Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.matproof.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Settings is split into personal settings (per user) and organization settings (admin only). Access it via the gear icon in the sidebar or by navigating to /settings.

Personal settings

Profile, notifications, language — applies only to your account.

Organization settings

Company info, team members, billing — admin only, applies to the whole workspace.

Profile

Settings → User Update your personal details:
  • Display name and profile photo
  • Email address (used for notifications)
  • Notification preferences — choose which events trigger email or in-app notifications (evidence expiry alerts, task assignments, access review reminders)
  • Language — switch the Matproof interface between English (EN) and German (DE)

API Keys

Settings → API Keys Generate API keys to access Matproof programmatically — useful for CI/CD pipelines, custom dashboards, or internal tooling.

Key scopes

ScopeWhat it allows
readRead all workspace data: controls, evidence, vendors, people, risks
read_writeRead and write — create/update controls, upload evidence, modify records
Never commit API keys to source code. Use environment variables or a secrets manager. Read-only keys are sufficient for most integrations — only use read/write when your pipeline needs to push data back to Matproof.

Creating a key

  1. Go to Settings → API Keys
  2. Click New API key
  3. Give it a descriptive name (e.g. ci-evidence-uploader)
  4. Select the scope
  5. Copy the key — it is only shown once

Using the API

Pass the key in the Authorization header: 
curl https://api.matproof.com/v1/controls \
  -H "Authorization: Bearer YOUR_API_KEY"
See the API Reference for full endpoint documentation.

Secrets

Settings → Secrets Store sensitive credentials for use in integrations — API keys, passwords, OAuth tokens. All secrets are encrypted at rest. Secrets are referenced by name in integration configurations rather than pasting raw credentials. This means credentials are stored once and never exposed in logs or configuration UIs. When to use Secrets:
  • Integration credentials that cannot use OAuth
  • Webhook signing secrets
  • External scanner API keys
Secrets are scoped to your organization. Only Admins and Owners can create or view secrets. Regular users cannot access stored secret values.

Browser Connection

Settings → Browser Connection The Matproof browser extension lets you capture evidence directly from web applications — useful when there is no native integration available.

Setup

  1. Install the Matproof browser extension from the Chrome Web Store
  2. Go to Settings → Browser Connection
  3. Click Connect — this generates a connection token
  4. Paste the token in the extension settings

Capturing evidence

Once connected, navigate to any web app in your browser, click the Matproof extension, and select Capture screenshot or Capture page data. The evidence is attached to a control of your choice.
Use the browser extension for SaaS tools that don’t have a native Matproof integration — for example, capturing access control settings from a legacy HR system or exporting a compliance report from a third-party tool.

Context Hub

Settings → Context Hub The Context Hub is where you tell Matproof about your organization. This context is used by Matproof’s AI to generate relevant policies, suggest control implementations, and write accurate risk assessments.

What to add

The more specific you are, the better the AI output:
SectionWhat to include
Company descriptionWhat your company does, industry, size, customer types
Tech stackCloud providers, databases, languages, SaaS tools in use
Compliance historyPast audits, certifications held, known gaps
Data typesWhat personal or sensitive data you process
Organizational structureTeam structure, key departments

Example entry

We are a 35-person B2B SaaS company building HR software for mid-market companies
in the DACH region. We process employee personal data (names, salaries, performance
reviews) for around 200 business customers. We run on AWS (eu-central-1), use
PostgreSQL on RDS, deploy via GitHub Actions, and use Slack, Notion, and Linear
internally. We completed a voluntary ISO 27001 readiness assessment in 2024.
Fill in the Context Hub before generating your first policies. A well-described context hub dramatically improves the relevance of AI-generated policy drafts.

Organization Settings

Admin only
SettingDescription
Company nameDisplayed on exported reports and auditor-facing documents
LogoUsed on policy documents and the auditor portal
TimezoneAffects timestamps on evidence and scheduled task reminders
Data residencyChoose where your compliance data is stored (EU / US)
Changes to organization settings take effect immediately across the workspace.