Every customer who books with you, gets a quote sent to them, or receives an invoice, gets a private customer-space link. The link looks like:
studioops.uk/me/abc123def456ghi789jkl012mno345pqr678stu901vwx234
The long string at the end is the customer's unique token — their "key" to a small private area on studioops.uk where they can see their bookings, read their quotes and invoices, cancel or reschedule appointments, and have a back-and-forth conversation with you.
There's no password. There's no signup. The link is the credential — anyone with the link can act as that customer. That's deliberate; it's the same shape as a magic-link sign-in, just with a longer-lived token.
1. How customers receive the link
Every email StudioOps sends a customer carries the link:
- Booking confirmation emails include a "View or manage your booking" button pointing at the customer space.
- Quote emails include "View quote" with the same link prefix.
- Invoice emails include "View invoice".
- Reschedule / cancellation emails carry the link too.
- The "Request a new link" flow on
studioops.uk/your-slug/request-linkmints a fresh token if a customer's lost their old emails.
The customer just clicks. No login screen, no password reset, no friction.
2. What customers can do in their space
The page they land on shows their bookings, quotes, and invoices for your studio. Specifically:
- Bookings: see upcoming appointments. Cancel (if your cancellation window allows it). Request a reschedule.
- Quotes: read the quote, comment on it, accept or decline.
- Invoices: read the invoice, see the payment status, pay via your connected card rail or via bank transfer.
- Conversation history: every reply they've sent and you've sent in any thread.
They CANNOT:
- See any other customer's data.
- See your dashboard.
- Change their email address (that's intentional — email changes are studio-initiated only, so an attacker who got hold of the link can't redirect future emails to themselves).
3. Why no password
Three reasons:
- Less friction for the customer. Most studio customers book once every few weeks or months. A password they set up six months ago and forgot is worse than no password at all.
- No signup wall. A customer who's already done the booking shouldn't then have to "create an account" to see their invoice.
- Smaller security surface. No password to forget, no password reset email to phish, no account-takeover via email hijack (because the link doesn't allow email changes).
The link is the credential. Anyone with it can act as that customer — same as a Google Docs "anyone with the link" share. Customers shouldn't share their link publicly; it's intended for their own use.
4. Sharing a customer's link from the studio side
There are moments where you'll want to send a customer's link manually — e.g. they messaged you on WhatsApp and you want them to see their invoice.
In the dashboard, open the customer record. There's a Copy customer link button at the top. Click it. The link is copied to your clipboard — paste it into WhatsApp, an email, wherever. Each click is audit-logged (so the studio has a record of when a customer link was shared).
The link is never rendered on screen in the dashboard — only ever copied. This is so a screen-shared session or a screenshot of the dashboard can't accidentally leak it.
5. If a customer's lost their links
Send them to studioops.uk/your-slug/request-link. They enter their email; if it matches a customer on file for your studio, a fresh link is emailed to them. If it doesn't match, the page returns the same "If your email is on file, you'll get a link shortly" message — by design, so the page can't be used to enumerate which emails are customers.
The previous link stays valid until they actively use the new one — at which point the old token rotates and stops working. (Token rotation also fires on every quote / invoice send so the most recent email always has the freshest link.)
6. What happens when a customer's email changes
Email changes are studio-initiated only. If a customer asks you to update their email:
- Go to their customer record in the dashboard.
- Edit the email field.
- Save.
The next StudioOps email to them goes to the new address. Their existing customer-space link stays valid (it's tied to the customer record, not the email), but you might want to manually send them a fresh link via Copy customer link so they can confirm the new email is working before they need it for an actual booking.
The customer cannot change their own email from the customer space. This is deliberate: if someone got hold of the link, the worst they could do is see existing data — they couldn't redirect future emails to themselves and start an account-takeover.
7. Security on our side
A few notes for the security-curious:
- Tokens are 32 bytes of random URL-safe characters — practically unguessable. (256 bits of entropy. To brute-force guess a single valid token by chance, you'd need to try a number of links far larger than the number of atoms in the observable universe.)
- Tokens are stored hashed at rest — the database holds the SHA-256 of the token, not the token itself. A database breach doesn't leak working customer links.
- Token comparison is constant-time server-side, so a timing-attack can't enumerate valid tokens by measuring response times.
- Token lookups never appear in logs — middleware scrubs
/me/<token>/*URLs to/me/[REDACTED]/*before they reach Vercel or Supabase logs. - Responses set
Referrer-Policy: no-referrerso the customer's browser doesn't leak the URL to any outbound link they click from the customer space.
If you have a customer who's deeply concerned about their data, this is the technical summary to point them at — or send them to our /privacy page for the plain-English version.
8. The bits we don't do yet
- Customer-controlled unsubscribe — customers can't manage their newsletter / SMS / WhatsApp preferences themselves in v1. On the post-launch roadmap.
- Public account portal — there's no
studioops.uk/customer/loginor anything similar. The magic-link-token design is intentional and won't be replaced. - Multi-business customer view — if a customer books with two different StudioOps studios, they get two separate customer-space links, one per studio. There's no unified view.
See also
- Quotes and invoices in StudioOps — what the customer reads + pays through their customer-space page.
- Booking rules and your cancellation policy — the rules that govern what customers can do from their space (cancel, reschedule).
If you get stuck, the StudioOps help centre at studioops.uk/help has search and a ticket form. For anything urgent, email help@studioops.uk.