Account Security
How your account is protected
- No password — eliminates password-related attacks
- Magic links are single-use and expire in 10 minutes
- OAuth (Google/Microsoft) — handled by trusted providers, never stored on our servers
- Sessions expire after 30 days of inactivity
- All traffic is encrypted via HTTPS
If you think your account was accessed by someone else
- Sign in to your account
- Go to Profile → Security
- Click Sign Out All Devices
- This invalidates all active sessions immediately
Suspicious activity
If you notice unusual activity (unrecognised generations, plan changes):
- Sign out all devices immediately
- Contact support with details
Email security
- We will never ask for your password (we don't use them)
- We will never ask you to share a magic link
- Legitimate VocalLab emails come from
@vocallab.aidomains only
Data we store
See our Privacy Policy for full details on what data we collect and how it's used.