Account & security

Login codes and email verification

Most users sign in with a 6-digit code we email them, instead of a password. This article covers how the codes work, what to do when something goes wrong, and the limits. How it works 1. You enter your email on the sign-in screen. 2. We send a 6-digit code to that email. 3. You enter the code. You're in. For new users, this also creates the account — you don't have to set a password upfront. You can set one later from Account settings if you want. For existing users with a password, you can either enter the code or use your password. The system shows whichever option is available for your account. What the email looks like Subject and content depend on whether you're new ("Welcome — confirm your email") or returning ("Sign in to Loudplay"). The code is a 6-digit number, valid for a limited time. Use it within a few minutes of receiving it; codes expire on the server side. Didn't get the code Check the obvious things first: - Spam / Promotions folder. Gmail and Outlook sometimes filter the first email from a new sender. - Typos in the email. If you typed your address wrong, the code went to the wrong inbox. Try again with the correct email — see the rate limit note below. - Old domain blocks. Corporate email systems sometimes block automated mail. Use a personal Gmail/Outlook account for the test. If none of those, request another code by hitting Resend on the sign-in screen. Rate limits We rate-limit code requests to prevent abuse: | Limit | Per | |-------|-----| | Maximum codes sent | 10 per hour, per email address | | Maximum verification attempts | 10 per code | If you hit the hourly send limit, wait an hour and try again. If you hit the verification-attempt limit, request a new code. If you've genuinely hit a wall — wrong email earlier, code never arrived, you've tried multiple times — write to help@loudplay.io. We can verify your account manually. "I entered the code, it says invalid" Two common causes: - Old code. If you requested two codes in a row, only the most recent one works. The older code is invalidated. - Spaces or extra characters. The code is 6 digits, nothing else. Don't paste with leading/trailing spaces. If both look fine and the code still fails, request a new one. After two failed attempts on the same code, we recommend stopping and going through email-based recovery instead — see "Forgotten password and login problems". "I'm not sure my email is registered" Our login API always returns "code sent" regardless of whether the email is in our database. This is a security measure — it stops bad actors from probing the system to see which emails have accounts. What it means for you: if you don't get a code and you're sure the email is right, the email might not be registered after all. Try signing up as a new user (the same flow) — it'll just create the account if there isn't one yet. Why codes instead of passwords Codes are more secure for most users — there's no password to forget, leak, or be reused from a compromised site. They're also faster than the typical "click email link to reset password" flow, because the code goes directly into the same form you're already on. You can still set a password after signing in if you prefer that flow. Account → Security → Set password.

Why the launcher opens your browser to sign in

When you click Sign in in the desktop launcher, your default browser opens at loudplay.io/auth/.... You sign in there, the browser hands the session back to the launcher, and you're done. Some users find this surprising — older versions of the launcher had an inline sign-in form. This article explains why we changed it. The short answer The launcher uses the OAuth2 authorization code flow with PKCE (RFC 8252). It's the standard, secure way for native applications to handle sign-in. In plain words: your password (or login code) is entered into the browser, on the official loudplay.io site, with the browser's address bar visible so you can verify the URL. The launcher itself never sees your credentials. After you sign in, the launcher receives a short-lived token via a localhost callback (http://127.0.0.1:{port}/callback) — this token is what authorises you for the rest of the session. Why we did it Three reasons: - Security. Inline forms inside applications are easier to spoof. A malicious update could replace the form and steal credentials silently. With browser-based sign-in, you always see the real URL — you'd notice if it was wrong. - Standard. Browser-based OAuth2 is what most modern apps use (Slack, Discord desktop, Spotify desktop, etc.). It's a known, audited pattern. - Single sign-on. If you're already signed in to Loudplay in your browser, the launcher picks up that session — no second password entry needed. What you'll see 1. Click Sign in in the launcher. 2. The browser opens (or focuses if it's already open) at loudplay.io/auth/.... 3. You enter your email + 6-digit code, or email + password. 4. The browser shows a brief "Returning to Loudplay launcher..." page. 5. The launcher window comes back to focus, signed in. If your browser blocks the launcher from opening it (some Linux setups, some corporate environments), you'll see an error in the launcher. Manually opening the URL in any browser, signing in, and copy-pasting back is supported as a fallback. "Why does the URL contain 127.0.0.1?" After sign-in, the browser redirects to http://127.0.0.1:{port}/callback?code=.... That's the launcher listening on a local port on your machine — the redirect hands the auth code from the browser into the launcher. 127.0.0.1 is your own machine; nothing leaves your computer when this redirect fires. If your browser warns about the connection being insecure (because it's plain HTTP), that warning is a quirk of how browsers treat localhost — it's safe in this context. "Can I get back to the old inline form?" No. The browser-based flow has replaced inline sign-in across all current launcher versions. If you're seeing the old form, you're on a very old launcher build — update via the launcher's auto-update or download a fresh installer from loudplay.io/download. On Android Android has the same flow conceptually — the app opens an in-app browser tab to sign in. You see the same loudplay.io/auth/... URL, you sign in, the app gets the session. This is standard Android behaviour and isn't a Loudplay-specific change. What if the browser doesn't open Rare, but if it happens: - Check that you have a default browser set in your OS (System Settings → Default Apps → Web Browser). - On Linux, install xdg-utils if it's missing. - On macOS, make sure the launcher has permission to open URLs (it shouldn't need any, but corporate-managed Macs sometimes restrict this). If none of that helps, write to help@loudplay.io with your OS version and we'll dig in.

