Locker Settings
Locker Settings is where organization admins manage the configuration that affects your entire Locker setup, API access, webhooks, data residency, and compliance controls.
Screenshot: locker-settings-page, the Locker Settings page at Locker → Settings showing the available configuration sections
Access
Go to Locker → Settings. Only organization admins can make changes here. Other team members can view the settings page but cannot save changes.
Permissions and Access Control
Team member access to Locker is managed through roles, not within Settings. For the full breakdown of what each access level allows and how to assign roles, see:
- Permissions: What view, upload, and admin access allow
- Roles: Which role gives which access level
- Access & Sharing: How to invite teammates or change someone's access
Some Locker sections, Search, Obligations, AI Search, are only available on plans that include them. If a section is missing from your navigation, contact your account team. See Permissions for the full list.
API Keys
Generate API keys to authenticate calls to the Locker API, for programmatic uploads, metadata updates, obligation management, and retention operations.
- Go to Locker → Settings → API Keys.
- Click Generate New API Key.
- Give the key a descriptive name, for example,
ProductionorMigration Script. - Copy the key immediately, it is shown only once.
- Store it securely in an environment variable or secrets manager. Never commit API keys to source code or version control.
Screenshot: locker-api-keys, the API Keys section of Locker Settings showing a named key with a copy button and revoke option
Revoke any key that may have been exposed. Generate a replacement, update your integration, then revoke the old key, keys can be rotated without downtime.
See API Integration for the full Locker API workflow guide.
Webhooks
Webhooks let your systems receive real-time notifications when something happens in Locker, a document is uploaded, a legal hold is placed, an obligation becomes overdue. Instead of polling for changes, your systems are notified automatically.
To set up a webhook:
- Go to Locker → Settings → Webhooks.
- Enter your endpoint URL (must be HTTPS).
- Add a Webhook Secret, Locker signs each notification so your system can verify it came from Propper.
- Select which events to receive.
- Click Save.
Available events:
| Event | When it fires |
|---|---|
| Document uploaded | A new document is added to the repository |
| New version uploaded | A new version is added to an existing document |
| Document archived | A document moves to archived status |
| Document deleted | A document is permanently deleted |
| Legal hold placed | A legal hold is applied to a document |
| Legal hold removed | A legal hold is lifted from a document |
| Obligation due soon | An obligation is approaching its due date |
| Obligation overdue | An obligation has passed its due date without completion |
Propper automatically retries failed deliveries and signs each payload so your endpoint can confirm it's legitimate. See the Webhooks API guide for verification details.
Screenshot: locker-webhooks-setup, the Webhooks section of Locker Settings showing an active endpoint with selected events
Retention & Legal Hold
Retention policies and legal holds are managed at the organization level, not within Locker Settings.
Go to Organization → Retention to create archival and deletion policies, view the current retention schedule, and manage legal holds.
See Retention Policies and Legal Hold.
Data & Privacy
Data residency, Documents are stored globally by default. EU data residency (for GDPR compliance) is available on request and cannot be changed via the UI. Contact Propper support to enable it for your organization.
Data Subject Requests (DSR), Handle GDPR erasure, access, and portability requests via Organization → DSR. Locker automatically evaluates active legal holds and statutory obligations before processing any erasure. See Compliance for the full workflow.
Data residency (where documents are stored) and DSR (individual data rights) are independent controls. You can process DSRs regardless of your residency configuration.
Quick Reference: Where to Find Related Controls
| Task | Where to go |
|---|---|
| Assign or change team member roles | Organization → Members |
| Set retention policies | Organization → Retention |
| Place or remove a legal hold | Organization → Retention → Legal Holds |
| Process a data subject request | Organization → DSR |
| Review document access history | Organization → Audit Logs |
| Update plan or billing | Organization → Billing |
| Request EU data residency | Contact Propper support |
Related
- API Integration: Locker API workflows
- Permissions: Access levels and plan-gated features
- Retention Policies: Document lifecycle rules
- Compliance: GDPR, CCPA, and audit log exports