Bookkeeping Exchange - User Roles & Permissions
Bookkeeping Exchange - User Roles & Permissions
2. User Roles, Permissions & Workflows
Document Version: 1.0 Last Updated: 2025-12-26
2.1 User Role Overview
The platform supports three primary user roles:
- Business Owner (Lead Submitter)
- Bookkeeper (Lead Purchaser)
- Administrator (Platform Manager)
2.2 Business Owner Role
2.2.1 Registration & Authentication
Account Creation:
- Account automatically created upon lead form submission
- Required fields:
- Business owner name
- Email address
- Phone number
- Business name
- Password set during submission or via email verification link
- Email verification required before account activation
Authentication:
- Standard email/password login
- Password reset via email
- Optional: Remember me functionality
2.2.2 Permissions
Business Owners can:
- ✅ Submit lead forms
- ✅ View their submitted leads
- ✅ Edit/update their lead information
- ✅ See lead status (pending, purchased, inactive)
- ✅ See which bookkeeper purchased their lead (if purchased)
- ✅ Request lead reactivation
- ✅ Request account/data deletion
- ✅ Update account profile information
Business Owners cannot:
- ❌ View other business owners' leads
- ❌ Access bookkeeper information (beyond purchased lead)
- ❌ See lead pricing information
- ❌ Access admin functions
2.2.3 Account Dashboard
Dashboard Elements:
- Lead submission status
- Purchased by: [Bookkeeper name] or "Pending Purchase"
- Date submitted
- Last updated date
- Edit lead button
- Contact support link
Lead Status States:
- Pending: Submitted, visible to bookkeepers, not yet purchased
- Purchased: Bookkeeper has purchased exclusive access
- Inactive: Manually deactivated by admin or business owner
- Reactivated: Was purchased, now available again
2.2.4 User Flow - Lead Submission
1. Business owner visits landing page
2. Clicks "Submit Your Business Needs" CTA
3. Fills out lead form (see PRD_3 for fields)
4. Checks consent checkbox for information sharing
5. Agrees to Terms of Service
6. Submits form
7. Account automatically created
8. Email verification sent
9. Confirmation email sent with:
- Submission details
- Login credentials/link
- What happens next
10. Redirected to "Thank You" page
2.2.5 Email Notifications (Business Owner)
Business owners receive emails for:
- ✉️ Submission confirmation (immediate)
- ✉️ Email verification (immediate)
- ✉️ Lead purchased by bookkeeper (within 1 hour)
- ✉️ Bookkeeper contact information (within 1 hour of purchase)
- ✉️ Lead reactivation confirmation (if requested)
- ✉️ Account updates/changes
2.3 Bookkeeper Role
2.3.1 Registration & Onboarding
Registration Process:
1. Bookkeeper visits "Join as a Bookkeeper" page
2. Completes registration form:
- Personal/business name
- Email address
- Phone number
- Business name (if applicable)
- Service area (city, state, radius OR "nationwide")
- Certifications (CPA, EA, QB ProAdvisor, etc.)
- Specializations (industry focus, business size, etc.)
- Optional services (payroll, CFO, tax prep, etc.)
- Business website
- Years of experience
3. Creates password
4. Agrees to Terms of Service
5. Email verification sent
6. Status: "Pending Admin Approval"
7. Admin reviews and approves/rejects
8. Approval email sent with login link
9. Bookkeeper logs in → prompted to start free trial
Admin Approval Criteria:
- Complete profile information
- Valid business email (preferred over personal email)
- Professional appearance
- No red flags in provided information
2.3.2 Subscription Management
Free Trial:
- Duration: Configurable (default 30 days)
- Full access to limited lead previews
- Can bookmark leads
- Cannot purchase leads until payment method added
- Trial expiration warnings:
- Email at 7 days remaining
- Email at 3 days remaining
- Email at 1 day remaining
- Banner in dashboard when < 7 days
Paid Subscription:
- Monthly recurring via Stripe
- Auto-renewal enabled
- Price: Configurable in admin panel
- Payment method required
- Can purchase leads immediately upon payment
Subscription States:
- Trial: Free trial period, limited functionality
- Active: Paid subscription, full access
- Past Due: Payment failed, grace period (7 days)
- Expired: Subscription lapsed, no access to leads
Expiration Handling:
- Immediate loss of access to lead previews
- Previously purchased leads remain accessible
- Can still log in to reactivate subscription
- Bookmarked leads preserved for 90 days
2.3.3 Permissions
Bookkeepers can:
- ✅ View limited lead information (previews)
- ✅ Bookmark leads for later
- ✅ Purchase leads (if active subscription + payment method)
- ✅ View full information for purchased leads
- ✅ Download/export their purchased leads (future)
- ✅ Update their profile information
- ✅ Manage subscription and payment methods