Forgotten password and login problems

If you can't sign in, the fix depends on what's blocking you. Forgotten password is the most common case and has a one-click recovery flow. Other login problems — wrong email, duplicate accounts, expired codes — need different paths. Below is the full list, in the order you should try them. Forgot your password You don't actually need it. Sign in with an email code instead: 1. On the sign-in screen, enter your email. 2. Choose Sign in with code (or just leave the password field blank — the system offers the code option). 3. Check your email for a 6-digit code. 4. Enter the code, you're in. Once signed in, you can set a new password from Account → Security → Change password if you want password sign-in available going forward. If you specifically want to reset the password (because someone else might know it), the Restore password button on the sign-in screen sends a reset link to your email. The link is valid for a limited time — use it within an hour of receiving it. For details on how email codes work and their rate limits, see "Login codes and email verification". Don't remember which email you used Sign in by email code requires the email. If you genuinely don't remember which one your account is on, two paths: - Try the email you usually use for gaming services. Most users sign up with their main personal email; the system will send a code if it's registered, and silently do nothing if it isn't. - Search your email for "Loudplay". The welcome message and any past receipts will be in your inbox under the email you registered with. If neither works, write to help@loudplay.io from any email you have access to. Tell us what you remember — when you signed up roughly, what payment method you used, the name on the card. We can look up the account from those clues and tell you which email it's on. Code never arrives See "Login codes and email verification" — it has the full diagnostic checklist (spam folder, typo, corporate email blocks, rate limits). If you've followed that and still don't get a code, the email might not have an account at all. The system replies "code sent" even when an email isn't registered, as a security measure. Try signing up as a new user with the same email — if you already had an account, it'll send you the code; if not, it creates one. "I think I have two accounts" This happens when someone signs up on Desktop with one email, then later signs up on Android with a different email — two distinct accounts, time on each, neither knows about the other. Loudplay doesn't currently merge accounts. If you have time on both, the practical options are: - Pick the one you want to keep, run down the time on the other. Hours expire 30 days after purchase anyway, so unused time on the secondary account is going to evaporate either way. - Write to support if the time amounts are significant. We can sometimes refund or move time between accounts on a case-by-case basis. Verify both accounts via OTP, explain the situation, ask for help. To prevent this in future: always use the same email when signing in on a new device. If the system asks for a code on a device, it's because that device hasn't seen you before — use the same email. "Expired session" or "your sign-in expired" If the launcher tells you your session expired and asks you to sign in again — this is normal and not a problem. Sign-in tokens have a limited lifetime; signing in again refreshes them. Use email code or password as usual. If it asks you to sign in every time you open the launcher (within a short window), something is preventing the token from being saved. On Windows: check that your antivirus isn't deleting the launcher's local data folder (%LOCALAPPDATA%\Loudplay\). On macOS: check that the app has permission to write to its sandbox. "Account is locked" or repeated failed attempts If you've hit the rate limit on codes (10 per hour per email) or verification attempts (10 per code), the system pauses sign-in for that email. The lock clears in an hour automatically. If you genuinely think your account is compromised — someone else is signing in or trying to — write to help@loudplay.io. We can lock the account on our side, force a password reset, and review recent sign-in IPs. When to write to support Write directly to help@loudplay.io if: - You've forgotten which email you used and can't find it in your inbox - You think you have multiple accounts and want them sorted out - The "Restore password" link isn't arriving and email codes aren't arriving either - You suspect the account is compromised In every case, include any details you remember: approximate sign-up date, payment method, name on card, country. We'll verify and help.

