Account security, recovery, and deletion lifecycle policy
DomainsDOL EnglishProduct223 words1 min read
DEC-0050 - Account security, recovery, and deletion lifecycle policy
Phần tiêu đề “DEC-0050 - Account security, recovery, and deletion lifecycle policy”Context
Phần tiêu đề “Context”Credential model was refined in DEC-0044, but account safety and lifecycle execution details remained fragmented.
Decision
Phần tiêu đề “Decision”Security and lifecycle rules:
- Password reset uses OTP on primary contact.
- Failed password attempts trigger temporary lock; OTP provides unlock path.
- New-device password login requires step-up OTP.
Contact and recovery:
- Contact change requires password + OTP to new contact.
- Old contact receives security alert after change success.
- No post-change hold window is applied.
- If social account has no usable email recovery path, fallback is CS recovery.
- Social email can be used as recovery channel when usable.
- Local-password setup for social account requires at least one verified recoverable contact.
- Contact change cooldown:
- email: 1/24h,
- phone: 1/7 days.
- Checkout requires email when missing; verified contact is persisted to profile.
Deletion lifecycle:
- Account delete uses 30-day soft-delete with manual restore confirmation.
- Auto-renew is canceled immediately when delete is initiated.
- After hard-delete, retain legal finance records only.
Decision Value
Phần tiêu đề “Decision Value”- Adds concrete protections against takeover and lockout.
- Keeps checkout contact quality for transaction/recovery continuity.
- Clarifies privacy retention boundaries for legal and user trust.
Rationale
Phần tiêu đề “Rationale”Security flows must be strict enough to protect account ownership while staying recoverable and operationally manageable for support teams.