Trust & Security

Sign-in is handled through our managed authentication provider. Supported methods include email and password, phone (SMS), and Google sign-in. Sessions are stored in the browser and revoked on sign-out.

Administrative areas are protected by a role check on the server; only users with an explicit admin role can reach admin features.

The application is hosted on Lovable Cloud and served over HTTPS. The backend database enforces row-level security so that each signed-in user can only read and modify data that belongs to them, except where this page explicitly notes otherwise.

Lovable provides infrastructure controls; ALECS Africa is responsible for application logic, data handling, and customer communications. We are not independently certified by Lovable.

We store the information you provide to use the service: account details, alert preferences (jurisdictions, reminder channels, contact handles), compliance filings you track, evidence documents you upload, and activity logs needed to operate the service.

Evidence files are stored in a private storage bucket. Access is scoped to the uploading user and authorized server processes.

We rely on the following processors to deliver the service:

• Lovable Cloud — application hosting, database, authentication, file storage.
• Twilio — SMS and WhatsApp reminders, when you enable those channels.
• Email delivery — transactional emails for reminders and account messages.

Personal data is shared with these processors only to the extent needed to deliver the feature you requested.

Consent audit log entries are anonymized after 180 days and deleted after 365 days. Other user-owned records are kept while your account is active and removed on request.

To request export or deletion of your data, email privacy@alecsgroup.com.

If you believe you've found a security vulnerability, please email security@alecsgroup.com with a description and reproduction steps. Please do not publicly disclose the issue until we have had a chance to investigate.