Annual Reports AI — AI-powered financial intelligence platformAnnual Reports AI

Trust, Security & Privacy

This page is maintained by the Annual Reports AI team to answer common security and privacy questions about Annual Reports AI. It describes the controls currently enabled in the product and how we handle customer data. It is editable content authored by us — not an independent certification or third-party audit.

Shared responsibility

Annual Reports AI is built on the Lovable Cloud platform. Lovable provides the underlying hosting, managed database, authentication, storage, and edge runtime. We (the app owner) are responsible for how the application is configured, the data we collect, and the choices we make about access, retention, and subprocessors. Customers are responsible for the accounts they create, the credentials they protect, and the content they choose to share.

Access & authentication

  • Accounts are protected with email + password or Google sign-in.
  • Sessions are issued as signed tokens and rotated by the auth provider; passwords are never stored by the application.
  • Application data is scoped per user. Server-side checks (row level security and authenticated server functions) enforce that users only see and modify their own records.

Platform & hosting

The application runs on the Lovable Cloud platform, which provides managed hosting on an edge runtime, a managed Postgres database, object storage, and authentication services. Data in transit is served over HTTPS. This is a description of enabled platform capabilities and is not a Lovable-issued certification.

Data we collect & how we use it

  • Account data: email, name, and authentication identifiers needed to sign you in.
  • Product usage: the companies you search, the reports you generate, your chat conversations with the report assistant, and your preferences.
  • Billing data when you start a trial or subscription, handled by our payment processor.
  • We use this data to operate the product, generate AI reports you request, send transactional and lifecycle emails you have not opted out of, and improve the service.

Subprocessors & integrations

We rely on a small set of vendors to operate the service, including Lovable Cloud (hosting, database, auth, storage), an AI model provider for report generation and chat, an email delivery provider for transactional and lifecycle email, and a payment processor for trials and subscriptions. Contact us for the current list before relying on a specific vendor.

Cookies & analytics

We use cookies and local storage strictly necessary to keep you signed in and to remember UI preferences. We may use privacy- respecting product analytics to understand aggregate feature usage. We do not sell personal data.

Retention & deletion

Account, report, and conversation data is retained while your account is active so you can return to past reports. You can request deletion of your account and associated data by contacting us; backups are rotated on the platform's standard schedule.

Privacy requests

To request access to, correction of, or deletion of your personal data, or to ask a privacy question, contact us using the information below. We will respond within a reasonable timeframe.

Security contact & vulnerability reporting

If you believe you have found a security issue, please report it to us through the feedback page and select a security-related topic, or email the address listed on our site. Please do not publicly disclose the issue until we have had a reasonable opportunity to investigate and respond.

Compliance & certifications

Annual Reports AI is not currently certified under SOC 2, ISO 27001, HIPAA, PCI DSS, or GDPR adequacy programs, and we do not claim such certifications. We aim to follow common security and privacy best practices and will update this page as our posture evolves.

This page describes current product behavior and may change as the service evolves. It is provided for informational purposes and is not a contract or legal advice.