Deleting your account

Deleting your Loudplay account removes your profile, balance, and history from our system. It's permanent — there's no undo, no recovery window, no way to restore the account afterwards. This article walks through the process and what happens to your data. Before you delete A deleted account cannot be brought back. Specifically: - Any unused balance is gone. Hours bought on Desktop, time remaining on an Android subscription period, promo bonuses — all forfeit. There is no refund for balance lost to deletion. - Any active Android subscription is not automatically cancelled. If you have an auto-renewing Google Play subscription for Loudplay, you must cancel it through Google Play before deleting the account, otherwise Google will keep charging you for a service you can no longer use. See "Cancelling an Android subscription". - Game progress saved through Steam Cloud or Epic Cloud belongs to your Steam/Epic account — that's not deleted by Loudplay deletion. Saves stored locally on the virtual PC are gone the same way they would be if you simply stopped using the service. If you might come back later, don't delete — just stop using the service. Inactive accounts don't cost anything to keep around. How to delete Account deletion goes through the support chat, with email verification (OTP). The flow: 1. Open the support chat (the chat bubble on this page, or via help@loudplay.io). 2. Tell the agent you want to delete your account. 3. The agent (or chatbot) sends a 6-digit verification code to the email on the account. 4. You reply with the code in the chat. 5. After successful verification, the deletion is queued. You're told the deletion has started. 6. The deletion takes effect within a short processing window. After that, sign-in for that email no longer works. The OTP step exists so we don't accidentally delete the wrong account on someone else's request. The code is sent only to the email registered on the account; if you've lost access to that email, see the section below. You can include a reason When asking to delete, you can include why. We don't require it, and we don't push back on the decision — your account, your call. But if there's a specific reason ("the service didn't work for my use case", "moving to a competitor", "lost my payment method"), telling us helps us improve. Optional. "I can't access the email on my account" If you've lost the email and can't receive the OTP code, the account can't be deleted through the standard flow. Two paths: - Recover the email first. Most email providers have account recovery for forgotten passwords. Recover access, then come back and delete. - Contact support from any email you have access to. Tell us the situation, include any details that prove you own the account: approximate sign-up date, last payment receipt, name on the card used. We can verify ownership through these and process deletion manually. This takes longer than the standard flow. What gets deleted - Your profile (name, email, password hash) - Your balance records (hour buckets, subscription history, promo codes claimed) - Your session history - Any chat history with our support team - Your Steam / Epic library link (if you'd connected one — only the link from our side is removed; your Steam/Epic accounts are not touched) - Any feedback / survey responses you've submitted What does NOT get deleted - Your Steam, Epic, Rockstar, or other launcher accounts. Those belong to those companies, not us. - Your Google Play subscription (if you have one). You have to cancel that separately through Google Play. - Audit records required for accounting and tax compliance. We retain anonymised payment metadata (amount, date, method, currency) for the period required by financial regulations. This data has no link to you after deletion — it can't be used to identify or contact you. - Backups already taken. Our backup retention rotates these out within 90 days. If a backup was taken before deletion, it's purged on the normal schedule. After deletion - Signing in with the deleted email's address fails — the system treats it as an unregistered email. - If you sign up again later with the same email, that's a brand-new account with no history, no balance, and no link to the old one. - Refunds for purchases made before deletion can still be processed if you contact us within the normal refund window — but it's much easier to handle the refund first, then delete. Data export If you want a copy of your data before deletion, write to help@loudplay.io and ask for an account data export. We can provide a JSON file with your profile, transactions, and session history. Allow a few business days for the export to be prepared. Quick summary | What you want | What to do | |---------------|------------| | Take a break from the service | Just stop using it. Don't delete. | | Stop being charged on Android | Cancel the Google Play subscription only. Don't delete the account. | | Get my data and remove the account | Request data export → wait for it → cancel any active subscriptions → request deletion. | | Refund my balance and delete | Request the refund first (see "Refunds"), wait for it to process, then request deletion. | | Permanently delete with no concerns about balance | Open the chat, ask for deletion, complete the OTP verification. |