- Audience
- Every user; especially administrators tuning org-wide defaults.
- Read first
- Org notification defaults for the policy layer.
- Companion
- Troubleshooting → Notifications.
- Outcome
- Right people alerted for the right events without notification fatigue.
Role-based access
Castlewatch roles determine which actions appear and which workflows are available. If a button or section is missing, role permissions should be checked before assuming the feature is unavailable. Organization policy thresholds can further restrict who manages members, partner requests, settings, and notification defaults.
Role hierarchy, lowest to highest privilege: Viewer → Reporter → Reviewer → Org Admin. See Organization settings → Members & roles for full capability reference.
Billing gates
Some operational areas require an active subscription before live use. This protects the workspace from partial production operation. If reporting, moderation, incident access, or organization administration appears locked, confirm the organization's billing state and plan status.
What is gated
- Submitting incidents.
- Reviewer actions (claim, verify, reject, request changes).
- Trusted partner request initiation.
- Some organization settings related to live operations.
What still works without active billing
- Organization profile and basic configuration.
- Adding mapped sites.
- Reading the knowledge base and user guide.
- Inviting members for evaluation.
Billing checkout and billing portal flows intentionally navigate away from the current page because they depend on a hosted payment or account management flow. Return to the workspace when complete.
Notifications
Notification behavior has two layers. Organization defaults define broad operating expectations. Personal alert preferences let each user control delivery per event, channel, severity threshold, quiet hours, and SMS destination when applicable.
How the layers combine
- The platform checks organization defaults to see if an event is enabled for the org at the chosen severity.
- Then the user's personal preferences filter further — channel choice, quiet hours, opt-outs.
- If both layers allow the notification, it is delivered.
This means org defaults set the maximum alerting; personal preferences refine downward. A user cannot enable a notification their organization has disabled.
Channels & severity
Use each channel for the signal it suits best. Mixing them well is the difference between useful alerting and notification fatigue.
| Channel | Best for | Avoid for |
|---|---|---|
| Routine visibility, accountability, longer-form context. | Time-critical alerts; emails are not reliably real-time. | |
| SMS | Higher-signal events where immediate awareness matters. | Routine notifications — will be ignored over time. |
| In-app | While the user is actively in the workspace. | Reaching off-duty staff. |
Severity-channel pairing (typical)
| Severity | SMS | |
|---|---|---|
| Low | Yes (digest) | No |
| Medium | Yes | No, unless after-hours role |
| High | Yes | Yes for reviewers and on-call admin |
| Critical | Yes | Yes for everyone in the chain |
- Set quiet hours carefully so urgent notifications still reach the right people.
- Always include a real SMS destination for users who opt in to SMS.
- Configure quiet hours by role, not by individual schedule, when possible.
Account settings
The account page manages profile details, sign-in posture, chat visibility, and personal notification preferences. Profile updates and alert preference changes happen on-page with visible success or error feedback.
| Setting | What it does |
|---|---|
| Display name | How the user appears in incident records, comments, and partner messages. |
| Sign-in identifier and email notification destination. | |
| Chat visibility | Whether the user is visible in internal coordination channels. |
| SMS destination | Phone number receiving SMS notifications. |
| Personal alert preferences | Per-event opt-in, channel choice, severity threshold, quiet hours. |
| Password | Sign-in credential; changes revoke active sessions. |
| MFA | Authenticator-app multi-factor authentication. |
MFA & sessions
Castlewatch supports authenticator-app multi-factor authentication. Administrators and reviewers should enable MFA where possible because their actions affect the whole workspace.
Enrollment
- From the account page, start MFA enrollment.
- Scan the displayed QR code with an authenticator app (1Password, Authy, Google Authenticator).
- Enter the current six-digit code to confirm enrollment.
- Save the recovery code somewhere your team can access without depending on the same device.
Session behavior
- Password changes revoke all active sessions — you will be signed out everywhere.
- MFA enrollment does not retroactively revoke sessions, but the next sign-in will require the code.
- Sign out manually on shared devices.
Security posture
- Use recognizable display names and current email addresses.
- Enable authenticator MFA for administrators and reviewers where possible.
- Review role assignments after staffing changes.
- Disable accounts that should no longer have operational access.
- Keep chat visibility aligned with how the team uses internal coordination.
- Maintain at least two org admins so the workspace is not single-person dependent.
Common scenarios
SMS alerts stop arriving
Check the SMS destination field, then confirm the carrier has not flagged messages. Personal-preferences quiet hours may also be suppressing them. See Troubleshooting → Notifications.
You missed an incident overnight
Adjust quiet hours, raise SMS severity threshold for your role to "high", and confirm org defaults include after-hours routing for that event type.
A new reviewer is not receiving alerts
Confirm their personal preferences are configured (org defaults alone do not opt them in to non-default channels). Confirm their role is correctly set to reviewer.
You lost your phone with the MFA app
Use the recovery code saved at enrollment. If unavailable, an org admin can disable MFA for your account so you can sign in and re-enroll. Re-enroll immediately after recovery.
Frequently asked questions
Can users opt out of all notifications?
Yes — though not recommended for active roles. Reviewers and administrators should keep at least critical-severity alerting on.
Are notifications guaranteed to deliver?
No system guarantees universal delivery. Treat notifications as best-effort and rely on workflow state (review queue, dashboard) for ground truth on urgent items.
Do partners see our notifications?
Partners are notified independently in their own workspace, subject to their own settings. Your notifications are private to your organization.
Can two users share an account?
No. Each user has their own account so authorship and notifications are traceable. Shared accounts break the audit trail.
What happens to notifications when billing lapses?
Live operational alerts may be suppressed until billing is reactivated. Administrative emails continue.