Our commitment to your data

Authentication & access

• Email + password sign-in with leaked-password protection.
• Google sign-in via the Lovable auth broker.
• Self-service password recovery via email link.
• Role-based access control with a dedicated Super Admin role for governance actions; users cannot grant roles to themselves.

Data protection

• Row-Level Security (RLS) enforced on every user-data table. Chats, subscriptions, profiles, and consultation requests are scoped to the owning user.
• Expert verification, ratings, and similar trust signals can only be modified by administrators — not by the experts themselves.
• Public-facing expert listings expose only safe fields; user identifiers are not surfaced.
• Data is hosted on Lovable Cloud (Supabase / Postgres) with encryption in transit (TLS) and at rest by the underlying platform.

AI-generated content

• AI responses are generated by third-party language models routed through the Lovable AI Gateway.
• Output is for informational use only, may be incomplete or inaccurate, and is not a substitute for qualified regulatory, legal, or medical advice.
• AI disclaimers are shown in-chat and embedded in PDF and DOCX exports.

Subprocessors

ReguQual AI relies on the Lovable platform (hosting, build, preview, AI gateway) and Lovable Cloud (managed Postgres, authentication, storage). Additional subprocessors used for specific features will be listed here as the product evolves.

Reporting a security concern

If you believe you have found a security vulnerability or have a privacy question, please contact the ReguQual AI team. Provide enough detail to reproduce the issue. We will acknowledge and investigate reports in good faith.