HoneyBee Notes

Trust & Security

How we protect your writing.

Last updated July 2026

This page is maintained by HoneyBee Notes to answer common security and privacy questions about the product. It describes current, enabled controls; it is not an independent certification.

Hosting and platform

The application runs on Lovable's managed hosting platform with a managed database and file storage. Traffic to the site is served over HTTPS, and data in transit is encrypted using TLS.

Authentication

  • Email + password sign-in with hashed credentials handled by our managed auth provider.
  • Optional Google sign-in via OAuth 2.0.
  • Session tokens are stored securely and can be revoked by signing out.

Access controls

Row-level security policies scope every database read and write to the signed-in user. Only you can see the vows, speeches, and letters you write. Administrative access is limited to a small number of maintainers and protected by strong authentication.

AI providers

When you generate a draft, your inputs are sent to a third-party large language model provider for processing. We choose providers that commit in their terms to not using submitted content to train their public models.

Payments

Payments are processed by a PCI-compliant payment provider. We do not store full card numbers on our servers.

Data retention and deletion

Your account and drafts remain until you delete them. Email privacy@honeybeenotes.com to request full account and content deletion.

Reporting a vulnerability

If you believe you have found a security issue, please email security@honeybeenotes.com with details and steps to reproduce. Please do not publicly disclose the issue until we have had a chance to investigate and respond.

Shared responsibility

Security is a partnership. We secure the platform; you help by choosing a strong, unique password, keeping your email account secure, and signing out on shared devices.