Xtremepush provides full support for multi-user access and enterprise workflows such as peer review for campaign creation. Individual users of the platform should be assigned individual user login details. A range of default roles are provided to allow you to stick to the principle of least privilege when providing access to your buiness' end users of the platform. Details of the User Access Management and available roles are given in the Docs here:
Access to the App Data section where Personal Data can be seen in user profiles is restricted to certain roles. When setting up your projects and integrating, some technical staff may need access to ensure that everything is working as expected, all the necessary data is coming through etc. Privileged roles used in setup should be deactivated once they are no longer needed. In general once a project is set up most day to day activity relating to business as usual use of the platform for customer marketing etc. does not require access to user profiles. Day to day users should have appropriate roles to reflect this.
There is a special DPO role for users who need access to service data subject requests (rectification, access, deletion etc.). This supports appropriate separation of duties by allowing these users to perform their duties as outlined in the articles below without granting access to create and launch customer marketing campaigns etc.
A full audit trail of user actions taken on the platform is kept. This can be used on request in cases where user activity must be audited. You can for example check what user created a specific campaign:
The user actions audit trail can also be used to check if personal data was edited, deleted or downloaded.
The utility of the audit trail will be diminished if you share user login credentials so it is extremely important that Individual users of the platform should be assigned individual user login details.