Sign Out Policy

CORPSE

The Operating System for Esports

Sign Out Policy

Sessions • Sign Out • Inactivity • Force Termination • Re-Login

Binding on: All Registered Users | All Active Sessions

This Sign Out Policy governs all session management, voluntary sign-out, automatic session expiry, and force-termination events on the Corpse platform. By using the Platform, you agree to be bound by this Policy.

PART IV Automatic Session Expiry — 90-Day Inactivity

11. Inactivity Definition

12. 90-Day Expiry Rule

13. Inactivity Warning Notification

14. Effect of Session Expiry

PART V Force Termination of Sessions

15. Credential Change — Email or Login Method

16. Account Suspension or Ban

17. Platform-Initiated Security Termination

PART VI Session Reference Table

18. All Session Events at a Glance

PART VII Governing Law & Contact

19. Governing Law

20. Contact

PART I — INTRODUCTION & SCOPE

1. What This Policy Covers

This Sign Out Policy ("Policy") governs all aspects of session management on the Corpse platform operated by [CORPSE ESPORTS PRIVATE LIMITED] ("Company", "we", "us", "our"). It sets out the rules governing:

• How user sessions are created and maintained on the Platform.
• What happens when a user voluntarily signs out of the Platform.
• How sessions are automatically expired after a period of inactivity.
• When and how sessions are force-terminated by the Platform — including on credential change, account suspension, or platform-initiated security events.
• The effect of sign-out and session expiry on arena registrations, platform data, and locally cached information.
• How a user re-authenticates after signing out or being signed out.

This Policy applies to every registered user of the Platform on every device and session through which they access the Platform.

2. Relationship to Other Corpse Policies

This Sign Out Policy operates within and supplements the following Corpse policies:

• Corpse Terms & Conditions — general session and account rules.
• Account Suspension & Ban T&C — force termination of sessions on suspension or ban is governed jointly by that policy and this one.
• Privacy Policy — data handling during and after sign-out is governed by the Privacy Policy.
• Account Creation & Deletion Policy — the distinction between signing out (temporary) and account deletion (permanent) is addressed in the Account Creation & Deletion Policy.

PART II — SESSION MANAGEMENT

3. What a Session Is

A session is the authenticated connection between a user's account and the Corpse platform on a specific device. A session is created when a user successfully signs into the Platform and is maintained until the session is voluntarily ended (sign out), automatically expired (inactivity), or force-terminated (credential change, suspension, or security event).

Sessions are managed using JSON Web Tokens (JWT) — a secure, industry-standard authentication mechanism. Each session token carries the user's identity, session expiry information, and device context. The Platform's backend validates the session token on every authenticated request — ensuring the session is still active and valid before any protected action is performed.

4. Single-Device Session Model

The Corpse platform operates on a single-device session model — a user's account can only have one active authenticated session per device at any given time. However, the Platform does not restrict a user to a single device — a user may be simultaneously logged in on multiple devices (for example, on both their Android phone and their iPad).

• Each device maintains its own independent session — signing in on a new device creates a new session for that device only.
• Signing out of one device terminates the session on that device only — other active sessions on other devices remain unaffected.
• The only events that terminate all active sessions simultaneously are: credential change (email or login method update) and account suspension or ban — as described in Part V.

Note: If you believe your account has been accessed on a device you do not recognise, contact support@corpsearena.com immediately. The Platform's security team can review active session records and take appropriate action to secure your account.

5. Locally Cached Data

The Corpse app stores a limited amount of data locally on your device to enable faster re-login and a smoother user experience on return visits. This locally cached data includes:

• Your account identifier (not your password or authentication credentials) — enabling the app to pre-populate your login screen on return.
• App preferences and UI settings — such as notification preferences and display settings you have configured.
• Non-sensitive profile data — such as your username and avatar, enabling the app to display your profile information on the login screen before authentication.

The following data is never cached locally:

• Authentication credentials — passwords, magic link tokens, OAuth tokens.
• KYC documents or financial data.
• Session tokens — these are stored in secure, encrypted storage on the device and are invalidated on sign-out.

Locally cached data is not deleted when a user signs out — it is retained to enable faster re-login. However, cached session tokens are invalidated immediately on sign-out, meaning cached data alone cannot grant access to the account without re-authentication.

