Account & Security
Signup, login, password reset, sessions, 2FA roadmap, account deletion (7-day hold), and security practices.
Account & Security
Everything around login, signup, password reset, and how Allorc keeps your account safe.
Sign Up
The signup form is at /signup. If sign-ups are closed on your environment, you'll see a "Sign-ups are closed" message.
Email Verification
After signup, the system sends a verification email. You must click the link before you can subscribe.
Login
The login form is at /login.
Forgot Password
The forgot-password form is at /forgot-password.
Session Management
Sessions are maintained securely. The Remember me option extends your session so you stay logged in across visits.
Two-Factor Authentication (2FA)
Status: Coming soon.
The roadmap includes TOTP-based 2FA. When enabled, you'll be able to:
- Enable 2FA in Settings → Account.
- Scan a QR code with an authenticator app (Google Authenticator, 1Password, Authy).
- Use a 6-digit code as a second factor on login.
OAuth / Social Login
Status: Not currently supported.
Allorc uses email + password for primary auth. Social login (Google, GitHub) is on the roadmap.
Account Deletion
The account-deletion flow is a 7-day soft delete to comply with GDPR and protect users from accidental loss.
Security Practices
Allorc follows industry-standard security practices:
- Passwords are hashed and never stored in plain text
- All traffic is encrypted with TLS
- Payment data is handled entirely by Stripe — we never see card numbers
- Databases are encrypted at rest
- Sessions are protected with secure cookies
- Rate limiting is applied at the account and IP level
Recognizing Phishing
Allorc will never:
- Ask for your password over email.
- Ask for your credit card over email (Stripe handles all card data).
- Send you a link to a non-
allorc.comdomain.
If you receive an email claiming to be from Allorc but the link goes elsewhere, or it asks for sensitive info, don't click it. Forward to support and we'll investigate.
Reporting a Security Issue
Email security@allorc.com with:
- Description of the issue.
- Steps to reproduce.
- Affected account (if known).
We aim to respond within 24 hours and to credit researchers for valid issues (responsible disclosure program).
Frequently Asked Questions
Q: I forgot my password. What do I do? A: Use the Forgot Password flow on the login screen.
Q: How do I change my password? A: For now, use the Forgot Password flow. A self-serve "Change password" in Settings is on the roadmap.
Q: How do I change my email? A: Email support. We need to verify the new email before flipping it.
Q: Can I have multiple accounts with the same email? A: No. Each email is tied to one account.
Q: Can I use a different email for the worker than my login email?
A: The worker's email (<prefix>@ai.allorc.com) is separate from your login email. The login email is for auth; the worker email is for the agent's mailbox.
Q: Why was I signed out unexpectedly? A: Sessions can expire (especially without "Remember me"), or your account may have been modified. Sign back in; if it happens repeatedly, contact support.
Q: Can I see who's logged into my account? A: Active sessions list is on the roadmap in Settings → Account.
Q: Is 2FA available? A: Coming soon. Email + password is the only factor for now.