Core Concepts
Read this first. These are the ideas that everything else in Orb Ledger is built on. Understanding them makes every other feature easier to use.
What Orb Ledger is
Orb Ledger is a CRM and operations platform for watch dealers. A single business (“your organization”) runs its entire operation inside it: inventory, contacts, the sales pipeline, a broker network, investor accounts, the money ledger, and reporting.
Your organization’s data is completely separate from every other organization on the platform. You only ever see your own watches, contacts, sales, and finances.
Your organization
Everything you do happens inside one organization. The organization holds your settings — your currency (default USD), your timezone (default US Eastern), your branding, your team, and all of your records.
The first person to sign up creates the organization and becomes its owner. The owner then invites the rest of the team and grants each person the access they need.
Roles and permissions
Access in Orb Ledger is controlled by roles. There are two families of roles: team roles (people who work inside the dealership) and portal roles (external people who get a limited self-service login).
Team roles
These are the people who run the business inside the main CRM:
| Role | What it’s for |
|---|---|
| Owner | The founder/administrator. Has every capability, including money movement, billing, team management, and compliance. |
| Manager | Day-to-day operator. Runs most of the CRM but does not have owner-only financial controls by default. |
| Staff | Inventory and light CRM work. No access to financials by default. |
| Viewer | Read-only access to the areas they are permitted to see. |
Note on older role names. You may still see the name “Admin” in some places. It is treated as owner-equivalent. A handful of other historical names (Co-founder, Founder, Member) are also mapped onto these four roles automatically. The four roles above — Owner, Manager, Staff, Viewer — are the real, current set.
Portal roles
These are external people who get their own limited login that only shows their own information:
| Role | What they see |
|---|---|
| Investor | The investor portal — their account, allocations, distributions, statements, and documents. |
| Broker | The broker portal — their submitted deals, commissions, and signals. |
| Seller | A planned seller portal. It is currently disabled for launch; seller logins are turned off. |
Capabilities and overrides
Under the hood, each role is really a bundle of fine-grained capabilities (for example, “record a sale,” “view financials,” “manage the team”). Some capabilities are owner-only by default — billing, moving money, deleting the organization, compliance.
The owner can fine-tune any individual person’s access with permission overrides: explicitly granting or removing a specific capability for one team member, beyond what their role normally allows. This means two people with the same role can have slightly different access if the owner set it up that way.
Throughout this guide, each feature lists who can access it so you know which role is required.
How money works
Orb Ledger is a financial system, and it is deliberately strict about money so your books are always trustworthy.
- The ledger is permanent. Every cash and inventory movement is written to a ledger that can never be edited or deleted. To correct something, the system records a new, opposing entry — it never rewrites history. This is why your financial reports can always be trusted.
- Money math is exact. All amounts are calculated to the cent. There is no rounding drift, even across thousands of transactions.
- Profit is split three ways. When a watch sells, the profit is divided between the company (company net), any investors who funded the watch (investor share), and any broker who sourced the deal (broker fee). You’ll see these terms throughout the Sales and Finance sections.
- Big or sensitive money actions ask for confirmation. High-value transactions (for example, large deposits or reversals) require an extra two-step confirmation before they go through.
The audit log
Every important action — a sale, a payment, a role change, a deposit, a deletion — is recorded in an audit log that, like the ledger, can never be changed or deleted. This gives you a permanent, tamper-proof history of who did what and when, which is essential for compliance and for resolving any question after the fact.
Soft delete and archiving
When you “delete” most records (a watch, a contact), Orb Ledger doesn’t actually erase them — it archives them (a “soft delete”). They disappear from your normal views but can be restored. This protects you from losing data by accident and keeps your historical reports intact.
Approvals (maker-checker)
For sensitive actions, Orb Ledger supports an approval workflow, sometimes called maker-checker:
- A team member submits a request (for example, a manager records a sale they aren’t allowed to close directly, or asks to release a commission).
- An authorized reviewer approves or declines it.
- The original requester then finalizes it, which actually executes the action.
This separation means no single person can both initiate and complete a sensitive money action on their own, when your organization chooses to require it.
Idempotency (no accidental double-charges)
Money-moving actions are protected against accidental duplication. If a request is submitted twice — say, because of a slow connection and a double-click — the system recognizes the repeat and returns the original result instead of processing it twice. You won’t accidentally pay a bill or record a sale twice.