We were made aware of concerns regarding the visibility of chat messages and code on Lovable projects with public visibility settings. To be clear: We did not suffer a data breach. Our documentation of what “public” implies was unclear, and that’s a failure on us. Specifically for public projects, chat messages used to be visible — this is now no longer possible. When it comes to code of public projects: That is intentional behavior. We have experimented with different UX for how the build history is surfaced on public projects, but the core behavior has been consistent and by design. Importantly, for enterprise customers, being able to set visibility to public for new projects has been disabled since May 25, 2025.
what if you could just start selling things by chatting with AI?
tomorrow will go down in history btw
We’re sorry our initial statement didn't properly address our mistake. Here's what a public project on Lovable means, and how we got to where we are today: In the early days, people didn't know what Lovable was capable of. So we wanted to make it easy to explore what others were building, as a way to spark ideas and lower the barrier to getting started. Like scrolling GitHub or Dribbble: you browse projects to see what's possible, then go build your own. When you create a project on GitHub, you can make it private or public. Lovable worked the same. Users had a "Public" or "Private" option right in the chatbox. A public project meant the entire project was public, both chat and code. “Just like a public project on GitHub," we thought. Over time, we realized this was confusing. Many users thought "public" just meant others could see their published app, not the chat of an unpublished project. That's reasonable. On the free tier, users originally couldn't create private projects. They had to upgrade to a paid plan to do so. In May 2025, we changed this: users on the free tier could choose to make their projects private. For enterprise customers, the public visibility setting was disabled altogether. And in December 2025, we switched to private by default across all tiers. We also retroactively patched our API so public project chats couldn't be accessed, no matter what. Unfortunately, in February, while unifying permissions in our backend, we accidentally re-enabled access to chats on public projects. This was reported through our vulnerability disclosure program (via HackerOne). Unfortunately, the reports were closed without escalation because our HackerOne partners thought that seeing public projects’ chats was the intended behaviour. Upon learning this, we immediately reverted the change to make all public projects’ chats private again. We appreciate the researchers who uncovered this. We understand that pointing to documentation issues alone was not enough here. We’ll do better.
We're aware of recent reporting about Delve’s compliance practices. Lovable is not a Delve customer. We proactively moved to Vanta in late 2025, before any of this came to light. Our SOC 2 Type II was independently audited by Prescient Assurance. We’re currently undergoing an independent internal audit of our ISMS, recertifying ISO 27001, and have our next SOC 2 Type II scheduled for Q3 2026. Security is not an afterthought at Lovable. It's a company-wide commitment backed by a dedicated team and continuous investment. Our current compliance practices are all here: t.co/s4PVhd5wnI
Lovable’s 1st birthday is in a few weeks, and we’re hosting a party…
Lovable (@lovable) has 152K X followers with a 0.43% engagement rate over the past 12 months. Across 804 posts, Lovable received 117K total likes and 29.9M impressions, averaging 146 likes per post. This page tracks Lovable's performance metrics, top content, and engagement trends — updated daily.