Run the team,
not just the chats.
Twenty-plus admin, security and governance features that turn Other Me from "an Ai assistant each person uses" into an Ai platform you can hand to IT, legal, finance and a regulator without flinching. This is the full reference — Small Medium Teams tier and Enterprise, grouped by what they do.
Team admin — control the whole team from one screen
Nine admin capabilities that make Small Medium Teams tier actually a business tier — not just a more-expensive Pro plan.
Admin dashboard
Real-time view of messages sent, tokens consumed, most-used assistants, and per-member activity. Surface the spike before the CFO asks about the bill.
Data model: TeamUsageSnapshot · daily snapshots via snapshot_team_usage cron.
Cost allocation
Spend aggregated by team, role and integration. When finance asks "who is the Ai spend going to?", you have an answer with numbers attached.
Available at: /api/team/analytics/
Team prompt library
Save prompts that work — contract review, weekly recap, meeting-notes summary — and let every team member invoke them by slug. Owner + admins edit; members use.
Data model: TeamPromptTemplate · 2 API endpoints.
Scheduled reports
Four report types delivered to the owner or role inbox: usage summary, top prompts, token spend, compliance snapshot. Daily, weekly or monthly.
Data model: TeamScheduledReport · send_scheduled_reports cron.
Document templates
Jinja-sandboxed templates for contracts, proposals and reports. Render to Markdown, HTML or .docx with team-managed variables. Safe by design — no arbitrary code execution.
Data model: DocumentTemplate · Jinja sandbox renderer.
Assistant branding
Upload your logo, set your brand colour. The assistant UI your team sees matches your company identity — useful if you expose it to customers or prospects through embeds.
Fields: UserAssistant.brand_color / brand_logo.
Bulk user import (CSV)
Onboard up to 500 team members from one CSV. Capped at 256KB and 500 rows to stop runaway mistakes. Role, team assignment and assistant-access set in the same upload.
Endpoint: /api/team/bulk-invite/.
Contract intelligence
Upload a contract, get the key clauses surfaced with risks highlighted — indemnity, termination, IP assignment, data-protection addendum. Pairs naturally with the DocuSign integration.
Available on: uploaded files + contract prompt mode.
Workspace knowledge ingestion
Ingest team documents into a shared, SCRS-scoped workspace so every member's assistant answers from the same source of truth. PII redacted on the way through.
Built on: existing SCRS team-scope · RAG over the team's collection.
Workspace — the space your team actually shares
8 users included, up to 50
£99/mo covers eight seats. Extra seats £15/mo each, up to 50 total. At 50+ you're ready for Enterprise.
10 GB per user, encrypted
Per-member encrypted document vault. Cloudinary-backed with signed 10-min URLs for previews. Keys rotate per-org on Enterprise.
Team prompt library
Save your team's best prompts, approve them, and share them so everyone uses the same wording for contract reviews, outbound notes or client updates. Consistency without the copy-paste chase.
Team chat rooms
Shared assistant spaces for specific projects, clients or departments. Each room has its own history, memory and scoped knowledge.
Per-matter / per-project scope
For regulated practices (law firms, accountancy). Restrict assistant access on a per-matter basis; only authorised team members can query a given case.
All 11 integrations
Everything on Family (HubSpot, Zoho CRM, Zoho Books, Calendly, Google Workspace, Zoom) plus Pipedrive, Odoo, DocuSign and Xero. See all →
Security & audit — the table stakes, done right
SCRS Data Firewall
Every message runs through SCRS on the way to the model — PII detected, pseudonymised, rehydrated only in your staff's browser. Patent-pending.
Audit trail (90-day retention)
Every prompt, response, file upload, integration call logged with user, timestamp and redacted payload. Exportable when regulators or insurers ask.
Team-wide policy enforcement
Admins set rules about what data can and cannot be sent to Ai models. Policies apply across the entire team automatically.
Instant offboarding
Deactivate a team member and their OAuth tokens are revoked, integration data vault locked, SCRS keys rotated — all in the same transaction, with audit evidence written.
UK data residency
All data stored and processed in UK infrastructure by default. GDPR-compliant lawful basis on every conversation.
No training on your data
Your conversations, files and integration data are never used to train any model — ours or the underlying providers'.
Governance — when the board starts asking questions
Six controls that turn Ai from "interesting internal tool" into something your legal and security teams can sign off on.
DLP rules — block / redact / warn
Regex-based patterns evaluated on every outbound message. Three enforcement modes:
- Block: reject the message entirely. No Ai call made. User sees your configured error.
