We use a customised hosted login page for our login and password reset.
While taking some screenshots for a user guide for our web app, we entered "email@example.com" in the form where the user enters their email address to reset their password. unexpectedly, it came up with a profile photo and said “Welcome xxx!”.
There is no user with that email address in our connections. (We use one database connection for this client). Is this a demo feature of Lock, or is it picking up this user account from somewhere?