Scalingo · benjaminach · Jun 25, 2025 · Jun 25, 2025 · Jun 25, 2025 · Jun 25, 2025
diff --git a/redirections.yml b/redirections.yml
@@ -684,6 +684,21 @@
   - old: "/databases/postgresql/postgresql-anonymizer"
     new: "/databases/postgresql/guides/postgresql-anonymizer"
 
+  - old: "/platform/internals/billing"
+    new: "/platform/account/billing"
+
+  - old: "/platform/internals/consumption-reports"
+    new: "/platform/account/consumption-reports"
+
+  - old: "/platform/account/manage#referrals"
+    new: "/platform/account/referrals"
+
+  - old: "/platform/account/manage/"
+    new: "/platform/account/manage-your-account"
+
+  - old: "/platform/account/manage#billing"
+    new: "/platform/account/manage-your-account#billing"
+
 obsolete:
   - "/how-to-migrate-from-cloudcontrol/"
   - "/how-to-migrate-from-shelly-cloud/"

diff --git a/src/_posts/platform/2000-01-01-user-management.md b/src/_posts/platform/2000-01-01-user-management.md
@@ -0,0 +1,3 @@
+---
+index: 7
+---
diff --git a/src/_posts/platform/account/2000-01-01-account.md b/src/_posts/platform/account/2000-01-01-account.md
@@ -0,0 +1,18 @@
+---
+title: Scalingo Account
+modified_at: 2025-06-25 00:00:00
+tags: account profile tokens delete
+index: 1
+---
+
+Each user account is sovereign and independent. It can be used to create and manage applications, provision databases, define a payment method, download invoices, and access detailed consumption reports.
+
+This section will help you:
+* [Manage your personal account]({% post_url platform/account/2000-01-01-manage-your-account %})
+* [Follow your consumption report]({% post_url platform/account/2000-01-01-consumption-reports %})
+* [Create or update your billing profile]({% post_url platform/account/2000-01-01-billing %})
+* [Earn credits with our referral program]({% post_url platform/account/2000-01-01-referrals %})
+
+{% note %}
+Looking to manage access for your team or external contributors? Go to [Manage your collaborators]({% post_url platform/user-management/2000-01-01-user-management %}).
+{% endnote %}
diff --git a/.../platform/internals/2000-01-01-billing.md → ...ts/platform/account/2000-01-01-billing.md b/.../platform/internals/2000-01-01-billing.md → ...ts/platform/account/2000-01-01-billing.md
@@ -2,6 +2,7 @@
 title: Billing
 modified_at: 2023-03-21 00:00:00
 tags: billing
+index: 4
 ---
 
 ## Fill the Billing Profile

diff --git a/...ternals/2000-01-01-consumption-reports.md → ...account/2000-01-01-consumption-reports.md b/...ternals/2000-01-01-consumption-reports.md → ...account/2000-01-01-consumption-reports.md
@@ -2,6 +2,7 @@
 title: Consumption Reports
 modified_at: 2023-11-02 12:00:00
 tags: billing consumption report
+index: 3
 ---
 
 ## Your consumption report

diff --git a/src/_posts/platform/account/2000-01-01-manage-your-account.md b/src/_posts/platform/account/2000-01-01-manage-your-account.md
@@ -0,0 +1,94 @@
+---
+title: Manage your Account
+modified_at: 2025-06-25 00:00:00
+tags: account profile tokens delete
+index: 2
+---
+
+Your personal Scalingo account enables you to create applications and databases, which are billed based on your resource usage on the associated payment method.

