Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.lovable.dev/llms.txt

Use this file to discover all available pages before exploring further.

The Privacy & security tab is where workspace admins and owners manage workspace-wide controls for access, publishing, sharing, connected tools, security automation, and data protection. Open it from Settings → Security & compliance → Privacy & security. After changing settings on this page, click Save to apply most updates. Settings are grouped into the same sections shown in the UI.

Access & membership

Controls how people join the workspace, what access new projects use by default, and whether projects can be moved to another workspace.

Default project access

Available on: All plans; Restricted is available on Business and Enterprise
Default: Workspace Sets the visibility of every new project at the moment it is created.
Changing the setting does not change the visibility of existing projects.
OptionWho can see the project
Workspace (default)All members of this workspace can view, remix, or edit the project based on their role.
Restricted (Business and Enterprise)Only the owner and explicitly invited collaborators can access the project.
Keep in mind that workspace owners have full access to all projects in the workspace and can view and edit them.
See Control project access for more information.

Restrict workspace invitations

Available on: Enterprise
Default: Disabled When disabled, editors, admins, and owners can invite viewers and external collaborators by email. When enabled, only admins and owners can invite members by email to this workspace. Editors lose the ability to invite.
This restricts manual invitations only. JIT and SCIM provisioning continue to add users based on identity-provider configuration. If your workspace uses verified-domain JIT, users with matching email domains will still be automatically provisioned on sign-in.
See Invite by email for more information. Available on: Free, Pro, and Business
Default: Enabled When enabled, workspace admins and owners can generate a shareable link that lets anyone use it to join the workspace at a chosen role. Invite links expire 5 days after creation, and only one active link per role can exist at a time. When disabled, no one can create invite links. See Invite by link for more information.

Workspace discovery

Available on: Business and Enterprise
Default: Enabled When enabled, anyone signing in to Lovable with an email address from your organization’s verified domain can find this workspace from the Find your team’s workspace flow and request access. This helps new employees find the workspace without needing a direct invitation. When disabled, the workspace is invisible to domain-based discovery. Only users with a direct invitation can join. Public email domains (such as @gmail.com) cannot discover workspaces this way regardless of the toggle.
Turning discovery off stops new requests but does not clear any access requests that were already submitted. Review and deny pending requests in Settings → People.
See Workspace access requests and Find your team’s workspace for more information.

Allow editors to transfer projects

Available on: Enterprise
Default: Disabled When disabled, only admins and owners can initiate a project transfer. When enabled, editors who own a project can move it to another workspace, including a personal workspace outside your organization.
For regulated environments, leave this off. An editor transferring a project to a personal workspace removes it from your governance boundary entirely.

External collaborator access

Available on: Business and Enterprise (only visible when Enforce SSO is active)
Default: Not allowed Controls whether users outside your SSO domain can be added as collaborators on projects in this workspace, and at what maximum access level.
OptionWhat it means
Not allowed (default when Enforce SSO is enabled)External users cannot be added to projects. If members try to invite someone outside your organization to a project, they get an error informing them that this is not allowed.
Viewer onlyExternal users can be added as read-only project viewers.
Editor or belowExternal users can be added as project viewers or editors.
When you turn on Enforce SSO, Lovable shows a confirmation dialog with a Remove all external collaborators checkbox, on by default.
  • If you leave it checked, existing external collaborators are removed at the same time SSO is enforced.
  • If you uncheck it, existing external collaborators keep their access on every project they were already invited to, capped at editor level. The workspace’s External collaborator access setting is set to Editor or below as part of this flow.
If you later change External collaborator access to Not allowed, Lovable shows a similar confirmation dialog with a remove option. If you choose not to remove them, existing external collaborators remain in the People list but lose access. The next time they try to open the workspace or one of their projects, they see an External collaboration disabled error. If their email matches one of your verified domains, they’re redirected to sign in through SSO instead. A successful SSO sign-in provisions them as a full workspace member through just-in-time provisioning, and they’re no longer subject to the external-collaborator restriction. See Block or limit external collaborators for the full flow.

Publishing

Controls who can publish projects, what audience published projects use by default, and whether security checks can block publishing.

