Trust

Security & privacy at Kwai Lekr

This page is maintained by Kwai Lekr to answer common security and privacy questions about the Kwai Lekr storefront and quote platform. It describes the controls and practices that are currently in place. It is app-owned editable content — not an independent certification or audit report.

Roles

Accounts & access

Customers sign in with email and password to manage their cart, place orders, request quotes, and view their own invoices. Sessions are managed by our authentication provider and stored in the browser; signing out clears the session locally.

Administrative tools (catalog, orders, quotes, invoices, users, site settings) are restricted to staff accounts assigned an administrator role. Role checks are enforced on the database via row-level security and on the server inside privileged functions; client-side checks are only used to hide UI.

Platform

Hosting & infrastructure

The site is built with TanStack Start and deployed on Lovable's hosting platform. Backend data, authentication, file storage, and serverless functions are provided by Lovable Cloud (Supabase). Traffic to the published site is served over HTTPS.

Shared responsibility: Lovable provides the underlying application platform, database, and authentication services. Kwai Lekr is responsible for the application code, access policies, content, and how customer data is collected and used inside the app.

Data

What we collect & why

When you create an account or place an order we collect the information needed to fulfil it: name, email address, optional phone number, preferred contact method, and shipping or billing address. Order and invoice records include the items, prices, and totals associated with your purchase.

When you request a quote we additionally store the project brief, quantities, decoration requirements, and any company details you provide. Formal quote documents may include a signatory name and the IP address used when accepting a quote, for record-keeping.

Product images you upload through the admin tools are stored in a private storage bucket and served through short-lived signed URLs.

Subprocessors

Service providers

Kwai Lekr relies on the following service providers to operate the site:

  • Lovable — application hosting and the Lovable Cloud backend (database, authentication, storage, serverless functions).
  • SMTP email provider — used to send transactional email such as account, order, and quote notifications.
  • Twilio — used to send WhatsApp notifications where enabled by an administrator.

We do not sell customer data, and we share it with these providers only to deliver the service you have requested.

Browser

Cookies & local storage

We use browser storage to keep you signed in and to remember cart contents between visits. We do not run third-party advertising trackers on the storefront. Any analytics tooling we add in the future will be disclosed here.

Retention

Retention & deletion

Account, order, quote, and invoice records are retained for as long as your account is active and for a reasonable period afterwards to support warranty, returns, accounting, and tax obligations. You can ask us to delete your account and associated personal data by contacting us at the address below; certain records (for example completed financial transactions) may be retained where we are required to keep them.

Privacy

Privacy requests

To request a copy of the personal data we hold about you, to correct it, or to ask for it to be deleted, email hello@kwailekr.co.za. We aim to respond within a reasonable timeframe.

Reporting

Security contact

If you believe you have found a security issue affecting the Kwai Lekr site, please email hello@kwailekr.co.za with a description and steps to reproduce. Please do not publicly disclose the issue until we have had a chance to investigate and respond. We appreciate responsible disclosure and will acknowledge legitimate reports.

Compliance

A note on certifications

This page describes controls and practices we have in place today. It is not a substitute for an independent audit and does not claim certification against any specific standard (for example SOC 2, ISO 27001, PCI DSS, GDPR, or HIPAA). If you need formal documentation for a procurement or compliance review, please contact us and we will discuss what we can share.

Questions?

For anything not covered here, reach the team at hello@kwailekr.co.za or start a quote.

Briefing a project?

Tell us about volumes, decoration and deadlines. We'll come back with a quote, mock-ups and stock confirmation within one working day.

Help
Studio

18 Geldenhuys Road
Sandton, Johannesburg 2196
South Africa

+27 11 234 5678
hello@kwailekr.co.za

Level 2 B-BBEE · Reg. 2018/443210/07

Kwai Lekr
© 2026 Kwai Lekr · Dis Kwai, Dis Lekker.