- ✅ View purchase history
- ✅ Request support/refunds
Bookkeepers cannot:
- ❌ View other bookkeepers' information
- ❌ See which bookkeepers bookmarked/viewed leads
- ❌ Access purchased leads from other bookkeepers
- ❌ Purchase same lead twice
- ❌ Purchase unlimited leads without payment
- ❌ Access admin functions
2.3.4 Bookkeeper Dashboard
Dashboard Sections:
-
Lead Feed
- Sortable table of available leads
- Columns: Date, Industry, Location, Revenue Range, Services Needed, Price
- Default sort: Newest first
- Bookmark icon for each lead
- "Purchase" button for each lead
- Lead detail modal on click
-
My Bookmarks
- Saved leads for later review
- Same table format as lead feed
- Remove bookmark option
-
Purchased Leads
- Full access to all lead information
- Contact details revealed
- Purchase date
- Amount paid
- Export option (future)
-
Account Settings
- Profile information
- Service area settings
- Payment methods
- Subscription status
- Change password
-
Subscription Status Widget
- Current plan
- Renewal date
- Payment method on file
- Upgrade/change plan (future)
2.3.5 User Flow - Lead Purchase
1. Bookkeeper browses lead feed
2. Clicks on lead to view preview modal
3. Preview shows limited information + price
4. Clicks "Purchase Lead" button
5. Confirmation modal:
- Shows lead preview
- Shows price
- Confirms exclusive access
- "Confirm Purchase" button
6. Payment processed via Stripe
7. Lead immediately appears in "Purchased Leads"
8. Lead removed from public feed
9. Full lead information revealed
10. Confirmation email sent with lead details
2.3.6 User Flow - Bookmark Lead
1. Bookkeeper viewing lead feed
2. Clicks bookmark icon on lead row
3. Icon changes to "bookmarked" state
4. Lead appears in "My Bookmarks" tab
5. Can unbookmark anytime
6. Bookmarks persist across sessions
7. Bookmarked leads can still be purchased by others
2.3.7 Email Notifications (Bookkeeper)
Bookkeepers receive emails for:
- ✉️ Registration confirmation (immediate)
- ✉️ Admin approval notification (when approved)
- ✉️ Trial expiration warnings (7, 3, 1 days before)
- ✉️ Subscription renewal confirmation (monthly)
- ✉️ Payment failure notice (immediate)
- ✉️ Lead purchase confirmation (immediate)
- ✉️ New leads matching criteria (future - optional notification)
- ✉️ Subscription expired (immediate)
2.4 Administrator Role
2.4.1 Admin Access
Admin Capabilities:
- Full CRUD operations on all entities
- User management (all roles)
- Lead management
- Payment oversight and refunds
- Configuration management
- Analytics and reporting (future)
Admin Panel Sections:
- Dashboard (summary metrics)
- User Management
- Lead Management
- Payment Management
- Configuration
- Support/Disputes
2.4.2 User Management
Bookkeeper Management:
- View all bookkeepers (active, trial, expired)
- Approve/reject pending registrations
- View bookkeeper profiles
- Edit bookkeeper information
- Suspend/deactivate accounts
- View purchase history per bookkeeper
- Send direct messages/emails
- Reset passwords
- Manually extend trials
- Manually apply discounts/credits
Business Owner Management:
- View all business owners
- View submitted leads per owner
- Edit business owner profiles
- Deactivate accounts
- Handle data deletion requests
- View lead submission history
- Contact business owners
2.4.3 Lead Management
Lead Operations:
- View all leads (all statuses)
- Create leads manually
- Edit lead information
- Delete leads
- Change lead status
- Set custom pricing (override automatic pricing)
- Reactivate purchased leads
- Assign leads to bookkeepers (manual matching)
- Mark leads as inactive/archived
Lead Pricing Configuration:
- Set base pricing rules by revenue range
- Override pricing for individual leads
- Configure pricing tiers (future: shared vs exclusive)
Pricing Rule Examples:
Annual Revenue Range → Lead Price (Exclusive)
$0 - $50,000 → $50
$50,001 - $100,000 → $100
$100,001 - $250,000 → $150
$250,001 - $500,000 → $250
$500,001 - $1,000,000 → $400
$1,000,000+ → $600
Quality Multipliers:
- Incomplete form (< 50% fields) → 0.5x
- Complete form (100% fields) → 1.0x
- Urgent need → 1.2x
2.4.4 Payment Management
Stripe Integration:
- View all transactions
- Issue refunds (full or partial)
- View subscription statuses
- Handle failed payments
- Generate financial reports
- Export payment data
Refund Workflow:
1. Bookkeeper or business owner contacts support
2. Admin reviews dispute/request
3. Admin determines refund eligibility:
- Full refund: Lead was invalid/duplicate
- Partial refund: Some issues but lead was viable
- No refund: Lead was valid, business decision
4. Admin issues refund via Stripe
5. Lead reactivated if applicable
6. Notification sent to both parties
2.4.5 Configuration Management
