All payments in the preview are in test mode. Use card 4242 4242 4242 4242.

Trust Center

Trust, Security & Privacy

This page is maintained by the Theme Weaving team to answer common security and privacy questions about the product. It describes our current practices and is not an independent certification or audit report.

Shared responsibility

Theme Weaving is built on the Lovable platform. Lovable provides hosting, managed authentication, the database, and edge runtime. The Theme Weaving team is responsible for application logic, access control policies, and customer data handling within the app. Customers are responsible for protecting their account credentials and for the content they store in their tenants.

Authentication & access control

Accounts are protected by email/password and Google sign-in via Lovable's managed authentication. Each tenant's data is scoped to its owner using row-level security policies in the database, so users can only read and modify rows they own.

Privileged operations (subscription syncing, plan changes, entitlement grants) run server-side and are not exposed to the browser.

Data we store

We store the minimum needed to run the product: your account email, the tenants and design tokens you create, and subscription/billing metadata returned by Stripe (no full card numbers — Stripe handles payment data directly).

Subprocessors

  • Lovable — hosting, database, authentication, edge runtime
  • Stripe — payment processing and subscription billing
  • Google — optional single sign-on

Encryption

Traffic to the app is served over HTTPS. Data at rest in the managed database is encrypted by the underlying platform.

Retention & deletion

Your tenants and tokens remain available while your account is active. To request deletion of your account and associated data, contact us using the address below.

Cookies & analytics

We use cookies and local storage strictly to keep you signed in and to remember UI preferences. We do not run third-party advertising trackers.

Reporting a security issue

If you believe you have found a security vulnerability, please contact the maintainers through the support channel listed in your account so we can investigate and respond.

Compliance

Theme Weaving does not currently claim any formal certification (SOC 2, ISO 27001, HIPAA, PCI, etc.). We will update this page if that changes.