Addressing Security Concerns, Payments & Misinformation 
Hi.
I am Lupita She-Devil, one of the Lead Developers at Demona Vosz.
It has come to my attention that there are discussions circulating in our community regarding the security of our platform, specifically concerning payment methods and data storage. While we welcome healthy skepticism—it keeps everyone safe—we have zero tolerance for misinformation spread by uninformed speculation.
Let’s dismantle the myths and clarify our roadmap.
1. Stripe Payments & "Entering CC info on the site"
Some users have expressed concern because our payment form does not redirect you to an external Stripe URL, assuming this means we are handling your credit card numbers directly. This is FALSE.
We utilize Stripe Elements, the modern, industry-standard API provided officially by Stripe.
How it works: When you see the credit card input fields on our site, those fields are actually secure iframes hosted directly by Stripe's servers, not ours.
Security: Your full credit card number never touches our database or our logs. The data goes straight to Stripe, and they return a secure "token" to us to finalize the transaction.
Why we do it: This provides a seamless user experience without sacrificing a single bit of security. It is fully PCI-DSS compliant.
2. The Current State of PayPal
There have been questions about our current PayPal integration. To be transparent: the current implementation is a temporary, user-friendly alternative designed specifically to help our Chinese community and players who experience errors or declines when using Stripe.
We use standard PayPal Hosted Buttons. When you click to pay, you are interacting with verified PayPal merchant tools. We do not ask you to manually "send money" to a random email address; the system is automated and integrated via IPN (Instant Payment Notification) to deliver your Drako automatically.
We are currently in close, active discussions with PayPal Brazil Business to implement a broader, fully integrated solution that aligns perfectly with our other payment gateways. Until that upgrade is finalized, the current method remains a secure, verified way to support the server for those who cannot use credit cards directly.
3. Password Storage & Encryption
We take account security extremely seriously. We do not store plain text passwords.
We use industry-standard Bcrypt hashing algorithms to protect your credentials. When you create an account or change your password, it is immediately converted into a cryptographic hash. Even if someone were to look directly at our database, they would never see your password. Instead, they would see a secure string like this:
$2y$10$DQ/ipcSLcPcWY2N3CnNMJ...
It is mathematically impossible to reverse-engineer this string back into your original password using current technology. Your account integrity is our priority.
Final Thoughts
We work hard to bring you a stable and fun game. We are transparent about our methods because we have nothing to hide. If you have questions about security, ask us directly instead of spreading fear based on guesses.
We are here to stay, and we take the safety of our players—and our code—very seriously.
Let’s Recap:
Secure Payments: Verified integrations.
Secure Accounts: Protected by heavy Bcrypt encryption.
Secure Game: Full backend logic validation. Safe and fair.
See you in Vanya.
Lupita She-Devil Lead Developer - Demona Vosz Team
I am Lupita She-Devil, one of the Lead Developers at Demona Vosz.
It has come to my attention that there are discussions circulating in our community regarding the security of our platform, specifically concerning payment methods and data storage. While we welcome healthy skepticism—it keeps everyone safe—we have zero tolerance for misinformation spread by uninformed speculation.
Let’s dismantle the myths and clarify our roadmap.
1. Stripe Payments & "Entering CC info on the site"
Some users have expressed concern because our payment form does not redirect you to an external Stripe URL, assuming this means we are handling your credit card numbers directly. This is FALSE.
We utilize Stripe Elements, the modern, industry-standard API provided officially by Stripe.
How it works: When you see the credit card input fields on our site, those fields are actually secure iframes hosted directly by Stripe's servers, not ours.
Security: Your full credit card number never touches our database or our logs. The data goes straight to Stripe, and they return a secure "token" to us to finalize the transaction.
Why we do it: This provides a seamless user experience without sacrificing a single bit of security. It is fully PCI-DSS compliant.
2. The Current State of PayPal
There have been questions about our current PayPal integration. To be transparent: the current implementation is a temporary, user-friendly alternative designed specifically to help our Chinese community and players who experience errors or declines when using Stripe.
We use standard PayPal Hosted Buttons. When you click to pay, you are interacting with verified PayPal merchant tools. We do not ask you to manually "send money" to a random email address; the system is automated and integrated via IPN (Instant Payment Notification) to deliver your Drako automatically.
We are currently in close, active discussions with PayPal Brazil Business to implement a broader, fully integrated solution that aligns perfectly with our other payment gateways. Until that upgrade is finalized, the current method remains a secure, verified way to support the server for those who cannot use credit cards directly.
3. Password Storage & Encryption
We take account security extremely seriously. We do not store plain text passwords.
We use industry-standard Bcrypt hashing algorithms to protect your credentials. When you create an account or change your password, it is immediately converted into a cryptographic hash. Even if someone were to look directly at our database, they would never see your password. Instead, they would see a secure string like this:
$2y$10$DQ/ipcSLcPcWY2N3CnNMJ...
It is mathematically impossible to reverse-engineer this string back into your original password using current technology. Your account integrity is our priority.
Final Thoughts
We work hard to bring you a stable and fun game. We are transparent about our methods because we have nothing to hide. If you have questions about security, ask us directly instead of spreading fear based on guesses.
We are here to stay, and we take the safety of our players—and our code—very seriously.
Let’s Recap:
Secure Payments: Verified integrations.
Secure Accounts: Protected by heavy Bcrypt encryption.
Secure Game: Full backend logic validation. Safe and fair.
See you in Vanya.
Lupita She-Devil Lead Developer - Demona Vosz Team
