Account Settings
Manage your profile from Dashboard → Settings:
- Name — Display name shown in the dashboard
- Email — Login email (used for notifications)
- Password — Change your password (minimum 8 characters)
- Timezone — Affects log timestamps and scheduled tasks
Changing your email
- Go to Settings → Profile
- Enter your new email address
- Verify with your current password
- Check your new email for a confirmation link
Changing your password
- Go to Settings → Security
- Enter your current password
- Enter and confirm your new password
- All other sessions will be invalidated
API Keys
Generate API keys for programmatic access to the Hostwares API.
Creating a key
- Go to Dashboard → Settings → API Keys
- Click Create Key
- Enter a descriptive name (e.g., "CI/CD Pipeline", "Monitoring Script")
- Copy the key immediately — it won't be shown again
Key management
- View keys: See all active keys with creation date and last used
- Revoke: Instantly disable a key (irreversible)
- Rotate: Create a new key, update your systems, then revoke the old one
Best practices
- Use separate keys for each integration (CI/CD, monitoring, scripts)
- Rotate keys every 90 days
- Never commit keys to source control
- Use environment variables for key storage
- Revoke unused keys immediately
Security
Password requirements
- Minimum 8 characters
- Recommended: mix of letters, numbers, and symbols
- Never reuse passwords across services
Session security
- Sessions expire after 30 days of inactivity
- Sessions are invalidated on password change
- Secure, HTTP-only cookies prevent XSS attacks
- SameSite attribute prevents CSRF attacks
Account protection
- Encrypted credentials in database (bcrypt hashing)
- Rate-limited login attempts (5 per minute)
- Suspicious activity notifications
- Admin audit trail for all actions
Notifications
Configure what notifications you receive from Settings → Notifications:
| Event | Default | Description |
|---|---|---|
| Deployment failed | On | When a build or deploy fails |
| Deployment success | Off | When a deploy completes |
| SSL expiry warning | On | 7 days before certificate expires |
| Resource warning | On | Memory/disk usage over 80% |
| Low credits | On | When AI credits drop below 10 |
| Container restart | On | When a container auto-restarts |
| Billing | On | Payment confirmations, failures |
Notifications are delivered via email. In-app notifications are always shown regardless of settings.
Sessions
View and manage active sessions from Settings → Security → Active Sessions:
- See all devices where you're logged in
- View last activity timestamp and IP address
- Revoke individual sessions
- Click Sign out all devices to invalidate everything
Data Export
Export your data from Settings → Privacy → Export Data:
- Account information (name, email, creation date)
- Site configurations and settings
- Environment variable names (values excluded)
- Deployment history
- Credit transaction history
- Chat conversation history (last 30 days)
Export is delivered as a JSON file within 24 hours.
Delete Account
Warning: Account deletion is permanent and irreversible.
What happens when you delete your account:
- All your sites are stopped and deleted
- All databases are dropped and removed
- All environment variables are purged
- Chat history is permanently deleted
- Unused credits are forfeited (non-refundable)
- Your email is released for re-registration
To delete: go to Settings → Danger Zone → Delete Account, or contact [email protected].
There is a 7-day grace period during which your account can be recovered by contacting support.