sensitive workflows are already live.