Skip to content
Convertly Docs

Sessions and Access Control

Session duration

Convertly CRM sessions are managed via a secure HTTP-only cookie set on login.

  • Sessions are valid for 14 days by default
  • Closing the browser does not end the session
  • Clicking Log Out from the user menu invalidates the session cookie immediately

Logging out

Click your name in the top-right corner → Log Out.

You are immediately redirected to /login and the session cookie is cleared.

If you believe your account may be compromised, log out from all devices by changing your password — this invalidates all active sessions.

Security best practices

  • Use a strong, unique password — at least 12 characters with a mix of letters, numbers, and symbols
  • Do not share your login credentials — invite team members as separate users instead
  • Log out on shared devices — session cookies persist until logout or expiry
  • Review your team members regularly — remove users who no longer need access from Settings → Team

Access removal

If an Admin removes a user from Settings → Team, that user’s session is invalidated immediately. They cannot log in again without a new invitation from an Admin.

Lead assignments and historical activity for removed users are preserved in the system.