+All account configuration is performed via the [Scalingo Dashboard](https://dashboard.scalingo.com). Access account settings from the top-right menu. The main sections include:
+
+## Profile
+
+[Dashboard Profile page](https://dashboard.scalingo.com/account)
+
+Manage your personal details including username, full name, location, company information, and newsletter preferences.
+
+You can also customize your experience by selecting your preferred interface language and theme (light or dark).
+
+## Contracts
+
+This section displays all legal agreements applicable to your account, whether currently active or archived.
+
+## HDS
+
+[HDS Profile page](https://dashboard.scalingo.com/account/hds)
+
+If you host health data under the French HDS regulations and have signed the HDS annex, this page allows you to view the applicable HDS annexes and manage the designated healthcare data point of contact for your applications.
+
+{% note %}  
+Reminder: the point of contact information should be reviewed at least every 12 months and updated if necessary.   
+{% endnote %}
+
+## Authentication
+
+[Dashboard Authentication page](https://dashboard.scalingo.com/account/authentication)
+
+This page lets you update the email address associated with your account along with the password and 2FA.
+
+If your account was created using “Sign up with GitHub”, you cannot set a password via this form as no current password exists. Instead, log out and use the [Forgot your password?](https://auth.scalingo.com/users/password/new) feature with your GitHub associated email.
+
+## SSH Keys
+
+[Dashboard SSH keys management page](https://dashboard.scalingo.com/account/keys)
+
+SSH keys serve as a means of identifying yourself to Scalingo's git server. Each time a deployment is triggered using the `git push` command, your account needs to be authenticated with one of your SSH Keys.
+
+[Learn how to configure your SSH key for your operating system]({% post_url platform/getting-started/2000-01-01-troubleshooting-ssh %})
+
+## API Tokens
+
+[Dashboard API Tokens](https://dashboard.scalingo.com/account/tokens)
+
+This page lists the API tokens linked to your account. They allow you to authenticate with our API to build custom tools and interact with the platform in a programmable way.
+
+{% note %}  
+API tokens inherit the exact permissions of your account for each application or database. Currently, it is not possible to restrict the scope or permissions of an individual token.  
+For improved security, especially in larger organizations, we recommend reviewing our [security best practices guide]({% post_url platform/user-management/2000-01-01-guides %}).  
+{% endnote %}
+
+Have a look at our [API documentation](https://developers.scalingo.com) to learn how to use them.
+
+## Billing
+
+[Dashboard Billing page](https://dashboard.scalingo.com/billing)
+
+Configure your payment methods in this section. The platform supports 3 methods:
+
+* Debit/Credit card payments: the beginning of each month, the platform charges on the cards what has been consumed the month before.  
+* Prepaid credit bought with PayPal: buy credit in advance and we'll use them to pay the invoices. Payment fallback on the bank card if there is not enough credit to pay an invoice.  
+* SEPA payment: for customers located in the European Union, SEPA debit can be used to pay invoices, an electronic SEPA mandate is generated during the setup process.
+
+Payment history can also be found on this page, including links to download your past invoices.
+
+An invoice from the previous month consumption in the platform is generated monthly. It sums up all the resources you have used on Scalingo, it includes:
+
+* Application containers runtime  
+* Application addons
+
+If you bought prepaid-credit with PayPal and that you have not enough credit to pay the invoice, the invoice will be considered **unpaid** and you have to add more credit.
+
+If you add a payment card, the platform tries to charge it when the invoice is generated. If the operation fails, the invoice will be considered **unpaid**. The charge operation is then retried automatically a few times before the account is suspended and the data deleted.
+
+To resolve the issue, you can either add prepaid credit or update your payment method during this period. The new payment method will be charged right away to cover the unpaid invoice.
+
+## Delete my account
+
+To delete your account, you must first delete or transfer ownership of all your applications, and ensure all outstanding bills are settled.
+
+Then go to the Delete your Scalingo account section on the [authentication](https://dashboard.scalingo.com/account/authentication) page and click Delete. A final confirmation will be requested by email.
