Trust & Security

• Sign in with email + password or with Google.
• Passwords are never stored in plain text; account sessions are signed and stored in your browser.
• Password reset is handled through a verified email link.
• Admin functionality is gated by server-side role checks, not by anything the browser claims.

• Account: name, email, optional phone number.
• Orders: shipping address, items, totals, and order status.
• Payments: handled by PayFast — we do not see or store your card details.
• Site analytics: aggregated usage to help us improve the store.

Your information is used to fulfil orders, send order and dispatch notifications, provide customer support, and operate the store. We do not sell personal data.

• Hosting & backend: Lovable Cloud (managed Supabase) — database, authentication, file storage.
• Payments: PayFast (South Africa).
• Shipping: PUDO and our configured courier partners.
• Email: Resend (transactional order emails).
• SMS: SMSPortal (order & dispatch SMS).

Each provider receives only the data needed to perform its service.

• Customer data is protected by row-level security policies — users can only read and write their own records.
• Admin-only resources (orders, products, shipping labels) are restricted to staff accounts.
• Shipping label files live in a private bucket and are only accessible to admins.

We use first-party cookies and local storage to keep you signed in and to remember your cart. We do not use third-party advertising cookies.

You can update your profile and view your order history from your account page. To request a copy of your data or deletion of your account, contact us using the details on our Contact page.

If you believe you have found a security issue, please email us through the address on our Contact page with as much detail as possible. We appreciate responsible disclosure.

See our Privacy Policy and Terms of Service for the full legal text.