Skip to content

Settings

!!! info "TL;DR" Configure org branding (logo, name), custom domains, notification preferences, API keys, data export, and account deletion. Only Owners can change most settings.

Accessing Settings

Navigate to Admin → Settings to configure org-wide preferences. Settings are grouped into tabs:

  1. General — Org name, logo, description
  2. Branding — Colors, fonts, custom CSS
  3. Domains — Custom subdomain or CNAME
  4. Notifications — Email digests, webhooks, Slack
  5. Integrations — GitHub, Resend, Anthropic API
  6. API Keys — Generate and manage API keys for MCP server
  7. Security — MFA enforcement, password policies
  8. Data & Privacy — Export data, delete org, GDPR compliance
  9. Audit Log — View security-relevant actions (Owner only)

General Settings

Organization Name

The public name of your organization (e.g., "Revoir Feedback"). Displayed in the header, emails, and Open Graph previews.

Upload a logo image (PNG, JPG, or SVG, max 2MB). The logo appears in:

  • Header of feedback board
  • Email notifications
  • Favicon (auto-generated from logo)

Description

A short description of your organization (max 500 characters). Used in Open Graph meta tags for social sharing.

Branding

Customize the visual appearance of your feedback board to match your brand.

Brand Colors

Color Usage Default
Primary Buttons, links, accents #3b82f6 (blue)
Secondary Badges, tags #9333ea (purple)
Accent Call-to-action buttons #f25555 (coral)
Background Page background #0a0e1a (dark)
Card Submission cards #1e2433 (card)

Colors can be entered as hex codes or selected via color picker.

Fonts

Choose fonts for headings and body text:

  • Heading Font — Default: Inter (sans-serif)
  • Body Font — Default: Inter (sans-serif)

Supported fonts include system fonts (Inter, Roboto, Open Sans) and Google Fonts (auto-loaded).

Custom CSS

For advanced customization, add custom CSS in Branding → Custom CSS. Example:

/* Customize submission card border */
.submission-card {
  border: 2px solid #9333ea;
  border-radius: 12px;
}

/* Change vote button color */
.vote-button {
  background: linear-gradient(135deg, #f25555, #ff7f50);
}

Custom CSS is loaded after default styles, so your rules take precedence.

Domains

Default Subdomain

By default, your feedback board is hosted at yourorg.canviq.app. Change your subdomain in Settings → Domains.

Subdomain rules:

  • 3-50 characters
  • Lowercase letters, numbers, and hyphens
  • Must not conflict with reserved names (e.g., admin, api, www)

Custom Domain (CNAME)

To use your own domain (e.g., feedback.yourcompany.com):

  1. Navigate to Settings → Domains → Custom Domain
  2. Enter your domain (e.g., feedback.yourcompany.com)
  3. Add the provided CNAME record to your DNS provider: 
    CNAME feedback.yourcompany.com → yourorg.canviq.app
  4. Wait for DNS propagation (5 minutes to 24 hours)
  5. Click Verify Domain

Once verified, your feedback board is accessible at your custom domain. SSL is automatically provisioned via Let's Encrypt.

Notifications

Configure email, webhook, and Slack notifications for team members and users.

Email Notifications

Control which emails are sent and how often:

Notification Default Options
New Submission Immediate Immediate, Daily Digest, Off
New Comment Immediate Immediate, Daily Digest, Off
Status Change Immediate Immediate, Off
New Vote Off Daily Digest, Off
Survey Response Immediate Immediate, Daily Digest, Off

Team members can override defaults in their profile settings.

Webhook Notifications

Send real-time webhooks to external services when events occur:

  1. Navigate to Settings → Notifications → Webhooks
  2. Click Add Webhook
  3. Enter webhook URL (e.g., https://yourapp.com/webhooks/canviq)
  4. Select events to trigger the webhook:
  5. New submission
  6. New comment
  7. Status change
  8. New vote
  9. Survey response
  10. Optionally add a secret for HMAC signature verification
  11. Click Save

Webhook payload example:

{
  "event": "submission.created",
  "timestamp": "2026-02-10T10:30:00Z",
  "data": {
    "submission_id": "123",
    "title": "Add dark mode",
    "author_id": "user-456",
    "status": "open",
    "votes": 0
  },
  "signature": "sha256=..."
}

Slack Notifications

Connect Canviq to Slack to receive notifications in a channel:

  1. Navigate to Settings → Notifications → Slack
  2. Click Connect Slack
  3. Authorize Canviq to access your Slack workspace
  4. Select a channel (e.g., #product-feedback)
  5. Choose events to notify (same as webhook options)
  6. Click Save

Slack messages include submission title, author, vote count, and a link to view in Canviq.

