Trust & Privacy

This page is maintained by Thabange to answer common questions about how the Thabange Loyalty app handles your data and account. It is editable project content — not an independent certification or third-party audit.

What we collect

Account details you provide: name, email, and optional phone number.
Loyalty activity recorded by staff: visits, fuel amount, points awarded, and redemptions.
Basic technical data needed to keep the app running, such as authentication sessions.

Access & account controls

Sign-in uses email & password with leaked-password protection enabled.
Each customer can only read and edit their own profile fields (name, phone).
Loyalty fields (points balance, lifetime points, tier) can only be changed by staff actions, never by customers themselves.
Only staff with the admin role can record visits or manage user roles.

Where your data lives

Customer data is stored in our managed backend (Lovable Cloud, powered by Supabase). Access is gated by row-level security policies so each customer only sees their own records.

Offline mode

The app caches your profile and lets staff queue visits while offline. Queued visits sync to the server as soon as the device reconnects; nothing is shared with third parties during offline use.

Data requests & contact

For account deletion, data export, or any privacy question, please contact the Thabange team at the email address listed on your account's communications. We will respond as quickly as we can.

This page describes current app-visible controls and is updated as the product evolves. It is not a legal agreement or a compliance certification.