- Redact: replace the match with [REDACTED] before the model sees it.
- Warn: let the message through, log a warning entry to audit.
Data model: TeamDLPRule · enforced in the chat consumer pre-LLM.
Approval workflows Professional+
Route sensitive prompts to an admin queue for sign-off before they reach the model. Message snapshotted at approval time; admins approve, reject or let expire after N days.
Data model: PendingApproval · cross-tenant isolation enforced · expire_pending_approvals cron.
SIEM audit export
Stream SCRS audit events to Splunk, Datadog, Sumo Logic or a generic HTTPS sink in CloudEvents v1.0 JSON. Cursor-based pagination guarantees exactly-once delivery; batched hourly or on demand.
Data model: SIEMExportConfig · export_audit_to_siem runs every 5 min.
Retention policies per collection Professional+
Per-collection retention windows on SCRS data — chats, files, audit events. Enforced by a daily cleanup job. Configure by regulator, insurer or client contract. Up to 7 years.
Field: SCRSDataCollection.retention_days · scrs_retention_cleanup cron.
Bring-your-own-keys (BYOK) Professional+
Supply your own OpenAI, Anthropic, Google or Groq API keys. Encrypted at rest with AES-256-GCM per org. Your model contracts, your rate limits, your bill.
Data model: LLMProviderConfig · key derivation per organisation.
Webhook endpoints & entitlement tokens
HTTPS-only, HMAC-SHA256 signed payloads on configurable event types (PII detected, audit events, compliance alerts). Entitlement tokens for short-lived cross-tenant SCRS access with audit.
Data models: WebhookEndpoint, EntitlementToken (P5).
Access & identity — granular, auditable, IT-approved
RBAC — five roles
Owner · Admin · Developer · Viewer · Billing. Permission inheritance from owner downward; scope enforced per role on every API call.
Data model: OrganizationMember.role
Two-factor authentication
TOTP-based 2FA with backup codes. Session-level verification on sensitive admin actions (decorator: @enterprise_2fa_verified).
Data model: TwoFactorAuth
IP allowlisting
Restrict API key usage to specific IP addresses or CIDR ranges. Validated at key creation; enforced on every authenticated request.
Field: EnterpriseAPIKey.ip_whitelist
API keys with scoped permissions
Hashed SHA-256 (no raw key storage). Per-minute and per-day rate limits. Read / write / admin scopes with wildcard matching. Configurable expiry.
Data model: EnterpriseAPIKey
Team invitations with expiry
Invite by email with token-based activation, 7-day expiry default. Full invitation lifecycle tracked for audit evidence.
Data model: EnterpriseInvite
SSO (on the roadmap)
SAML and OIDC on the 2026 roadmap — email invites with 2FA-on-every-login cover most enterprise requirements today.
Compliance — frameworks your auditor recognises
GDPR
UK / EU data protection. All tiers.
SOC 2 Type II
Professional+ tier.
ISO 27001
Professional+ tier.
HIPAA
Professional+ tier.
PCI DSS
Enterprise Custom.
CCPA
Enterprise Custom.
Audit evidence packs
Generated on demand. Enterprise Custom.
Alert rules
Configurable per framework.
API & extensibility — build on top
REST API
Programmatic SCRS access with Read / Write / Admin scopes. Full OpenAPI spec; Python, JS and Go SDKs.
Webhooks
HMAC-SHA256 signed, retry logic, failure tracking. Event-type subscriptions configurable per endpoint.
SCRS pipeline builder Professional+
Visual builder for configuring SCRS processing pipelines with custom PII patterns and redaction rules.
Custom integrations
Enterprise Custom tier. Built against your internal APIs with SCRS governance and audit from day one.
Who uses these controls in practice
Law firms
Per-matter scope, DLP on client data, 7-year audit retention, offboarding with key revocation.
Accountancy practices
Read-only accounting integrations, scheduled reports to exec, audit trail matched to ICAEW / ACCA retention.
Healthcare
HIPAA, SCRS PII redaction before any model call, configurable retention, DLP on PHI patterns.
Sales teams
Team prompt library for proposals, admin dashboard for rep coaching, DLP on commercial terms.
Legal ops
Approval workflows for sensitive prompts, contract intelligence, evidence-grade audit trail.
Finance teams
Scheduled reports to the CFO, cost allocation across teams, SIEM export to your SOC.
Ready to hand this to your security team?
7-day Business trial. Full admin dashboard, all team features, integration connections included. No credit card required.