Swedish no‑code startup Lovable faced a social‑media firestorm after an anonymous user claimed on X to have accessed other customers’ chat histories and personal data by creating a free account. The post, which amassed over 500,000 views by early evening BST, alleged that emails, names and birth dates were exposed.

Lovable responded hours later, insisting no breach occurred but admitting its documentation on what constitutes a “public” project was vague. The company clarified that chat messages linked to public projects were previously viewable, a feature now disabled for all users, and fully removed for enterprise accounts as of May 25, 2025.

Backed by more than $500m from investors such as Accel, Creandum, 20VC and EQT, Lovable’s reputation is central to its growth strategy, which targets developers seeking drag‑and‑drop site building without code. The breach rumors arrived as the firm rolled out a product update overnight and announced a partnership with security firm Aikido for penetration testing.

Investors and enterprise clients will watch how Lovable tightens data‑visibility controls, given the swift user backlash and the competitive pressure from AI‑heavy rivals like Anthropic. The episode underscores the fragile trust in emerging no‑code platforms, where a single miscommunication can trigger reputational damage despite robust funding.