import { createFileRoute, Link } from "@tanstack/react-router";

export const Route = createFileRoute("/trust")({
  head: () => ({
    meta: [
      { title: "Trust & Privacy — Raju Travels & Digital Studio" },
      { name: "description", content: "Security, privacy, and data handling practices for Raju Travels & Digital Studio." },
      { property: "og:title", content: "Trust & Privacy — Raju Travels & Digital Studio" },
      { property: "og:description", content: "Security, privacy, and data handling practices for Raju Travels & Digital Studio." },
    ],
  }),
  component: TrustPage,
});

function Section({ title, children }: { title: string; children: React.ReactNode }) {
  return (
    <section className="mb-8">
      <h2 className="text-xl font-semibold text-foreground mb-3">{title}</h2>
      <div className="text-sm leading-relaxed text-muted-foreground space-y-2">{children}</div>
    </section>
  );
}

function TrustPage() {
  return (
    <div className="min-h-screen bg-background">
      <div className="mx-auto max-w-3xl px-6 py-12">
        <header className="mb-10 border-b pb-6">
          <h1 className="text-3xl font-bold text-foreground">Trust & Privacy</h1>
          <p className="mt-3 text-sm text-muted-foreground">
            This page is maintained by Raju Travels & Digital Studio to answer common security
            and privacy questions about the application. It is editable project content and is
            not an independent certification or audit report.
          </p>
        </header>

        <Section title="About this application">
          <p>
            Raju Travels & Digital Studio operates an internal point-of-sale and inventory
            management system used by authorized staff to record sales, manage stock, customers,
            suppliers, expenses, and related business operations.
          </p>
        </Section>

        <Section title="Access & authentication">
          <p>
            The application is staff-only. New accounts require email-based sign-in and must be
            granted a role (admin, manager, cashier, or accountant) by an administrator before
            they can read or write any business data. Accounts without an assigned role cannot
            access customer, sales, product, or financial information.
          </p>
        </Section>

        <Section title="Platform & hosting">
          <p>
            The application runs on the Lovable platform with a managed Postgres database and
            object storage. Lovable provides infrastructure features such as managed TLS,
            row-level security enforcement, and isolated storage buckets. This describes platform
            capabilities and is not a Lovable-issued certification of this application.
          </p>
        </Section>

        <Section title="Data we store">
          <p>
            The system stores business records entered by staff: products, stock movements,
            customers, suppliers, invoices, payments, expenses, employee attendance, and product
            images. Staff account information is limited to the data required for sign-in and
            role assignment.
          </p>
        </Section>

        <Section title="Access controls">
          <p>
            Row-level security policies restrict every business table to authenticated staff
            accounts with an assigned role. Product image storage is similarly restricted to
            staff. Administrative actions such as role assignment are limited to admin accounts.
          </p>
        </Section>

        <Section title="Retention & deletion">
          <p>
            Business records are retained for as long as needed for operational and accounting
            purposes. For deletion requests or questions about specific records, contact the
            shop administrator.
          </p>
        </Section>

        <Section title="Contact">
          <p>
            For security or privacy questions, contact the shop administrator at the store
            directly. Please report suspected security issues privately so they can be
            investigated and addressed.
          </p>
        </Section>

        <Section title="Shared responsibility">
          <p>
            Lovable provides the underlying platform features described above. The shop owner is
            responsible for granting roles, managing staff access, keeping credentials private,
            and reviewing records entered into the system. Staff are responsible for following
            store policies when using the application.
          </p>
        </Section>

        <div className="mt-10 border-t pt-6">
          <Link to="/" className="text-sm text-primary hover:underline">← Back to home</Link>
        </div>
      </div>
    </div>
  );
}
