QOOM is organized around organizations. Each organization has its own users, subjects, sessions, and billing. Data is scoped to the organization and does not cross between them.
User roles
- Admin — full access. Can invite and approve users, manage billing, delete data, and change organization settings.
- Clinician — can create and process sessions, manage subjects, and view results.
- Viewer — read-only access to sessions, subjects, and results within the organization.
Inviting users
Users register themselves at the public registration page. After registering, their account is in pending status until an administrator approves it.
Administrators approve new registrations at Admin → Approvals. Rejecting a user sets their account to disabled and prevents login.
Approving a pending user
- Sign in as an administrator.
- Open the Approvals section under the admin menu.
- Review the pending user's email, name, and registration date.
- Click Approve to activate the account, or Reject to disable it.
Changing a user's role
- Open Admin → Users.
- Click on the user row.
- Update the role dropdown and save.
Security notes
- User passwords are stored as bcrypt hashes. Plaintext passwords are never stored.
- Sessions expire after 7 days of inactivity.
- Authentication, upload, and public endpoints are rate limited.
See also: Privacy & Data