SheBuilds S02 Alum + Lovable Ambassador
Design engineer @ aline.no
Works in the demo ✓
/Safe for real users ?
Strangers reading your users' data
Someone posting as someone else
Your paid API keys, spent by other people
Three common leaks
One live fix
A checklist to keep
No login
Login but no database rules
Secrets in the frontend
Anyone with the link can read and write
→ add authentication
"The UI is a suggestion.
The database is the law."
Login looks safe, but the database still answers anyone
→ add row-level security
An open API key is an API key for everyone
→ keep secrets server-side
Auth on anything that stores user data
RLS on every table
No secrets in the frontend
Run Lovable's security scan
The one habit that catches most leaks
aline.no