> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vendexlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Settings & notifications

> Organization settings, review reminders, and the granular alert system.

Organization settings control the defaults for your program, and notification settings control who hears about what — down to the individual event type. Both live under **Settings** and are managed by admins and owners.

## Organization settings

<ResponseField name="Plan & vendor limit">
  Your organization's plan and the number of vendors it can track. Community organizations start with a modest vendor limit that scales with your plan.
</ResponseField>

<ResponseField name="Assessment review reminders">
  Approvals are point-in-time, so VendexLabs reminds you before they expire. Configure how many days ahead the first reminder fires and the reminder cadence after that.
</ResponseField>

<ResponseField name="Internal email domains">
  The email domains that belong to your organization. This helps VendexLabs distinguish internal people (sponsors, reviewers) from external contacts.
</ResponseField>

<ResponseField name="Assessment IP allowlist (enterprise)">
  Enterprise assessments can be locked behind approved source IP ranges, so sensitive review workflows are only reachable from trusted corporate networks.
</ResponseField>

## The alert system

Alerts are **granular**: you choose which events generate an email and who receives them. Control happens at three levels.

### 1. Per-vendor: is monitoring on?

Each vendor on your list has an **alerts** toggle. Turn it off to silence a vendor entirely without removing it from your list. See [Recent events](/guides/recent-events).

### 2. Alert criteria: which events, to whom

For monitored vendors, an **alert-criteria matrix** decides which event types email which recipients. Recipients are resolved from each vendor's assessment:

| Criterion                  | Compliance contact | Sponsor | Added by me |
| -------------------------- | :----------------: | :-----: | :---------: |
| Status changed             |          ●         |    ●    |      ○      |
| Assessment updated         |          ○         |    ●    |      ○      |
| Expiring soon              |          ●         |    ●    |      ○      |
| Expired                    |          ●         |    ●    |      ○      |
| Security incident / breach |          ●         |    ●    |      ●      |

<Info>
  The matrix above shows an example configuration (● on, ○ off). You set your own — for instance, route routine "assessment updated" notices to the sponsor only, while sending "security incident / breach" alerts to everyone.
</Info>

### 3. Subscribers: extra recipients per list

Beyond the roles resolved from an assessment, you can add **subscribers** to a vendor list — additional people who receive its alerts. Members manage subscribers; a subscriber who is already a verified org member is confirmed immediately, while anyone else receives a confirmation email first. Every recipient can unsubscribe from any alert with one click.

<Note>
  Individual users also have their own notification preferences, so people can tune what reaches their inbox without changing the organization's rules.
</Note>

## Cookie and privacy choices

The VendexLabs marketing site keeps optional analytics cookies **off by default**; they activate only if you opt in, and you can change your choice anytime from the Cookie Preferences link in the site footer. See [Privacy](/trust/privacy) for the full picture.

<Card title="Vulnerability disclosure" icon="shield-halved" href="/trust/vulnerability-disclosure">
  Found a security issue? Here's how to report it.
</Card>
