Signing In to realvco
realvco.com offers two sign-in methods — Email Magic Link and Google OAuth. No password to set, no password to remember.
Method 1: Email Magic Link
Flow
- Go to realvco.com/account
- Enter your email
- Click Send Magic Link
- Open the email we send you
- Click the link → signed in
📷 Screenshot pending (the realvco.com sign-in page is hosted on the marketing site and has not been mirrored to the docs).
Magic Link Expiry
30 minutes. After that, request a new one.
Why 30 minutes? Customers with multiple realvco accounts (e.g. one personal, one for the company) see a “select which account to enter” page after clicking the email. 30 minutes gives breathing room — open the email, walk away to grab a drink, come back to decide from a calm place without the clock chasing you. For single-account customers it’s plenty; for multi-account customers it’s just right.
If You See an “Expired” Screen
Could be either of two cases — read what the screen says:
| Expiry type | Meaning | What to do |
|---|---|---|
| Sign-in link expired | The Magic Link in the email was not clicked within 30 minutes | Go back to realvco.com and request a fresh one |
| Sign-in session expired | You did click the link, but lingered on the account-select page too long (pre-auth expired) | Start over — re-enter your email to request a new Magic Link |
Not Receiving the Email?
Common causes:
- Spam folder — search for
noreply@mail.realvco.com - Typo in the email address — try again
- Mail-server delay — occasionally 1 to 2 minutes
- Corporate filters blocking external senders — try a Gmail address
If nothing after 10 minutes → open a support ticket.
Method 2: Google OAuth
Sign in with your Google account — no email wait.
Flow
- Go to realvco.com/account
- Click Continue with Google
- Pick your Google account
- Authorize realvco to read your email and basic profile
- Signed in
First-Time Google Sign-in
If your Google email has never registered on realvco:
- The system creates a new account
- This becomes your realvco account
If your Google email was previously used with Email Magic Link:
- The system detects the matching email
- Both sign-in methods merge automatically
- Your orders, VPSs, and commissions are preserved
Multiple Google Accounts
If:
- Email A (
you@example.com) is already registered on realvco - Google Account B (
you+work@example.com) has never been used
Signing in with B creates a new account (no merge), because the emails aren’t identical.
+n email addresses count as separate accounts.
you@example.com and you+anything@example.com are the same inbox in most mail systems, but on realvco they are different accounts. Use the exact same address.
Signing Out
Email Magic Link: the cookie lasts 30 days. Sign out early from the avatar menu → Logout.
Google OAuth: same — Logout clears the realvco cookie (without signing out of Google).
Switching Devices
Regardless of method, each device must verify once. The same account can be signed in on multiple devices simultaneously.
FAQ
Q: I Registered With Email — Can I Add Google OAuth Later?
Yes. realvco account page → Settings → Login Methods → add Google. Both methods coexist and either will sign you in.
Q: After Google OAuth I Cannot See My Previous Orders
You probably registered with a different email. Open a support ticket with both emails — accounts can be merged.
Q: Can I Sign in With Facebook / Apple / LinkedIn?
Currently Email + Google OAuth only. More providers may be added later.
Q: How Secure Is This?
- A Magic Link is single-use and invalidated after consumption
- When you request a new Magic Link, the previous one is automatically invalidated — if you request two emails in a row, only the latest one works; clicking the older one shows “expired” (so even if an old email is dug up, it can’t be used to sign in)
- Google OAuth follows the industry-standard secure flow
- Credentials are encrypted at rest and never exposed to page JavaScript, reducing theft risk (technically an httpOnly Cookie)
- Even if someone impersonates you and asks support to re-issue a Magic Link, the system automatically blocks them — only one per account per 30 seconds, max 30 per hour system-wide. So you won’t wake up to find an attacker has stuffed your inbox with sign-in emails trying to brute-force a session.
- Magic Links unused for over 7 days are auto-cleaned by the system (data hygiene)
- Every sign-in event logs IP and device — visible on the account page
Related Docs
- Subscription Management
- How Magic Token Works — not the Magic Link covered here; this is the separate sign-in mechanism for the Admin Panel on your mVPS (easy to confuse, please note)
- Security Best Practices