Configurable Settings:
| Setting | Type | Default | Description |
|---|---|---|---|
| Monthly subscription price | Currency | $199 | Bookkeeper monthly fee |
| Free trial duration | Days | 30 | Trial period length |
| Lead pricing rules | JSON | See 2.4.3 | Revenue-based pricing |
| Grace period for expired | Days | 7 | Days before hard cutoff |
| Bookmark retention | Days | 90 | Keep bookmarks after expiration |
| Email sender name | String | Bookkeeping Exchange | From name in emails |
| Support email | support@... | Contact email | |
| Terms of Service URL | URL | /terms | Link to ToS |
| Privacy Policy URL | URL | /privacy | Link to Privacy Policy |
2.4.6 Support & Disputes
Support Ticket System (Manual for MVP):
- Receive support emails at configured address
- Track via email or simple ticketing system
- Common scenarios:
- Lead quality disputes
- Refund requests
- Reactivation requests
- Technical issues
- Account problems
Dispute Resolution Process:
1. Support request received
2. Admin reviews details
3. Admin contacts relevant parties (business owner/bookkeeper)
4. Admin makes decision based on:
- Terms of Service
- Fairness to both parties
- Business best practices
5. Admin takes action (refund, reactivate, close ticket)
6. Admin sends resolution email
7. Ticket closed
2.4.7 Admin User Flow - Approve Bookkeeper
1. Bookkeeper registers
2. Admin receives notification email
3. Admin logs into admin panel
4. Navigates to "Pending Approvals"
5. Reviews bookkeeper profile:
- Contact information
- Business details
- Certifications
- Service area
6. Makes decision:
→ Approve: Bookkeeper activated, email sent
→ Reject: Account denied, email sent with reason
→ Request more info: Email sent requesting clarification
7. Status updated in database
8. Notification sent to bookkeeper
2.4.8 Admin User Flow - Manual Lead Creation
1. Admin receives lead via phone/offline channel
2. Admin navigates to "Create Lead" in admin panel
3. Fills out lead form with business owner information
4. Sets custom pricing (or uses automatic)
5. Sets lead status (active/inactive)
6. Saves lead
7. Lead appears in bookkeeper feed (if active)
8. Optional: Admin can assign directly to specific bookkeeper
2.5 Permission Matrix
| Action | Business Owner | Bookkeeper (Trial) | Bookkeeper (Paid) | Admin |
|---|---|---|---|---|
| Submit lead | ✅ | ❌ | ❌ | ✅ |
| Edit own lead | ✅ | ❌ | ❌ | ✅ |
| View lead preview | ❌ | ✅ | ✅ | ✅ |
| Bookmark lead | ❌ | ✅ | ✅ | N/A |
| Purchase lead | ❌ | ❌ | ✅ | ✅ |
| View full lead details | Own only | ❌ | Purchased only | ✅ |
| Manage subscription | ❌ | ✅ | ✅ | ✅ |
| Issue refunds | ❌ | Request only | Request only | ✅ |
| Edit any user | ❌ | ❌ | ❌ | ✅ |
| Configure pricing | ❌ | ❌ | ❌ | ✅ |
| Approve bookkeepers | ❌ | ❌ | ❌ | ✅ |
| Access analytics | ❌ | Own data only | Own data only | ✅ |
2.6 Authentication & Security
Password Requirements
- Minimum 8 characters
- Must contain: uppercase, lowercase, number
- Optional: Special character
Session Management
- Session timeout: 30 days (remember me) or browser close
- Secure cookies with HttpOnly and Secure flags
- CSRF protection on all forms
Two-Factor Authentication
- Not required for MVP
- Roadmap item for admin accounts
Account Security Features
- Password reset via email
- Email verification required
- Login attempt limiting (rate limiting)
- Account lockout after failed attempts (future)
2.7 Data Privacy & Consent
Business Owner Consent
Upon lead submission, business owners must:
- ✅ Agree to Terms of Service
- ✅ Consent to information sharing with bookkeepers
- ✅ Acknowledge their information will be "sold" to bookkeepers
Consent Language (Placeholder):
☐ I consent to Bookkeeping Exchange sharing my business information
with qualified bookkeepers who purchase my lead. I understand my
contact information will be provided to the bookkeeper who purchases
exclusive access to my lead.
☐ I agree to the Terms of Service and Privacy Policy.
Bookkeeper Consent
Upon registration, bookkeepers must:
- ✅ Agree to Terms of Service
- ✅ Acknowledge purchased lead information is confidential
- ✅ Agree not to resell or share lead information
Terms Clause (Placeholder):
By purchasing leads, you agree to:
- Use lead information solely for the purpose of providing
bookkeeping services
- Not share, sell, or distribute lead information to third parties
- Maintain confidentiality of business owner information
- Contact leads in a professional manner
Data Deletion Requests
Both business owners and bookkeepers can request:
- Account deletion
- Data removal from database
- Admin must process within reasonable timeframe
- Purchased lead information may be retained for business records
Next Document: PRD_3_DATA_MODELS.md - Database schema and data structures