Skip to main content
DMLY’s account security rests on three things: each person’s own password and two-factor authentication, the role you give them in the workspace, and the fact that the most destructive actions are restricted to the workspace owner. There is no separate security dashboard beyond that — this page is an honest account of what exists.

Turn on two-factor authentication

Two-factor authentication lives on each person’s own profile, not in workspace settings. It is per user: you turn it on for your own login, and each team member turns it on for theirs.
1

Open your profile

Open Edit profile from your account menu.
2

Set up two-factor authentication

Find the Two-factor authentication section and follow the setup there.
The same page is where you change your password, your name and email, your language and timezone, and where you can delete your own account. See Your profile.
Two-factor authentication starts switched off — you have to enable it yourself. Until you do, the section shows a red Disabled badge and an Enable button.
DMLY has no workspace-wide setting that forces every member to use two-factor authentication, and no admin can turn it on for someone else. If you want it across your team, ask each person to switch it on and check with them.

Control who can do what

The strongest lever you have is roles. Everyone who logs in has a base role of Admin, Member, or Viewer, and you can build custom roles that grant an exact set of permissions. Two boundaries are worth knowing:
  • Workspace Settings is admin-only. Members and Viewers cannot reach Settings, Team Members, Billing, or Receipts at all — not by clicking, and not by typing the URL.
  • Security is owner-only. Only the workspace owner sees the Security page.
Permissions are enforced on the server, not just hidden in the sidebar, so a member who knows a URL still can’t use a feature they lack permission for.

Team members

Invite people, set their base role, and remove access when someone leaves.

Roles and permissions

Build a custom role with exactly the permissions you want to grant.
Removing someone’s access is a team-members task, not a security-page task. When a person leaves, remove them from Team Members — that is what cuts off their access to the workspace.

The Security page

Workspace Settings → Security contains one thing: deleting the workspace. It is visible only to the workspace owner.
Deleting this workspace will delete all data. Deletion is permanent, and any active subscription is cancelled immediately. You have to type the workspace name to confirm. There is no undo and no export step built into the flow — take what you need out first. See Exporting reports and Contact data and privacy.
If what you actually want is to stop paying, cancel the subscription instead — that is reversible and leaves your data alone. See Cancelling.

What DMLY does not have

Saying this plainly is more useful than implying protection that isn’t there:
  • No session management. You cannot see which devices are signed in, and you cannot sign another device out remotely. Changing a password is your blunt instrument.
  • No audit log. There is no record you can browse of who changed what, when.
  • No IP allowlist and no login-location restrictions.
  • No ownership transfer. A workspace owner cannot hand the workspace to someone else from workspace settings.
A workspace API key is a credential — treat it like a password and never paste it into a chat or a public page. Keys are minted from Integrations, not from the Security page. See API authentication.