New to Lucente? Contact us →
Sign in
Use your work account, or we can email you a sign-in link.
or email
Check your email
We sent a 6-digit code to . It is valid for 60 minutes.
…
Use your work account, or we can email you a sign-in link.
Check your email
We sent a 6-digit code to . It is valid for 60 minutes.
Submit requests and track your tickets
We're building a library of how-to guides, policies and answers to the questions our customers ask most. Until it's ready, raise a request from the portal home.
Use the navigation above to access the areas you have permission for.
Standard rates shown — discount applied in summary.
Pass-through costs — no service discount applied.
One-off materials and project labour — bullet inclusions render on the proposal.
One-off. Standard rate $200/user.
Share a link with the client so they can view and accept the proposal without logging in.
Record the details of how this proposal was accepted.
Single source of truth for everything sellable in L1. Each product carries a Xero Item Code so accepted quotes and recurring billing cycles can push directly to Xero.
A bird's-eye view of LucenteOne — what's inside, what it talks to, and where the data lives. Hover any node for detail.
Reference page for tokens, components, and patterns used across the app. Open in a new tab to keep your context here.
How often LucenteOne pulls data (devices, clients, tickets, end-users) from NinjaOne. Applies to the scheduled background sync.
Quote-builder calculation rules — discount defaults applied automatically based on tier and contract term. Catalog data (tier prices, T&M rates, onboarding, bolt-ons) lives on the Products tab.
Default discount applied to hourly rates when "Auto (tier default)" is selected on a quote.
Auto-applied service discount based on contract term. Overridable per quote.
| Tier | 12 months | 24 months | 36 months |
|---|---|---|---|
| Protect | % |
% |
% |
| Protect+ | % |
% |
% |
Default onboarding discount based on contract term. Auto-applied when term changes on a quote.
| 12 months | 24 months | 36 months |
|---|---|---|
% |
% |
% |
Content sections that populate the generated proposal document.
Available placeholders: {term} = contract term, {billing} = billing frequency, {pay} = payment terms, {onb_disc} = onboarding discount %
These details appear on proposals — contact section, header, footer, and legal references.
Appears on the proposal cover page. Edit the heading, subtitle, and body text.
Used when no per-quote Executive Summary is written. Placeholder: {CLIENT_NAME} = client name.
Footnote shown beneath the Recurring Services panel when any quote line is marked TBC.
The onboarding timeline shown on proposals. Edit phase names and descriptions.
CTA section at the bottom of the proposal. Placeholders: {WEBSITE_URL}, {FAQ_LINK}, {CONTACT_NAME}, {CONTACT_PHONE}, {CONTACT_EMAIL}.
Partner logos on the proposal cover. Logo files load from https://{website_url}/images/partnerlogo/{filename}.
Text shown on the customer acceptance form. Placeholders: {TERMS_LINK} = clickable link to terms, {ORG_NAME} = client organisation name.
Software catalogue and approval workflows.
Software items available in the support request onboarding form. Global items appear for all customers; customer-specific items only appear for that client.
API keys and integration secrets used by LucenteOne. Values are encrypted at rest with AES-256-GCM (master key in Supabase Vault). Click Reveal to decrypt and copy to clipboard — the value re-masks automatically after 30 seconds. Reveals are audit-logged.
Nightly off-platform encrypted snapshot of the entire LucenteOne system. Cron 03:00 AEST · 65-day retention · age-encrypted.
Why two backup systems? LucenteOne runs both Supabase's built-in backups and this off-platform backup. They protect against different failure modes — we keep both.
| Layer | Supabase PITR (built-in) | Our nightly backup (this page) |
|---|---|---|
| What's covered | Postgres DB only (point-in-time, any second in last 7 days) | Postgres DB + Storage objects + edge function source + Supabase auth config + Cloudflare DNS/Pages/Workers config |
| Where stored | Supabase’s own infrastructure | Cloudflare R2 bucket lucente-one-backups, off-platform, age-encrypted |
| Survives | Bad migration · accidental DELETE · column drop. Restore in minutes. | Supabase project lost / suspended / compromised. Cloudflare account lost. Full DR. |
| RPO | Continuous (sub-second) | Up to 24 hours (nightly cron) |
| Restore via | Supabase dashboard → Database → Backups | Download below + age + pg_restore (see runbook) |
What lives in the encrypted bundle:
backup.dump — pg_dump -Fc of the entire database (public + auth + storage schemas; ~3.6 MB compressed)storage/<bucket>/… — every object in client-logos and support-attachmentsedge-functions/<slug>/… — source of every deployed Supabase edge functionauth-config.json — SSO providers, redirect allowlist, JWT settings, email templatessecrets-manifest.json — secret names only (values stay in 1Password — intentional)cloudflare/<dns,pages,workers,zone>.json — Cloudflare config snapshot for DNS cutovermigrations.txt — migration filename list as of the runEncryption: The bundle is encrypted with age using asymmetric crypto. The GitHub Actions runner only knows the public key — even a full GitHub compromise yields encrypted blobs the attacker can’t decrypt. The private key lives only in 1Password (secure note: LucenteOne backup decryption key) plus a paper backup in physical storage. Lose it → backups unrecoverable. Leak it → every backup ever decryptable.
How to restore (same project — e.g. accidental DELETE): use Supabase PITR via the dashboard. Faster, no decryption needed. This off-platform backup is overkill for that case.
How to restore (Supabase project lost / DR scenario):
# 1. Click "↓ Bundle" below to grab the encrypted .tar.age file (15-min URL).
# 2. Decrypt with the age private key from 1Password:
age -d -i ~/lucente-backup-key.txt bundle.tar.age | tar -xf -
# 3. Restore database to a fresh Supabase project:
pg_restore -d "$NEW_DB_URL" --clean --if-exists --no-owner --no-privileges backup.dump
# 4. Redeploy edge functions:
for d in edge-functions/*/; do
supabase functions deploy "$(basename "$d")" --project-ref <new-ref>
done
# 5. Re-set every secret listed in secrets-manifest.json (values from 1Password).
# 6. Apply Cloudflare DNS records from cloudflare/dns.json to the zone.
# 7. Update Microsoft Entra app registration redirect URI to the new project.
# Full step-by-step in docs/disaster-recovery.md.Detailed runbooks: docs/backup-restore.md (4 same-project scenarios) · docs/disaster-recovery.md (full rebuild) · docs/backup-setup.md (one-time provisioning).
Email templates and project-type playbooks used across the platform.
Choose which email notifications you receive from LucenteOne.
We'll notify you by email once our team picks it up — usually within the hour during business hours.