Skip to main content

How do organization invitations work?

Organization invitations are designed around a simple principle:

The organization decides who should receive access. Salary Confidential verifies that the recipient is actually that person.

Invitations are associated with an email address for two reasons:

  • It allows Salary Confidential to verify that the intended recipient is redeeming the invitation.
  • It creates a durable administrative record organizations can continue to use when managing access later.

If you are inviting an existing Salary Confidential user and the invitation email matches one of their verified email addresses, the invitation is immediately applied to their account when you generate it.

Do recipients have to use the invited email address as their login?

No.

Recipients are free to use whichever Salary Confidential account they prefer.

The invited email address is used to verify identity during the invitation process, but it does not have to become the user's permanent login.

For example, an organization may invite emily@acme.com, while Emily prefers to use a Salary Confidential account that logs in through a completely different email address.

As long as Emily can prove she controls emily@acme.com, she can redeem the invitation into her account.

After redemption:

  • The invitation remains associated with emily@acme.com.
  • The permissions belong to Emily's Salary Confidential account.

This allows organizations to manage access using the employee identifiers they already recognize while giving users flexibility in how they manage their own accounts.

What email address should I use when inviting employees?

We recommend using the corporate email address you use internally to identify and manage employees.

This creates a durable administrative record that remains useful even if the employee later changes the email address they use to sign in to Salary Confidential.

We deliberately designed the system this way to avoid the unnecessarily fussy:

"I use a different email address for my login. Can you send me a new invitation?"

workflow that many systems impose.

What happens after an invitation is accepted?

The permissions become part of the recipient's Salary Confidential account and remain active until they are changed or removed by someone with the appropriate overseeing user in your organization.

Why can I only see the invitation link once?

Invitation links are encrypted and stored in a way that prevents anyone with access to our database - including attackers - from simply retrieving previously generated invitation links from the database.

As a result, invitation links can only be displayed at the moment they are created.

This means that even in the event of a database breach, unredeemed invitation links cannot simply be extracted and used to gain access to organizations.

If you need to share an invitation again, you can generate a replacement link.

Generating a replacement automatically invalidates any previous link associated with that invitation.

Why so many protections for invitations?

The most sensitive data in Salary Confidential is typically not the organization itself, and the Salary Confidential company.

We do not store payment card information, for example. Stripe handles payment processing on our behalf.

However, Salary Confidential does contain sensitive compensation data, and organizations may also maintain internal notes related to the surveys they run.

An invitation redeemed by the wrong person could therefore expose information that was never intended for them.

Because of this, invitation security is an important part of protecting survey confidentiality.

Multiple safeguards work together:

  • Invitation links are encrypted at rest.
  • Invitations are associated with a specific email address.
  • Recipients must prove they control that email address before redemption.
  • Replacement invitation links automatically invalidate older links.

These measures are designed so that even a security incident affecting Salary Confidential's systems cannot easily turn unredeemed invitations into unauthorized organization access.

Updated July 1, 2026