Guild is designed with security in mind. Authentication is passwordless, which means there are no passwords to leak, forget, or reuse across services. Every sign-in is verified through your email or a connected Google account.
Passwordless Authentication
When you sign in to Guild, you receive a one-time 5-digit verification code via email. This code expires after 10 minutes and can only be used once. Because there are no stored passwords, common attack vectors like credential stuffing and password database breaches do not apply.
For the full sign-in walkthrough, see Sign Up & Sign In.
Session Management
After signing in, Guild creates a session that keeps you authenticated as you browse the platform. Sessions are maintained securely using HTTP-only cookies that are not accessible to JavaScript, protecting against cross-site scripting attacks.
You can sign out at any time by clicking your profile photo in the top-right corner and selecting
Sign Out
. This ends your current session immediately.Connected Accounts
You can connect your Google account to Guild for one-click sign-in. When connected, clicking
Continue with Google
on the sign-in page authenticates you instantly without needing an email code.Google account connections are also used for Calendar Sync, which automatically adds Events to your Google Calendar when you RSVP. You can manage connected accounts from your account Settings.
Your Data
Guild only collects the information needed to provide the service — your email address, display name, and any profile details you choose to add. Your email address is used for authentication and notifications, and is not shared publicly unless you choose to display it.