Troubleshooting & Reference · Article 7.2

"My client can't enter the PIN" (lockouts and lost codes)

The 4-digit PIN gate protects every proposal and amendment link. Five wrong attempts in 24 hours triggers a per-IP lockout. Recovery is one click away — issue a fresh link.

The PIN gate is a deliberate friction point — it's what makes the email-link-plus-PIN combination eIDAS-compliant. When it locks a legitimate client out, that's frustrating, but the recovery path is fast: a single click on Resend clears the situation.

Step by step

Confirm the lockout.
The client sees "Too many attempts. Try again in 24 hours." Their description matches.
Click Resend from Actions.
A fresh email with a new PIN goes out.
Tell the client to use the new email.
"Ignore the old one, the new email has a fresh code."

Why this works this way

Lockout rules are enforced in the public proposal view (backend/apps/public/views.py): - 5 wrong attempts → 24-hour block on that (IP, slug) pair. - Block is stored in Redis with TIMEOUT=86400s. - Correct PIN entry resets the failed-attempts counter.

When you click Resend, the backend generates a brand-new PIN and invalidates the old one. The new email contains the new code; when the client clicks the new link and enters the new PIN, the lockout no longer applies because the old PIN that triggered the lockout no longer exists. The lockout is effectively bypassed by issuing fresh credentials, not by clearing the lockout itself — this is intentional for security (you can't accidentally clear a lockout that was triggered by a real attack).

Troubleshooting

Keep reading

Lifecycle

Status: Sent — the proposal is in your client's inbox

You've clicked `Send`. The PDF is rendered, the email is on its way, the proposal number is assigned, and the audit trail starts here. Now you wait — until the client opens it (`Viewed`) or signs (`Signed`).

Refunds & Notifications

Email: "Proposal from [your name]"

The first email your client receives. Triggered the moment you click `Send` on the proposal wizard; carries the proposal PDF and the 4-digit access code.

Troubleshooting & Reference

"My client says they didn't get the email"

The most common support question Clozo gets. Five checks resolve nearly all cases — most of the time, the email landed in spam.

Troubleshooting & Reference · Article 7.2

"My client can't enter the PIN" (lockouts and lost codes)

The 4-digit PIN gate protects every proposal and amendment link. Five wrong attempts in 24 hours triggers a per-IP lockout. Recovery is one click away — issue a fresh link.

Step by step

Confirm the lockout.
The client sees "Too many attempts. Try again in 24 hours." Their description matches.
Click Resend from Actions.
A fresh email with a new PIN goes out.
Tell the client to use the new email.
"Ignore the old one, the new email has a fresh code."

Why this works this way

Troubleshooting

Keep reading

Lifecycle

Status: Sent — the proposal is in your client's inbox

Refunds & Notifications

Email: "Proposal from [your name]"

The first email your client receives. Triggered the moment you click `Send` on the proposal wizard; carries the proposal PDF and the 4-digit access code.

Troubleshooting & Reference

"My client says they didn't get the email"

The most common support question Clozo gets. Five checks resolve nearly all cases — most of the time, the email landed in spam.