# Deal Screening Card: Lovable

**Date:** 2026-03-23
**Analyst:** DD Memo Writer Agent
**Stage:** Growth (Estimated Series B/C based on $6.6B valuation target)
**Sector:** AI / Developer Tools / Low-Code

## One-Liner
An AI-native app development platform enabling "vibe coding" for non-technical users through agentic code generation and GitHub synchronization.

## Scorecard

| Dimension    | Score | Signal   |
| ------------ | ----- | -------- |
| Team         | 5/10  | 🟡       |
| Market       | 6/10  | 🟡       |
| Competition  | 4/10  | 🔴       |
| Product/Tech | 3/10  | 🔴       |
| Financials   | 7/10  | 🟡       |
| Risk         | 8.5/10| 🔴       |
| **Overall**  | **4.5/10**| 🟡/🔴    |

Scoring: 🟢 >= 7 | 🟡 4-6 | 🔴 <= 3
Risk score inverted: 🟢 <= 3 (low risk) | 🔴 >= 7 (high risk)

## Key Strengths (Top 3)
1. **Hyper-Efficiency Metrics:** Claims a staggering $2.7M ARR per employee, suggesting extreme operational leverage and product-led growth.
2. **"No Lock-in" Moat:** The GitHub Sync feature provides a strategic advantage over closed-system "walled gardens" by allowing developers to maintain ownership of code.
3. **First-Mover Sentiment:** Strong early adoption catalyzed by "vibe coding" influencers (e.g., Andrej Karpathy), positioning it as a category leader in agentic IDEs.

## Key Concerns (Top 3)
1. **Unquantifiable Legal Liability:** California AB 316 (effective Jan 2026) removes the "autonomous AI defense," making Lovable potentially liable for security flaws in the code it generates for non-technical users.
2. **Systemic Security Debt:** Tier S reports indicate a 10% failure rate in critical security configurations (Auth/RLS), with evidence of live apps exposing PII and student data.
3. **Integrity & Trust Issues:** Trustpilot officially flagged and removed fake reviews (Tier S), and the company relies on invalid SOC 2 audits from Delve (currently under investigation).

## Verdict
**Recommendation: Pass**
**Reasoning:** While the growth metrics and "vibe coding" momentum are impressive, the systemic security vulnerabilities combined with California's new liability laws create a "perfect storm" of legal and reputational risk. The discovery of fake review manipulation (Tier S) further suggests a culture of growth-at-all-costs that compromises integrity.

## Questions for Founder Meeting
1. How will Lovable mitigate the direct legal liability imposed by California AB 316 for code "suggested" by the platform?
2. What is the roadmap for "Security Scanner 2.0" to address the 10% critical failure rate in Supabase RLS configurations?
3. Can you provide a verified 3rd-party audit to replace the invalidated Delve SOC 2 certification?
4. Explain the high churn/dissatisfaction regarding the "Credit Trap" billing system reported by users.