Synopsis
Lovable, an app-building platform, has apologized for chat data exposure in public projects. The company clarified it was a mix of unclear product design and a technical error, not a data breach. Users could previously make projects public, with chat history visible. Changes were made to default projects to private.Listen to this article in summarized format
In a detailed statement posted on X, the company said its earlier communication “didn’t properly address” the problem. It clarified that the issue was not a data breach, but a mix of unclear product design and a technical error.
Lovable explained that initially users could make their projects `public' or `private’. Public projects were intended to be fully open, similar to public repositories on platforms like GitHub, including both code and chat history.
However, over time, the company realised that many users interpreted `public’ differently, assuming it applied only to the published app and not to underlying chats or development data, which were actually visible to others.
The statement comes after the startup responded to claims about client data being breached, adding that the issue stemmed from unclear documentation rather than a security breach.
In a series of posts on X, a researcher with the handle “impulsive” (@weezerOSINT) mentioned he was able to access another developer’s active project, including its full source code, database credentials, customer records, AI chat histories, and related data.
Clarifying its stance, the company said on Tuesday that it has begun tightening controls.
What led to this?
The company said it had already started making changes last year. Earlier, projects on the free tier were public by default. The company changed this in May 2025, and allowed users to create private projects on the free tier. In December, it made all projects private by default.
However, a system update earlier this year accidentally turned chat visibility back on for some public projects. The issue was reported by researchers but not flagged as a problem initially as it was mistaken for intended behaviour.
Lovable said it has now reversed the change and ensured that chats in public projects are no longer accessible.
The company acknowledged that its documentation and settings were confusing. “We understand that pointing to documentation issues alone was not enough here. We’ll do better,” it said.
Lovable, a vibe coding platform, allows users to build applications through conversational interfaces, making chat histories a core part of the development process.