+
+Your account will be deactivated and marked for deletion.
+
+This action will queue the removal of all your Scalingo account's data, including: Deployments, Activity, Aliases, Domains, Certificates and your Billing subscription
diff --git a/src/_posts/platform/account/2000-01-01-manage.md b/src/_posts/platform/account/2000-01-01-manage.md
diff --git a/src/_posts/platform/account/2000-01-01-referrals.md b/src/_posts/platform/account/2000-01-01-referrals.md
@@ -0,0 +1,21 @@
+---
+title: Referral Program
+modified_at: 2025-06-26 00:00:00
+tags: referral
+index: 99
+---
+
+Scalingo offers a referral program that allows users to earn credits by inviting others to the platform.
+
+## How It Works
+
+* Referral Link: Each user has a unique [referral link](https://dashboard.scalingo.com/account/referrals) available in their dashboard.  
+* Earnings: When someone signs up using your referral link and becomes a paying customer, you receive 20% of their monthly usage as credits.  
+* Duration: This benefit lasts for 12 months from the referred user’s account creation date.  
+* Credit application: Earned credits are automatically applied to your future invoices.
+
+## Tracking Referrals
+
+You can monitor your referral statistics, including the number of sign-ups and credits earned, directly from the [referral section](https://dashboard.scalingo.com/account/referrals) in your dashboard.
+
+For more details, refer to the [original blog post](https://scalingo.com/blog/recommend-scalingo-to-your-friends-and-save-money).
diff --git a/src/_posts/platform/getting-started/2000-01-01-troubleshooting-ssh.md b/src/_posts/platform/getting-started/2000-01-01-troubleshooting-ssh.md
@@ -253,5 +253,5 @@ $ ssh-add -l -E md5
 2048 MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /home/USERNAME/.ssh/id_rsa (RSA)
 ```
 
-Go to the [Dashboard > User settings > SSH Keys]({% post_url platform/account/2000-01-01-manage %}#ssh-keys)
+Go to the [Dashboard > User settings > SSH Keys]({% post_url platform/user-management/2000-01-01-manage-collaborators %}#ssh-keys)
 page and check if the fingerprint is the same as the output of the previous command.
diff --git a/src/_posts/platform/user-management/2000-01-01-guides.md b/src/_posts/platform/user-management/2000-01-01-guides.md
@@ -0,0 +1,62 @@
+---
+title: Recommended Role Usage by Team Size
+modified_at: 2025-06-25 00:00:00
+tags: user team role collaborator security
+index: 5
+---
+
+This guide outlines recommended practices for managing roles, collaborators, and security settings on Scalingo, depending on your team’s size and structure. While Scalingo keeps access control simple, using roles strategically will help you balance collaboration with operational security.
+
+Our access management guidelines follow the principle of [least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege). Collaborators should only have the permissions strictly necessary for their responsibilities.
+
+## Small Teams
+
+Structure example: A CTO or lead developer, and a few developers.
+
+Recommendations:
+
+* Assign the Owner role to the CTO or technical lead responsible for billing and application lifecycle.  
+* Give the Collaborator role to developers who are trusted with full access to settings and data.  
+* If contributors have limited responsibilities, prefer using the Limited Collaborator role to restrict access to sensitive operations.  
+* Encourage code review and protected branches in your SCM to limit the impact of elevated permissions.
+
+## Mid-Sized Teams
+
+Structure example: A CTO, a lead developer, senior developers, junior developers.
+
+Recommendations:
+
+* Keep the Owner role for the CTO or an engineering manager in charge of account and billing governance.  
+* Assign the Collaborator role to trusted leads who need access to all environments, data, and team management.  
+* Use the Limited Collaborator role for senior developers who handle deployments and logs but don’t need access to sensitive configurations or secrets.  
+* Junior developers do not need a Scalingo account. They can contribute to the project exclusively through your GitHub or GitLab workflows.  
+* Leverage branch protections and CI validation workflows for better deployment governance.
+
+## Large or Multi-Project Teams
+
+Structure example: Several project teams and multiple environments.
+
+Recommendations:
+
+* Use a global Service Account (dedicated Scalingo account) as the application Owner, especially for production apps. This avoids coupling billing or critical permissions to a personal account.  
