Lumani Ecosystem Commerce

Live

Every plugin is a door you didn’t build, and can’t lock.

Running a real store on the usual platform means assembling it from other people’s parts. We did that for years, did everything right, and a plugin we didn’t write still got a client hacked. So we stopped assembling stores and started building them.

Why we built it

The model itself was the vulnerability. So we left the model behind.

To sell a t-shirt with a size and a colour on a plugin-based platform, you end up running a dozen extensions: one for South African shipping, another for the payment gateways, another just to edit the checkout fields for local addresses, more for product options, one for security, a couple for marketing. Each is written by a different team, on its own update schedule, and each one is a door into your store.

We hardened the servers, kept things patched, monitored everything. And it still happened: a plugin we didn’t write, maintained by people we’ll never meet, had a known vulnerability, and a client got hacked. Payment data intercepted. It wasn’t carelessness. No human can track every plugin, every vendor, every disclosed CVE, across every store, forever. The model itself is the vulnerability, and one of those strangers always slips.

So we built the store, not a pile of plugins pretending to be one. The things you actually need are built in. There are no third-party plugins, because there’s no plugin system to exploit. Fewer moving parts, a far smaller attack surface, nothing to wake up to on a Tuesday.

0

Third-party plugins. None to update, none to exploit.

Built in, not bolted on

  • Product variants
  • Custom fields
  • Inventory
  • Customer accounts
  • Checkout
  • Discounts
  • Payfast
  • Yoco
  • PayGate
  • Peach
  • SnapScan
  • Stripe

Lite doesn’t mean less. It means the things you’ll actually use, and none of the surface area you won’t.

We built the store.
Not a pile of plugins pretending to be one.

Start the conversation

What we kept seeing

Six things the plugin model costs you, and what we built instead.

A plugin we didn’t write, maintained by people we’ll never meet, had a known vulnerability. A client got hacked. Payment data intercepted.

There’s no plugin system to exploit, so the most common way stores get breached simply doesn’t exist here.

To sell one t-shirt with a size and a colour, you’re running a dozen extensions, each from a different team, each on its own update schedule.

Variants, custom fields, inventory and customer accounts are built in, one codebase, one team that answers for all of it.

South African shipping and the local payment gateways each arrive as their own paid, third-party plugin.

Payfast, Yoco, PayGate, Peach and SnapScan are built in, plus Stripe for international. Not bolted on.

No human can track every plugin, every vendor and every disclosed CVE across every store, forever. One of them always slips.

Far fewer moving parts and a far smaller attack surface. There’s simply less that can go wrong.

Need a specific gateway or feature? On a plugin platform that’s a hunt for an add-on and a prayer that it’s still maintained.

Because we develop it with AI tooling, the gateway or feature you need is a request we fulfil fast, not a project.

“Lite” platforms usually mean less: they cut the things you actually need to run a real shop.

Lite here means the things you’ll actually use, and none of the surface area you won’t.

Live

Where it’s at

Live, and serving real stores today.

It’s running real shops right now, with more being built on it. If you’re selling online and tired of babysitting a dozen plugins you didn’t write, that’s exactly the problem we solved.

Start the conversation