> ## Documentation Index
> Fetch the complete documentation index at: https://docs.alforse.com/llms.txt
> Use this file to discover all available pages before exploring further.

# FAQ

> Common questions from tenant users, admins, and API integrators.

### What is a tenant?

A tenant is a customer organization in Alforse. Contracts, payments, files, roles, and audit
events are scoped to the tenant you sign into. See
[Tenants & Data Boundaries](/concepts/tenants-and-platform).

### How do I get access to Alforse?

Your Alforse contact will provide onboarding instructions, or you can redeem a code at
[deals.alforse.com/redeem](https://deals.alforse.com/redeem). There is no open self-service
sign-up in production. See [Quickstart](/quickstart).

### Which plan do I need to use the API directly?

`business` and above. `free` and `team` are user-interface only. See
[Plans & Editions](/concepts/plans-and-editions).

### What authentication methods are supported?

Password + TOTP authenticator (required for tenant admins), an emailed backup code as a fallback
factor, WebAuthn passkeys, and SSO via Google, LinkedIn, Slack, DingTalk, or Lark when your
tenant has a provider configured. Check `GET /auth/sso/providers` for which are enabled for you.
See [Authentication](/api-reference/authentication).

### I lost access to my authenticator app. How do I log in?

Request an emailed backup code instead of your TOTP code:
`POST /auth/login/mfa/email`, then submit it as `emailCode` on `POST /auth/login` in place of
`mfaCode`.

### Do I have to pass a Turnstile token to call auth endpoints directly?

Yes, when Turnstile is enabled for your environment (it is in production) — register, redeem,
login, password reset, and invitation-accept all verify a `turnstileToken`. See
[Configuration](/configuration#turnstile-human-verification).

### Are write requests retried automatically?

No. Alforse does not automatically retry write (`POST`/`PATCH`/`DELETE`) requests, so retrying
one yourself can create a duplicate action if the original actually succeeded server-side —
check the resource's current state before retrying a write that timed out. Idempotent `GET`
requests are safe to retry.

### Is there a rate limit?

Yes — sensitive endpoints (including auth) are rate-limited per the `RateLimitGuard`. Exceeding
it returns `429 Too Many Requests`.

### Are contract originals or OCR text used to train AI models, or sent to third parties?

No. Contract originals and OCR full text are treated as highly confidential: they are not sent
to external AI providers, not returned in default API responses, and not written to logs. See
[Contract Intake](/guides/contract-intake).

### Can I export my data?

Yes — `GET /contracts/export` and `POST /contracts/export` produce CSV, gated by the `export`
module permission. Advanced audit export is part of the `business` plan and above.

## Self-hosting

### Can I run Alforse on my own infrastructure?

Yes, if your organization has the `self_hosted` plan and an enterprise self-hosted license.
See [Installation](/installation) for the deployment sequence. The SaaS `.env.example` is not a
drop-in production template; self-hosted deployments need an environment review with your
Alforse implementation contact.

### Where can I find error codes?

See [Errors & Codes](/api-reference/errors). It lists HTTP status codes, stable business
`error.code` values, and recommended handling.

### Where do I report a documentation gap or product bug?

Ask your Alforse contact or your organization's Alforse administrator.