Default website access

Available on: Business and Enterprise
Default: Anyone Sets the default audience for a project the first time it is published. Changing this setting does not retroactively change access for already published projects.
OptionWho can reach the published URL
Anyone (default)Anyone with the link
Workspace (Business and Enterprise)Authenticated workspace members only
Individual projects can override the workspace default during the publish flow. See Publish your project for more information.

Who can publish externally

Available on: Enterprise
Default: Editors and above By default, any workspace editor, admin, or owner can publish externally on all plans. Enterprise workspaces can restrict this further. This setting sets the minimum workspace role required to publish a project to a public URL.
OptionWho can publish externally
Editors and above (default)Any workspace editor, admin, or owner can publish externally
Admins and owners (Enterprise)Only workspace admins and owners can publish externally
Owners only (Enterprise)Only workspace owners can publish externally
Existing public projects can still be re-published by editors if they were already public before this setting was tightened. The stricter restriction applies only when a project is published publicly for the first time, or when a previously public project has been unpublished and is deployed publicly again.
Self-locking behavior: If this is set to Owners only, only the owner can change it. An admin who tries to lower the restriction will find the control disabled with an explanation that their role is not high enough. The owner must relax the policy first.

Block publishing with critical findings

Available on: All plans
Default: Disabled. When disabled, projects can be published regardless of critical findings, although the publish dialog still surfaces them as security warnings. When enabled, a project cannot be published if its most recent security scan returned critical-severity findings. The publish action is blocked until error-level findings are resolved. We recommend enabling this on every workspace. See Security overview for more information.

Block publishing with PII

Available on: Enterprise (only visible when Sensitive data scanning is enabled)
Default: Disabled When disabled, personally identifiable information (PII) findings do not block publishing. When enabled, a project cannot be published or updated if it has unresolved sensitive data findings.

Require basic security scan before first publish

Available on: All plans
Default: Disabled When disabled, no scan is required before the first publish. When enabled, every project must complete a basic security scan before it can be published for the first time. Re-publishing an already-published project is unaffected. This pairs well with Block publishing with critical findings. Requiring a scan before publishing ensures a baseline review happens, and blocking publishing with critical findings ensures bad results stop the deploy.

App login methods

Available on: Business and Enterprise
Default: All methods allowed Controls which sign-in methods are available for apps published by workspace members. Disabled methods are enforced across all projects in the workspace, and project owners cannot re-enable them. Click Configure to open the dialog. Supported sign-in methods include:
  • Email
  • Phone SMS
  • Google
  • Apple
  • SAML SSO
Use the toggle next to each method to enable or disable it. Changes take effect immediately.
This only affects how end-users sign in to published apps. It does not change how workspace members sign in to Lovable itself.

Security automation

Controls automatic security remediation for projects across the workspace.

Auto-fix security issues

Available on: All plans
Default: Selected project (disabled) Lovable can automatically fix eligible security findings during regular agent work. When auto-fix is enabled, Lovable gets the latest critical Basic scan findings as part of its context whenever a member chats with it on a project. Lovable then attempts to resolve them as part of the next response. This counts as standard chat usage and consumes credits. Auto-fix is designed for findings that are safe to remediate automatically, such as common row-level security (RLS) misconfigurations and database access patterns. It does not apply fixes for Deep scan findings. This setting controls the default scope at which auto-fix is applied across the workspace.
OptionWhat it means
Selected project (default)Auto-fix is disabled by default. You can enable or disable it for individual projects from Project settings → Auto-fix security issues.
Externally published projects (Business and Enterprise)Auto-fix runs automatically only after the project is published externally. After that, it runs each time you chat with Lovable on the project. You cannot disable it for externally published projects at the project level. You can still enable it manually for other projects.
All published projectsAuto-fix runs automatically only after the project is published, internally or externally. After that, it runs each time you chat with Lovable on the project. You cannot disable it for published projects at the project level. You can still enable it manually for unpublished projects.
All projectsAuto-fix runs automatically each time you chat with Lovable on any project in the workspace, whether or not it has been published. It cannot be disabled at the project level.
Anyone with project edit access can manage auto-fix for a specific project from Project settings → Auto-fix security issues, unless the workspace requires auto-fix for that project. See Security overview for more information.

