Understand the platformOperational

Person and business identity

How LuxPay separates a human identity from memberships and roles inside businesses.

Last reviewed: For: Individual · Business owner · Security team

One identity, many roles

LuxPay treats the human as a person first. The person then receives memberships in businesses, each with its own role, scope, and status. A user does not need a new identity for every branch, and identity alone never grants financial authority in a business.

What belongs to each layer?

  • Person: name, verified phone, recovery methods, and devices.
  • Membership: the relationship between the person and a business.
  • Role: the set of permitted actions.
  • Scope: the business or branches where the role applies.
  • Operational decision: permission at the moment of action based on state and limits.

Practical example

Ahmed can own a personal wallet, work as a cashier in branch one, and have read-only review authority in branch two. His identity does not change at sign-in, but every action is evaluated against the active membership, branch, and role.

Important controls

  • Revoking a membership does not delete the person identity or personal history.
  • Changing a role does not rewrite past transactions.
  • Branch context should not come from an untrusted input when it can be derived from the session and device.
  • Sensitive actions can require approval or step-up verification even when the role generally permits them.

This model supports Roles and permissions and Trusted devices.