Trust & Security

Sign-in is handled by our managed authentication provider. Users authenticate with email and password or Google. Sessions use short-lived tokens with automatic refresh, and passwords are stored only as salted hashes by the auth provider — we never see or store raw passwords.

Administrative access to internal tooling is limited to a small number of named operators and gated by a separate role check on every privileged request.

FounderNotes runs on Lovable Cloud. Application code is served from a managed edge runtime, and the database is a managed Postgres instance with encryption at rest and TLS in transit. Backups are performed by the managed platform.

These are platform capabilities provided by Lovable Cloud; this page does not represent an independent certification of the underlying infrastructure.

We collect the data required to operate the Service: your account email, subscription status, the notes you save, and the questions you ask the AI board. We use this data to provide the Service to you. Full details, including legal bases for EU/UK users, are in our Privacy Policy.

Row-level security policies in the database restrict each user to their own data. Editorial content (creators, sources, notes) is read-only for members and only writable by administrators.

FounderNotes uses the following service providers to operate the Service:

• Lovable Cloud — application hosting, database, authentication, email delivery.
• Stripe — subscription billing and payment processing.
• Google — optional sign-in via Google OAuth.

Payment card details are entered directly into Stripe's hosted checkout and are never stored on our servers.

We use a cookie consent banner that loads non-essential cookies only after you opt in. You can change your choice at any time from the footer link "Cookie preferences". See our Cookie Policy for the full list.

Account data is retained for the life of your account. When you delete your account, we remove your personal data from production systems within the timeframe described in our Privacy Policy. Routine encrypted backups expire on the platform's backup schedule.

EU/UK users can exercise the access, rectification, deletion, restriction, portability, and objection rights described in our GDPR Statement. California residents can exercise the rights described in our CCPA / CPRA Notice. Email privacy@foundernotes.ai to make a request.

If you believe you have found a security vulnerability in FounderNotes, please email security@foundernotes.ai with a description of the issue and steps to reproduce. Please give us a reasonable window to investigate and remediate before public disclosure.

Security is a shared responsibility. We operate the platform and the application; customers are responsible for protecting their account credentials, keeping their devices secure, and managing who has access to their account.