Effective Date: July 27, 2025 Applies To: CrownThrive Platform Admins, Partner Account Holders, Support Team, CLO Review Cycle: Quarterly or upon platform permissions updates Related Legal Depot Sections: Sections 4.26, 6.1.7, CrownRewards/CrownThriveU/ThriveSeat Partner Terms
1. Purpose
To ensure that all Partner-managed staff accounts and permission assignments across CrownThrive-hosted platforms are properly created, tracked, and secured, while offering clear response protocols for Partner-side abuse or security violations.
2. Scope
This SOP applies to:
- All platforms where Partners manage their own teams (e.g., loyalty card admins, course co-instructors, booking managers)
- CrownThriveâs role in account provisioning, system protection, and staff access enforcement
- Scenarios involving:
- Unauthorized access or misuse of staff privileges
- Account terminations or escalations
- Role audits or reinstatements
3. Staff Access Types
| Role Type | Permissions |
| Owner | Full access to all features; controls all staff and platform settings |
| Admin | Can manage content, view analytics, fulfill redemptions/bookings |
| Staff (Limited) | Task-based roles (e.g., customer chat, fulfillment only, dashboard read-only) |
4. Process Steps
4.1 Staff Assignment by Partner
- Owner logs into Partner dashboard
- Invites staff by email, assigns role level (Admin, Limited Staff, Fulfillment, etc.)
- System sends access link + logs the action in backend
4.2 CrownThrive Oversight (Limited)
- CrownThrive provides:
- Role-based access controls (RBAC)
- Activity logs per staff user
- Automated alerts for suspicious activity (e.g., mass deletion, impersonation)
- CrownThrive does not monitor day-to-day staff performance or reward delivery
4.3 Termination of Staff Access
- Partner Owner can:
- Remove staff access at any time
- Reassign role levels without CrownThrive approval
- CrownThrive will:
- Deactivate access if requested in writing by verified Owner
- Freeze staff access temporarily if abuse is reported (until investigated)
4.4 Violation or Abuse Protocol
- Examples of partner staff abuse:
- Stealing/redeeming user points without permission
- Falsifying reward delivery or deleting history logs
- Accessing user/member PII without reason
- If CrownThrive is notified:
- Internal audit is triggered by CTO
- Staff account is restricted or revoked
- Partner Owner is notified and given final say unless law is violated
5. Partner Responsibility
CrownThrive makes it clear:
â All staff activity reflects the Partnerâs brandânot CrownThrive â Partners must train, monitor, and discipline their own staff â Any legal consequences of staff misuse fall on the Partner directly â CrownThrive reserves the right to suspend a Partner account in the event of staff-based security threats
6. Escalation Contacts
| Concern Type | Escalation Contact |
| Staff abuse or impersonation | CLO â [email protected] |
| Access revocation or audit | CTO â [email protected] |
| Partner support or staff roles | Support â [email protected] |
| Data access violation | CLO (Flagged to Legal Archive) |
7. Compliance Markers
â Role permissions clearly defined by Partner â CrownThrive logs all role-based actions â Terminations handled by verified owners or platform alerts â Suspicious access triggers system-level flags â Partner remains legally responsible for staff actions
8. Version Control
- Version: 1.0
- Last Updated: July 27, 2025
- Maintained By: CLO + CTO + Support Admin
- Next Review Due: October 2025