Holy ResourceHoly Resource
Getting Started

Licensing

Owner claim, invite access, and license recovery/transfer basics.

Holy Resource uses a license + owner model with device-aware access. In most teams:

  • one owner/super admin claims the license on a device
  • additional admins/staff join using invite codes

Where Licensing Lives

You can manage licensing from two places inside the app:

  • Settings → General Settings → Church Profile for current mode, active key, expiry, and branch entitlement in the Plan & License card
  • Settings → License Invites as a separate settings page for invite creation and trusted-device review on an owner-token device, plus owner-only claim, recovery, and transfer controls

Free mode is different

License invites, owner-token actions, and paid-license device onboarding are unavailable in Free mode. Free mode is local-only setup until a paid license is attached.

Claim Ownership (first owner)

If a paid license is not yet claimed, the first admin can claim ownership on that device.

  • The owner email may need to match the email used at checkout.
  • First-time claim can require a 6-digit verification code sent to that owner email.
  • Once claim succeeds, Holy Resource stores an owner token on that device so it can generate invites later.

If ownership already exists on another device, this device cannot claim directly and must join with an invite code instead.

Invite Additional Devices/Admins

From Settings → License Invites, permitted license managers can access the page, but invite generation only becomes available on a device that already holds the owner token or on a device that has been trusted for an account that currently has invite-management permission.

  • Invite codes can include expiry, max uses, initial branch role, and allowed branch IDs.
  • New devices redeem the code during onboarding in Join flow.
  • Join access is device-bound: the redeemed invite must verify online on that device at least once before offline onboarding can continue.
  • Join invites are also recipient-bound: the invite is locked to the intended email address, and the joiner must enter a verification code sent to that email before setup can finish.
  • Page access alone does not delegate server-side authority; the backend still requires either the local owner token or a trusted device enrolled for an account that currently has invite-management permission before invite changes can happen.
  • Reviewing or revoking trusted devices still requires the local owner token on the current device.
  • Owner email, owner recovery, and transfer ownership controls remain restricted to the owner/admin path and are not exposed in the broader invite-management view.

This keeps branch scope, user access, and device binding aligned from the start.

Recover Ownership

If the owner lost access to the previous device, recovery is available both during onboarding and from Settings → License Invites.

  • Enter the owner email used at checkout.
  • Request a 6-digit verification code.
  • Confirm recovery on the new device.

If the server already recognizes the same device as owner but the local owner token was lost, Holy Resource can also restore that token on the same device.

Transfer Ownership

Transfer is for changing the owner email, not just replacing a device.

  • The current owner requests a transfer code from Settings → License Invites.
  • The current owner confirms the transfer using the verification code.
  • The local owner token on the old owner device is cleared.
  • The new owner then claims ownership on their own device using the new owner email.

Invite join sequence

How To Read This Diagram

If you do not usually read sequence diagrams, read this one from the top down. Each column is one participant in the process. The arrows show what happens next and who is involved in that step.

Step-by-step explanation:

  1. The process starts on the owner device. The owner admin opens the License Invites area and chooses the invite settings they want to use.
  2. The owner device then talks to the license server and requests an invite code. That request can include things like branch scope, role limits, expiry, and usage count.
  3. The license server returns the invite code, and the owner shares it with the invited staff member.
  4. On the invited person’s device, onboarding begins in the Join flow. The invited person enters that code during setup.
  5. The join device then redeems the invite with the license server. The server sends back the invite scope and the locked recipient email that belongs to that invite.
  6. The join device requests a 6-digit verification code for that email, and the invited person receives it through email delivery.
  7. The invited person enters that verification code on the target device. The device then asks the server to confirm the invite verification on that specific device.
  8. If everything matches, the server approves the join and returns the access state needed for onboarding to continue.
  9. The device stores that access state locally in encrypted form so the staff member can continue setup and later use the app from that device.

In plain language, this diagram shows that a license invite is more than just a shareable code. It is a controlled onboarding path that ties together the owner’s permissions, the intended recipient’s email, and the specific device being joined. That is why invite generation, email verification, and first online verification all matter in the same sequence.

If the person chooses Use existing approved account instead of an invite code, the shape is similar but shorter: they enter the license key, enter the email and password of the already-approved account, confirm the 6-digit verification code sent to that account email, and then continue onboarding on that device. That path only works while the approved account still has active church access. If the user already left their last branch, or an owner/manager removed all of that user’s branch access, Holy Resource blocks trusted-device enrollment and the device must use a fresh invite or restored permissions instead.

Important Details

  • Invite generation requires either the owner token on the current device or a trusted device enrolled for an account that currently has invite-management permission.
  • License managers can create invites without seeing full owner recovery details, but trusted-device review and revocation still require the owner token on the current device.
  • Seeing Use existing approved account during onboarding does not mean the current person still has access. It only means the license already has approved accounts somewhere on that church license.
  • Owner email checks use the email associated with the purchased license.
  • The local license key used for owner-token checks is loaded from the device and is intentionally not editable from the invite page.
  • Invite join and some recovery flows need internet access at least once on the target device.
  • Join invites depend on working email delivery for the intended recipient, because the invite email must receive a 6-digit verification code during onboarding.
  • Paid-license validation can issue signed offline lease state, so local use can continue offline for a period, but revalidation may still be required later.
  • Devices that were joined from an invite keep a shorter initial offline revalidation window than owner or trusted-device enrollments. After that first successful online recheck, they fall back to the normal longer cadence.
  • Ownership and install location are different concerns: moving computers still requires a backup and restore plan.
  • Changing the paid license inside Settings is only supported when the replacement key belongs to the same church. If the key belongs to a different church, reset or leave the current church on that device first, then join the other church cleanly from onboarding.

Leaving A Church On This Device

If a joined staff/admin device needs to stop using a paid church license, use Settings → General → Maintenance.

  • Leave Current Branch removes this device from the active branch and purges that branch's local records.
  • If the user still has access to another branch in the same church, Holy Resource switches the device to that branch automatically.
  • If the user leaves their last remaining branch on that church, Holy Resource fails closed: it clears local license-linked tokens for that church, wipes the remaining local church data on the device, rotates the local encryption vault, and sends the device back to onboarding.
  • That last-branch reset is the supported path for starting over, joining a different church, or choosing Free mode on the same device.

This protects the church by making sure a device that no longer belongs to the church cannot keep a half-detached local copy of paid-church data or reuse leftover local join state.

Back up before you leave if you need personal local data

Leaving your last branch fully resets the device back to onboarding. Export or back up anything you personally need before confirming that action.

Moving to a New Computer

If you are moving Holy Resource to a new computer:

  1. Export a full backup of your data.
  2. Install Holy Resource and start onboarding.
  3. Complete owner recovery, transfer, or invite join before finalizing setup.
  4. Restore your data after the new device is ready.

For the full first-launch flow, see First Launch & Onboarding.

Was this helpful?

Roles & Permissions

Control who can access what, per resource and per branch.

Deployment Modes

Choose a practical operating model based on your devices and connectivity.

On this page

Where Licensing LivesClaim Ownership (first owner)Invite Additional Devices/AdminsRecover OwnershipTransfer OwnershipInvite join sequenceImportant DetailsLeaving A Church On This DeviceMoving to a New Computer