Integrations

Configure third-party integrations for enhanced functionality.

GitHub

Connect GitHub to push feedback to issues. See GitHub Integration for full setup guide.

Resend

Canviq uses Resend for transactional email. Configure Resend API key in Settings → Integrations → Resend to customize sender domain and branding.

Anthropic API

Canviq uses Claude AI (Haiku) for sentiment analysis. API key is pre-configured for Canviq-hosted instances. For self-hosted deployments, add your Anthropic API key in Settings → Integrations → Anthropic.

API Keys

Generate API keys for programmatic access to surveys and feedback via the MCP server.

Creating an API Key

  1. Navigate to Settings → API Keys
  2. Click Create API Key
  3. Enter a name (e.g., "MCP Agent - Customer Success Bot")
  4. Select scopes:
  5. survey:read — Read survey definitions
  6. survey:write — Create and update surveys
  7. survey:response:read — Read survey responses
  8. survey:response:write — Submit survey responses
  9. submission:read — Read feedback submissions
  10. submission:write — Create feedback submissions
  11. Click Generate

Copy the API key immediately—it is only shown once. Store it securely (e.g., in a password manager or environment variable).

Rotating API Keys

API keys should be rotated quarterly for security:

  1. Create a new API key
  2. Update your MCP agent or integration to use the new key
  3. Test the new key
  4. Revoke the old key

Revoked keys cannot be restored.

API Key Logs

View API key usage in Settings → API Keys → Usage:

API Key Last Used Requests (30d) Actions
MCP Agent 2 hours ago 1,234 View, Revoke
Internal Tool 5 days ago 56 View, Revoke

Security

Configure security policies for team accounts.

MFA Enforcement

Require multi-factor authentication for team members:

  • Owners — Always required (cannot be disabled)
  • Admins — Required by default (Owner can disable)
  • Members — Optional

Change settings in Settings → Security → MFA.

Password Policies

Set minimum password requirements:

  • Min Length — Default: 12 characters
  • Require Uppercase — Default: Yes
  • Require Number — Default: Yes
  • Require Special Character — Default: Yes
  • Prevent Reuse — Prevent reusing last 5 passwords

Session Timeout

Set idle timeout for admin sessions:

  • Default — 12 hours
  • Options — 1 hour, 4 hours, 12 hours, 24 hours, Never

Sessions expire after the idle timeout. Users must re-authenticate.

Data & Privacy

Manage data export, account deletion, and GDPR compliance.

Export All Data

Download all org data as JSON:

  1. Navigate to Settings → Data & Privacy → Export Data
  2. Click Request Export
  3. Canviq generates a JSON file with all submissions, comments, votes, surveys, and responses
  4. Download link is sent via email (expires in 7 days)

Export includes:

  • All submissions (title, description, votes, comments, status history)
  • All surveys (questions, responses, sentiment analysis)
  • All team members (names, emails, roles)
  • All settings (branding, integrations, API keys)

Delete Organization

Permanently delete your organization and all data:

  1. Navigate to Settings → Data & Privacy → Delete Organization
  2. Enter your password to confirm
  3. Click Delete Organization

Deletion is immediate and irreversible. All data is permanently removed:

  • Submissions, comments, votes
  • Surveys and responses
  • Team accounts (Canviq accounts are preserved, but team access is revoked)
  • API keys
  • Audit logs

A final data export is emailed to the Owner before deletion.

GDPR Compliance

Canviq is GDPR-compliant (see ADR-0014). Key features:

  • Cookie Consent — Banner on first visit (all locales)
  • Privacy Policy/[locale]/privacy page
  • Data Export — Users can download their data
  • Account Deletion — 30-day grace period, content anonymized
  • Unsubscribe — One-click unsubscribe in all emails

Configure GDPR settings in Settings → Data & Privacy → GDPR.

Audit Log (Owner Only)

View security-relevant actions in Settings → Audit Log. Logs include:

  • Team Changes — Invitations, role changes, removals
  • Settings Changes — Org name, branding, API keys
  • Authentication Events — Logins, MFA setup, password resets
  • Data Access — Who viewed sensitive data (emails, responses)

Logs are append-only and retained for 2 years for SOC 2 compliance.

What's Next