PART III — VOLUNTARY SIGN OUT

6. How to Sign Out

A user can sign out of the Corpse platform at any time by navigating to their Profile within the app and selecting the 'Sign Out' option. The sign-out action is immediate — no confirmation delay or waiting period applies. The user is signed out of the Platform on the current device the moment the action is confirmed.

7. Effect of Sign Out on Current Device

When a user signs out of the Platform on the current device, the following occurs immediately:

• The active session token for the current device is invalidated — the user is logged out and cannot access any authenticated features of the Platform without signing in again.
• The app returns to the login screen — displaying the user's cached account identifier for convenience but requiring full re-authentication before access is granted.
• All authenticated actions — arena participation, squad management, guild management, financial transactions — become inaccessible until re-login.
• Locally cached non-sensitive data (username, avatar, preferences) is retained on the device for faster re-login — it is not deleted on sign-out.
• Cached session tokens are invalidated and deleted from secure storage — they cannot be reused for re-access.

8. Effect of Sign Out on Other Active Sessions

Signing out of the Platform on one device has no effect on any other active sessions on other devices. If a user is simultaneously logged in on two devices and signs out of one, the session on the other device remains fully active and operational. The user continues to have access to the Platform on the device they did not sign out of.

This design allows users to securely sign out of a shared or public device without disrupting their session on their personal device. If you sign out of a device you no longer use, your primary device session is preserved.

9. Arena Registrations After Sign Out

Signing out of the Platform does not affect a user's existing arena registrations. Registrations are account-level records — they are not tied to a specific session or device. When a user signs out:

• All active arena registrations are preserved — the user remains registered for all arenas they were registered for before signing out.
• Entry fees already paid are not refunded — sign-out does not constitute withdrawal from an arena.
• The user cannot participate in an arena while signed out — squad participation requires an active session on a device.
• If a match occurs while the user is signed out — the squad's registration remains intact and other squad members can still participate. The absent member's impact is governed by the Arena Joining T&C (Part VII, Section 33).

Important: Signing out while registered for an upcoming arena means you may miss the room card notification delivered 30 minutes before match start. Ensure you are signed in and active on at least one device before the room card distribution time if you are registered for a match. The Platform is not responsible for missed room card notifications due to the user being signed out.

10. Re-Login After Sign Out

After signing out, a user re-authenticates using the same method they used when creating their account:

Note: The re-login method is fixed to the method used when the account was created. A user who registered via Magic Link cannot switch to Google OAuth for re-login without updating their account authentication method in settings. Contact support@corpsearena.com if you need assistance changing your login method.

PART IV — AUTOMATIC SESSION EXPIRY — 90-DAY INACTIVITY

11. Inactivity Definition

For the purpose of this Policy, inactivity is defined as the absence of any authenticated interaction with the Corpse Platform on a specific device session. Inactivity is measured per session — a user who has multiple active sessions (on multiple devices) may have one session expire due to inactivity while another remains active.

The following actions constitute activity for the purpose of the inactivity clock — they reset the 90-day inactivity counter:

• Opening the Corpse app and completing authentication on the device.
• Any authenticated in-app action — browsing arenas, checking the leaderboard, managing squad or guild, viewing match history, or any other interaction with authenticated platform features.

The following do not constitute activity for the purpose of the inactivity clock:

• Receiving push notifications — receiving a notification without opening the app and interacting does not reset the inactivity clock.
• Having the app installed on the device without opening it.

12. 90-Day Expiry Rule

If a user's session on a specific device remains inactive for 90 consecutive calendar days, the session is automatically expired by the Platform. This means:

• The session token for that device is invalidated — the user is effectively signed out of that device.
• The user must re-authenticate using their registered login method to regain access on that device.
• The user's account itself is not affected — account data, ELO, match history, guild membership, and all other account-level information is preserved. Only the specific session on the inactive device is expired.
• If the user has other active sessions on other devices that were used within the 90-day period — those sessions are unaffected by the inactivity expiry of the inactive device's session.

Note: 90-day inactivity expiry applies per session (per device). If you use the Platform on one device regularly but have an old session on another device you no longer use, only the unused device's session will expire after 90 days.

