Profile Settings¶
Last reviewed: 2026-04-01 · Nnamdi
Status: Complete
Route: /settings/profile
1. What is it?¶
Profile Settings is the personal account management page for the logged-in user. It shows account information (name, email, user ID, role), provides password management and two-factor authentication options (Authenticator App and Passkeys), a data privacy export feature (NDPR compliance), and a "Danger Zone" for permanent account deletion.
2. How does it work in Finora?¶
2.1 Account Information¶
| Field | Value (test user) |
|---|---|
| Full Name | Deejay Namo |
| Email Address | deejaynamo@yahoo.com |
| User ID | VDDrQJ9OVLYMExybJf5ZsczStLP2 |
| Role | User |
2.2 Security¶
- Password — masked (••••••••); Change Password button
- Two-Factor Authentication:
- Authenticator App — "Use an app like Google Authenticator or Authy"; Enable 2FA button
- Passkeys — "Use your device's biometrics or security key"; Add Passkey button
- Status: "No passkeys configured."
2.3 Data Privacy (NDPR)¶
- Export My Data — "Download a complete copy of all your personal data (NDPR Article 26)"
- Export Data button — can be used once per month
- Note: "Under the Nigeria Data Protection Regulation (NDPR), you have the right to access all personal data we hold about you."
2.4 Danger Zone¶
- Delete My Account — "Permanently delete your account and all data"
- "This action cannot be undone! Deleting your account will permanently remove all your data after a 7-day grace period. You will receive email notifications and can cancel anytime during this period."
3. Business rules & constraints¶
| Rule | Detail |
|---|---|
| Email cannot be changed from this page | Contact support to change the login email |
| 2FA is optional but recommended | Supports Authenticator App (TOTP) and Passkeys (biometric/security key) |
| Data export once per month | NDPR compliance; generates a full data dump |
| Account deletion has 7-day grace period | User receives email notifications and can cancel during this period |
| Role is read-only | Roles are assigned by the business owner, not self-selectable |
4. Nigerian regulatory context¶
NDPR (Nigeria Data Protection Regulation)¶
- Article 26 grants individuals the right to access all personal data held by a data controller
- Finora provides a self-service data export to comply with this requirement
- The Data Protection Officer can be reached at dpo@finorabusiness.com
5. Common customer questions¶
Q: "How do I change my email address?"
Email cannot be changed from Profile Settings. Escalate to Tier 2 for email change requests.
Q: "I want to enable 2FA. Which method should I use?"
Authenticator App (Google Authenticator/Authy) is the most common. Passkeys use your device's biometrics (Face ID, fingerprint) and are more convenient but require a compatible device.
Q: "I accidentally clicked Delete My Account. Can I undo it?"
Yes — there is a 7-day grace period. You will receive email notifications with a link to cancel the deletion. If the 7 days have passed, escalate to Tier 3 immediately.
6. Known edge cases¶
Role shows "User" for the owner¶
The test business owner (Deejay Namo) shows Role: "User" rather than "Owner." The owner role is visible in the Team Members page but the Profile page shows the platform-level role.
7. Escalation trigger¶
Escalate to Tier 3 (Founder) if: - Account deletion completed but user wants to recover data after grace period - 2FA lockout — user cannot access their account
Escalate to Tier 2 (Support Lead) if: - User needs to change their email address - User needs to change their display name - Data export fails or produces an incomplete file
8. Last reviewed¶
2026-04-01 — Nnamdi. Verified against production. Profile Settings for Deejay Namo / deejaynamo@yahoo.com. Account Information: Full Name, Email, User ID, Role (User). Security: Change Password, Enable 2FA (Authenticator App), Add Passkey (no passkeys configured). Data Privacy: Export Data (NDPR Article 26, once per month). Danger Zone: Delete My Account (7-day grace period).