Trust center / Security practices
Security practices for the contact form
The Kanwer Polytex website protects the contact route with validation, anti-abuse controls, and request-level traceability before a buyer requirement reaches internal handling.
Route checks
Payload validation before processing
The lead API checks content type, payload size, JSON structure, and field-level validity before a requirement can enter the workflow.
Abuse controls
Rate limiting, honeypot, reCAPTCHA, and duplicate locks
The intake surface uses layered controls to block spam bursts and repeated submissions without weakening the operator workflow.
Stored signals
Request IDs, hashed IPs, and notification state
Each accepted requirement is stored with the operational metadata needed to trace persistence and delivery outcomes.
Entry protection on the lead route
The lead endpoint rejects malformed or obviously invalid traffic before business logic runs. This keeps the contact path explicit, auditable, and harder to abuse.
- Requests must use the expected content type and stay within the configured payload size limit.
- The raw request body is parsed explicitly and rejected when JSON is malformed or empty.
- Server-side schema validation checks the complete lead payload, including dependent product fields.
- A hidden honeypot field is checked before the submission can proceed deeper into the workflow.
Bot and duplicate suppression
The intake flow is designed to reduce bot traffic and repeated bursts without blocking the path for legitimate buyers.
- Google reCAPTCHA verification is enforced by the server-side lead route in production-capable environments.
- Rate limiting is applied before processing to reduce repeated submission abuse.
- Email addresses are normalized and requirement content is fingerprinted so exact repeats can be identified.
- A short-lived submission lock helps suppress repeated bursts while preserving clean retry behavior when persistence fails.
Stored operational record discipline
Accepted requirements are stored with the operational context needed to audit the route, trace notification delivery, and review suspicious patterns.
- Each record carries a request ID so the submission can be traced across intake, persistence, and notification steps.
- IP addresses are stored as hashes rather than raw values for operational review and abuse analysis.
- Normalized email values and requirement fingerprints are stored to support duplicate detection.
- Notification state is written back to the lead record so delivery success or failure remains visible to operators.
Operational review and escalation
Security-related questions or suspicious website behavior should be reported through the official contact route so the request can be reviewed against logs, request IDs, and stored notification state.
- Use the contact page or official email for security-related questions tied to a live request.
- Include the request ID when referencing a specific submission.
- These practices can evolve as the website's intake stack and operational safeguards are refined.
Need to report an intake issue?
Use the official contact route so the security question can be linked to the relevant request context, notification state, or route behavior.
Operational facts
TextileFairy Consultancy Pvt. Ltd.
Dyeing plants
Shelar Dyeing Plant
772/1/2, Laxmi Compound, Shelar, Bhiwandi, Thane District, Maharashtra 421-302.
Shelar dyeing-plant detail for directions, visit planning, and buyer reference.
Get directionsKatai Dyeing Plant
1128/1/2, Goradkar Compound, Village Katai, Bhiwandi, Thane District, Maharashtra 421-302.
Katai dyeing-plant detail for directions, visit planning, and buyer reference.
Get directions