This page is maintained by the Reporta team to answer common security and privacy questions about how the product handles inspection reports, site photos and client information.
Access & authentication
Inspectors sign in with email and password or Google sign-in.
Each report is owned by the inspector account that created it. Other signed-in users cannot read, edit or delete it.
Sign-in sessions are managed by our authentication provider and can be revoked by signing out.
Data storage & isolation
Reports, sections, observations and send history are stored in a managed Postgres database.
Row-level security policies restrict every read and write to the report owner.
Site photos are stored in a private storage bucket, scoped to each inspector's folder.
Platform & hosting
Reporta runs on Lovable Cloud, which provides our database, authentication, file storage and serverless functions.
Traffic to the app and its API is served over HTTPS.
This page describes Reporta's product controls; it is not an independent certification or audit report.
Sharing reports with clients
Reports are private by default. Nothing is publicly listed or indexed.
When you share a report, Reporta generates a long, unguessable share link tied to that single report.
Anyone with the link can view that report — treat the link like a password and share it only with intended recipients.
Email delivery
Transactional emails (report delivery, authentication) are sent from a Reporta-owned sender subdomain.
Recipient address, subject and delivery status are recorded so you have a send history per report.
You can also choose to open the email in your own mail app instead of sending through Reporta.
Secrets & AI processing
API keys and service credentials are stored as server-side secrets, never shipped to the browser.
AI-assisted observation drafts are generated through our managed AI gateway and reviewed by the inspector before sending.
Your data, your control
You can edit or delete any report, section, observation or photo you own from inside the app.
For data export, deletion or privacy requests not covered by the in-app controls, contact the Reporta team.
This page reflects the controls currently enabled in Reporta and is maintained as editable project content. It does not represent a formal certification, audit outcome or legal commitment. For questions about how Reporta handles a specific scenario, please get in touch.