13. Inactivity Warning Notification

Before a session is automatically expired due to inactivity, the Platform sends an advance warning notification to the user. This notification:

• Is sent to the user's registered email address and, where the device has push notifications enabled, as an in-app push notification.
• Is sent in advance of the 90-day expiry — giving the user sufficient time to re-open the app and reset the inactivity clock before their session expires.
• Informs the user which device/session is approaching expiry.
• Instructs the user to open the app and sign in to prevent expiry.

If the user does not act on the warning notification and the 90-day period elapses, the session expires as described in Section 12. No further warnings are sent after the initial notification.

14. Effect of Session Expiry

When a session expires due to 90-day inactivity, the effect is identical to a voluntary sign-out on that device:

• The session token is invalidated — access to the Platform on that device requires re-authentication.
• Locally cached non-sensitive data is retained on the device for faster re-login.
• Account-level data (ELO, history, registrations, guild membership) is fully preserved — expiry only affects the session, not the account.
• Other active sessions on other devices are unaffected.

PART V — FORCE TERMINATION OF SESSIONS

15. Credential Change — Email or Login Method

If a user updates their registered email address or changes their login authentication method — for example, linking a different Google account or changing from Magic Link to OAuth — the Platform immediately force-terminates all active sessions on all devices. This is a security measure to ensure that only the holder of the new, verified credentials can access the account.

• All active sessions across all devices are invalidated simultaneously upon credential change confirmation.
• The user is signed out of every device where they were logged in.
• The user must re-authenticate on each device using the updated credentials.
• A notification is sent to the user's registered email address (both old and new, where applicable) confirming the credential change and the resulting session termination.

Important: If you receive a credential change notification that you did not initiate — your account may have been compromised. Contactsupport@corpsearena.com immediately. Do not attempt to re-login until you have spoken with the Platform's security team.

16. Account Suspension or Ban

When the Platform applies a temporary suspension or permanent ban to a user's account — as governed by the Account Suspension & Ban Terms & Conditions — all active sessions on all devices are immediately and forcibly terminated. This session termination is automatic and simultaneous across all devices at the exact moment the suspension or ban is applied.

During Temporary Suspension:

• All active sessions are terminated immediately — the user is logged out of every device.
• All login attempts during the suspension period will display the suspension notice — the user cannot re-authenticate until the suspension ends.
• When the suspension period ends, the user can re-authenticate normally using their registered login method.

Upon Permanent Ban:

• All active sessions are terminated immediately and permanently — the user is logged out of every device.
• All login attempts display the permanent ban notice — the user cannot re-authenticate on the banned account.
• The session termination on a banned account is irreversible — no session can be created for a permanently banned account.

17. Platform-Initiated Security Termination

In addition to the specific triggers described in Sections 15 and 16, the Platform reserves the right to force-terminate one or all of a user's active sessions at any time if the Platform's security systems detect:

• Suspicious account activity — for example, concurrent authenticated sessions from geographically distant locations that are inconsistent with normal user behaviour.
• Potential account compromise — indicators that the account may have been accessed by an unauthorised party.
• Unusual transaction patterns — session activity patterns inconsistent with the account's normal usage that may indicate fraudulent use.

When the Platform force-terminates sessions for security reasons, the user is notified via email and, where possible, via push notification on the affected device. The notification includes a recommendation to review account security and change login credentials if the user did not initiate the session activity that triggered the security review.

PART VI — SESSION REFERENCE TABLE

18. All Session Events at a Glance

The following table is the complete reference for all session events on the Platform — what triggers them, which sessions are affected, and what the user must do to regain access:

PART VII — GOVERNING LAW & CONTACT

19. Governing Law

This Sign Out Policy shall be governed by and construed in accordance with the laws of India, including the Information Technology Act 2000 and the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021, as amended from time to time. This Policy operates within and supplements the Corpse Terms & Conditions of the Corpse platform.

20. Contact

For all session-related queries — including unrecognised sign-out events, suspected account compromise, or re-login issues — contact the Platform's support team:

This Sign Out Policy was last updated in April 2026 and is effective from May 1, 2026.

Version 1.0 | Corpse — [CORPSE ESPORTS PRIVATE LIMITED]

Confidential & Proprietary. All rights reserved.