How we look after what's said in the room
Team AI Conversation is built for live, facilitated conversations about AI. This page explains, in plain English, what's stored, who can see it, what you should keep out of it, and the security decisions behind the tool.
Anyone with the join code can join a session and see that session's reflections. Treat the code like a meeting link.
The facilitator (the signed-in host) owns the session and is the only person who can edit settings or delete it.
Don't paste anything into a reflection that you wouldn't say out loud in the room. Think sticky notes, not emails.
How the tool works
- A facilitator creates a session and gets a 6-character join code.
- Participants join anonymously by entering the code and a display name. There's no email, no password and no account.
- Everyone adds short reflections across three pillars: governance and integrity; people and coexistence; and advantage, innovation and assurance.
- The AI summarises the patterns it sees across the room. The facilitator uses that to run the conversation.
What's shared, and with whom
Within your session. Display names, roles (if entered), reflections, votes, AI summaries and discussion notes are visible to everyone who has joined that session.
With the host. The same as above, plus the host can edit or delete items and end the session.
With the AI model. When a summary is generated, the reflection text and display names are sent to our AI provider. They are not used to train models.
With other sessions. Nothing. Sessions are isolated from each other.
| Data | Same session | Host | Other sessions | Public internet |
|---|---|---|---|---|
| Display name & role | Yes | Yes | No | No |
| Reflections | Yes | Yes | No | No |
| AI pattern summary | Yes | Yes | No | No |
| Votes | Yes (aggregated) | Yes | No | No |
| Discussion notes | Yes | Yes | No | No |
| Your private participant token | Only you | No | No | No |
What not to share
A useful test: would you write this on a sticky note and put it on the wall in front of everyone in the room? If not, don't put it in a reflection.
- Customer or client personal data — names, emails, case details.
- Confidential commercial information, credentials, API keys, or anything under NDA.
- Health, legal or HR information about identifiable individuals.
- Anything you wouldn't say out loud in the workshop room.
Where your data is stored
- In a managed Postgres database hosted by Lovable Cloud, encrypted at rest and in transit.
- Reflection text is sent to our AI provider only at the moment a summary is generated, and only for that purpose.
- Sessions persist until the host deletes them.
The security decisions we've made
Anonymous participation by design
Participants don't sign up. That means less personal data collected, and less friction in a workshop. The trade-off: anyone with the join code can join, so share the code only with the room.
Join codes are cryptographically random
Codes are generated using your browser's secure random source, not a guessable algorithm.
Per-participant tokens stay private
Each participant gets a private token that proves it's them when they edit or vote. It's stored only in their own browser and is never shown to other participants or to the host.
Hosts own their sessions — enforced by the database
Only the signed-in host of a session can change settings or delete content. Row-level security in the database enforces this. It isn't only a UI rule.
The AI is sandboxed against participant input
All participant text is wrapped in tagged "untrusted data" blocks and sanitised before being sent to the model, so a participant can't hijack the AI by writing instructions inside a reflection.
Length and volume limits everywhere
Names, reflections, members per session and items per session are capped at the database level so a session can't be flooded.
Generic error messages
If something fails on the server we log the details on our side, but only show a generic message to the user — we don't leak internal errors.
Security headers on every response
Every response carries a strict Content-Security-Policy, denies framing, and blocks MIME sniffing.
Sessions are private to the room
Earlier versions of this tool made session content readable by anyone with the URL. We've since fixed that. A session's reflections, summaries, and notes are now only visible to the host and to participants who have joined with the code. If you arrive at a session URL without either, you'll be asked for the join code first.
We're keeping this section here rather than deleting it because we'd rather show our working than pretend the earlier limitation never existed.
Deleting your data
- Hosts can permanently delete a session from the session's own page (a typed confirmation is required). That removes its members, reflections, votes, summaries and discussion notes.
- Participants can delete their own reflections while the session is open, or ask the host to remove them.
Questions about a specific session?
Talk to the facilitator who invited you — they own the session and can answer questions about how the output will be used. For anything about the tool itself, see what we mean by a good conversation.