+* Apply the same role split as in mid-sized teams: Collaborator for leads, Limited Collaborator for developers.  
+* Use a specific and dedicated Service Account to scope API tokens to a given application and ensure better isolation between apps.
+
+## Per-App Scoped API Tokens
+
+Since API tokens inherit all the permissions of the user account they are generated from, we recommend using a dedicated service account when you need application-scoped API access.  
+Add this service account as a Collaborator on the specific application only, and generate API tokens from it.
+
+This ensures that the token has access exclusively to the intended application, and cannot be used across other apps.
+
+## Verify whether your collaborators have 2FA enabled
+
+Although 2FA cannot be enforced globally on Scalingo, you can view each collaborator’s 2FA status from the [Collaborators page](https://dashboard.scalingo.com/collaborators) of your Scalingo dashboard.
+
+## Regular Access Reviews
+
+Access rights tend to evolve over time, and it’s easy to overlook outdated or excessive permissions. We recommend conducting regular access reviews to ensure that each collaborator still has the appropriate role based on their current responsibilities. This also helps identify inactive accounts or permissions that should be revoked.
+
+Regular reviews help maintain the principle of least privilege and reduce the risk of unauthorized access. We also encourage checking the 2FA status of your collaborators.
+
+You can also use the [Scalingo API](https://developers.scalingo.com/) to automate checks and integrate them into your internal security alerts or audit processes.
diff --git a/.../platform/app/2000-01-01-collaborators.md → ...gement/2000-01-01-manage-collaborators.md b/.../platform/app/2000-01-01-collaborators.md → ...gement/2000-01-01-manage-collaborators.md
@@ -1,36 +1,17 @@
 ---
-title: Collaborators
-modified_at: 2025-02-07 00:00:00
-tags: app collaborators
+title: Manage Collaborators
+modified_at: 2025-06-25 00:00:00
+tags: app collaborator
+index: 3
 ---
 
-Collaborators is a feature allowing the owner of an app to invite other Scalingo accounts to team up and work jointly on the app. An app can have as many collaborators as needed.
-
-An owner of an app can also [transfer the ownership of the app]({% post_url platform/app/2000-01-01-lifecycle-management %}#transfer-ownership-of-an-app) to a collaborator.
+Inviting collaborators enables you to share access to specific applications while preserving full control and accountability. This feature is designed to support seamless teamwork from development to production.
 
 {% note %}
-Delegating rights to collaborators should be done with caution. While collaborators can't delete the application, they still have sufficient rights to potentially disrupt the activities or businesses that depend on it.
+Granting collaborator access should be done with care. While collaborators cannot delete an application, they still hold sufficient privileges to modify configurations, deploy new code, or scale resources. These actions can impact the stability or availability of your services.
 {% endnote %}
 
-## Understanding Collaborators Rights
-
-Collaborators can:
-
-- Trigger deployments
-- Manage containers (scale up and down, both horizontally and vertically)
-- Manage addons (create, delete, change plan)
-- View logs
-- Access [Review Apps]({% post_url platform/app/2000-01-01-review-apps %})
-- View metrics
-- View activity
-- Access the DB Dashboard(s)
-- Manage other collaborators (invite, remove)
-
-Collaborators can't:
-
-- Delete the application
-- Rename the application
-- Transfer the ownership of the application to another user
+When inviting a new collaborator, it is essential to assign them the appropriate role based on their responsibilities. [Roles]({% post_url platform/user-management/2000-01-01-roles %}) define the level of access and actions a user can perform on your applications and databases.
 
 ## Managing Collaborators
 
@@ -91,3 +72,9 @@ Using the Command Line
 ```shell
 scalingo --app my-app collaborators-remove user@example.com
 ```
+
+When you remove permissions from a user, environment variables and other credentials are not changed. Users can still directly access services if they know the service credentials. To fully revoke access, make sure to rotate all relevant secrets, such as database passwords and API tokens.
+
+{% note %}
+At the moment, updating the password of the default database user requires assistance from the Scalingo support team. Once the password is changed, you must manually update the associated environment variable and restart the parent application for the new credentials to be used.
+{% endnote %}