Legal · All Players

Account Security Policy

Documents the password, recovery, session, and verification expectations for Dragonheim website accounts.

Owner: Security & Compliance

Effective May 26, 2026

Security Controls

Website accounts use password hashing, cookie-backed sessions, staged recovery flows, and audit-linked security events to protect player identity.

Players are responsible for monitoring the security center and acting quickly if unexpected session, recovery, or verification activity appears.

Review active sessions regularly.
Use password reset immediately after compromise concerns.
Complete email verification to reduce support friction.

Staff Review

Support staff may delay sensitive changes until account ownership is reasonably verified through ticket history, message context, or platform events.