Sharing

Controls whether members can create public preview links and reuse work across projects in the same workspace. Available on: All plans; disabling is available on Enterprise
Default: Enabled When enabled, workspace members can generate a temporary public preview link for any project. Preview links are view-only URLs that anyone can open without a Lovable account. Preview links expire after 7 days. When disabled, the Share preview button is hidden for all projects in the workspace.
Preview links bypass the Default website access setting. Even when published projects are workspace-only, an enabled preview link lets an external viewer in without authenticating. If you need a hard perimeter against external viewing, disable this setting.
See Share preview links for more information.

Cross-project sharing

Available on: All plans
Default: Enabled When enabled, workspace members can reference and reuse implementations from other projects in the same workspace. Members can reference a project by typing @ in the chat or by asking Lovable to use an existing project. All cross-project access is read-only. Referenced projects cannot be modified. When disabled, cross-project sharing is turned off for all projects in the workspace. Members cannot reference other projects and other projects cannot reference them.
Cross-project sharing can also be controlled at the project level. Project editors and above can disable it for a specific project from Project settings → Cross-project sharing. When disabled at the project level, that project cannot reference others and cannot be referenced. If any level blocks access, the reference fails.
See Cross-project referencing for more information.

MCP servers

Controls whether members can connect external tools and data sources to Lovable through Model Context Protocol (MCP) servers.

MCP servers access

Available on: Business and Enterprise
Default: Enabled When enabled, workspace members can connect pre-built and custom MCP servers to their projects. MCP servers let the agent read from external databases, APIs, and other data sources during builds. When disabled, MCP servers access is turned off across the entire workspace. No new MCP connections can be created. See Chat connectors (MCP servers) for more information.

Allow local MCPs

Available on: Business and Enterprise
Default: Enabled
This setting only applies when MCP servers access is enabled. If MCP servers are disabled for the workspace, local MCPs are disabled too.
When enabled, members using the Lovable Desktop app can connect MCP servers running on their own machine to their projects. When disabled, only remote MCP servers are allowed. Local desktop connections are blocked.

Data protection

Controls training data preferences, sensitive data detection, and storage exposure rules.

Data collection opt out

Available on: Business and Enterprise
Default: Disabled
Free and Pro customers can request an opt-out by contacting Lovable Support.
When disabled, customer data may be used for model training and other business purposes as described in Lovable’s Terms of Service. Only customer data that does not identify you may be used. When enabled, Lovable does not use this workspace’s content for AI model training or internal evaluation. See Manage training data and privacy for more information.

Sensitive data scanning

Available on: Enterprise
Default: Disabled When enabled, Lovable scans workspace content for personally identifiable information (PII). This is the workspace-level main switch for sensitive data protection features, including on-demand scans (chat history, Lovable Cloud databases, and Lovable Cloud storage), chat send protection for new messages and attached files, and block publishing with PII findings. It also adds a Sensitive data tab to projects where recorded PII findings can be reviewed.

Chat send protection

Available on: Enterprise (only visible when Sensitive data scanning is enabled)
Default: Log only Determines what happens when PII is detected in new chat messages or attached files. On-demand scans of chat history, Lovable Cloud Database, or Lovable Cloud Storage still work regardless of the chat send protection mode.
ModeBehavior
OffNo scanning. Messages pass through to the agent without inspection or logging.
Log only (default)The scan runs. If PII is detected, a finding is recorded and available for review in the project’s Sensitive data tab, but the message sends without interruption. This is the default when sensitive data scanning is first enabled.
Ask before sendingThe scan runs. If PII is detected, the message is paused and the user chooses whether to edit, send a redacted version, or send the original. Detected PII is logged only if the user sends the original messages, otherwise the original message is discarded.
Can be overridden on project level by enabling PII prompt auto-approval from the Sensitive data tab.
Block originalThe scan runs. If PII is detected, the user cannot send the original. They can only edit the message or send a redacted version. The original message is discarded and nothing about the original PII gets logged.

Block public storage buckets

Available on: All plans
Default: Enabled When enabled, workspace members cannot create publicly accessible storage buckets in Lovable Cloud. All new buckets are forced to private access. When disabled, members can create public storage buckets.