Brandfine Docs
Concepts

Brandfine staff sessions

How — and how briefly — Brandfine staff can access your workspace, and how you stay in control.

When Brandfine staff need to help inside your workspace — onboarding, debugging a stuck webhook, configuring a tricky integration — they don't get a permanent account on your team. Instead, they start a time-bound staff session that you can see and revoke at any time.

How a session starts

A Brandfine staff member clicks "Access team" on your team's page in the admin portal. They pick how long the session should run (15 min, 1h, 4h, or 24h), and a row is written to your team's audit log immediately. They land in your CMS with a bright banner across the top:

🛡 Acting as Brandfine admin in Your Team · ends in 47:12 · [End now]

The banner stays visible the whole time the session is active. The staff member can extend the session by 1 hour at a time from inside the CMS, but no session can ever exceed 24 hours total — after that they must start a new one, which creates a new audit row.

What staff can do during a session

Everything an OWNER on your team can do. They edit content, run publishes, fix integrations. Two important guarantees:

  • Every edit is attributed to the staff member, not to your account. Posts, navigations, and settings always record the real actor — there's no impersonation muddling.
  • They cannot start sessions in other teams from yours. Each session is scoped to one team, and the URL alone doesn't carry access. If staff tries to navigate to a team they don't have an active session for, they're rejected.

Where to see staff sessions

In your CMS → Settings → Brandfine staff sessions. The table lists every session — active, expired, manually ended, or revoked — with timestamps, duration, and how many times each was extended.

Anyone on your team can view this. Only OWNERs can revoke an active session.

Revoking a session

Click Revoke on any active row. The session ends immediately: the next action the staff member tries returns an "access denied" error, and their CMS view drops into a blocking "session ended" modal. They have to come back to the admin portal to start a new session — which would again be visible to you.

Revoking is a clean signal of "we're done with this" — staff can't silently rejoin the same session, and the audit trail records exactly who revoked it and when.

What we don't do

  • No silent access. Every entry into your workspace creates an audit row. The banner is impossible to miss.
  • No permanent staff membership. We never insert ourselves into your Team Members list. If you ever see a Brandfine email address there, that's not how we operate — please tell us.
  • No reading customer data without a session. The same access checks gate every API call. There's no "support backdoor."

Questions worth asking us

If a session shows up that you weren't expecting, or if the reason on an old session looks off, ping hello@brandfine.co — sessions are auditable and we're happy to walk through any of them with you.

Routing Rules

Fire actions — email, webhook, Zapier hook — when a contact-form submission matches conditions you define.

Static sites

How to use the Brandfine SDK from a site with no server runtime (Astro static export, Hugo, plain HTML, WordPress).

On this page

How a session startsWhat staff can do during a sessionWhere to see staff sessionsRevoking a sessionWhat we don't doQuestions worth asking us