Skip to main content
Publishing turns your Lovable project into a live web app by deploying a snapshot to a URL you can share. Only the current version is deployed, and depending on your plan, you can control who can access the published app.

Who can publish projects?

By default, editors and above can publish projects on all plans. On Enterprise plans, admins and owners can restrict who is allowed to publish externally to the web. Go to Workspace settings → Privacy & security → Who can publish externally and select:
  • Admins & owners
  • Owners only

Internal and external publishing and website access control

Publishing options and website access control depend on your plan.

Free and Pro plans

Anyone with the link can visit your published app. This means you publish externally to the web. Website access cannot be restricted on these plans, so make sure you’re ready to share before publishing.

Business and Enterprise plans

You can choose who can access your published app:
  • Workspace: Only authenticated workspace members can visit the published app, meaning you publish internally to the workspace. When selected, the publish button label changes to Publish to workspace.
  • Anyone: Anyone with the link can visit your published app, meaning you publish externally to the web.
This allows you to:
  • Build and share internal apps that stay private to your workspace
  • Prevent accidental external publishing
  • Support governance and compliance for sensitive data
Workspace admins and owners can also set a default website access policy for all published projects in Workspace settings → Privacy & security → Default website access. You can override the workspace default for individual projects in the Publish modal by choosing who can see the website. If unchanged, the project inherits the workspace default.

How to publish your project

To publish, follow the steps below:
1

Open your project and go to the Publish modal

In your project, click the Publish icon in the top-right corner. Review and configure the publish settings as explained below.When the publish dialog opens, Lovable automatically runs a Basic security scan in the background while you configure the rest of the settings. This scan takes 10-15 seconds and checks your database for common security issues, including row-level security (RLS) policy mistakes and schema-level access control risks.
2

Configure your website address

  • Enter your preferred website URL or leave the input field empty for Lovable to auto-generate a URL. By default, your app is published to [published-url].lovable.app
    On Business and Enterprise plans, you can publish apps under a workspace-branded URL pattern, such as app-name.workspace-subdomain.lovable.app. Branded app URLs create a consistent workspace-level URL structure across all published apps and are configured in Workspace settings → Branded app URLs. See Publish apps with branded URLs to set this up.
  • When published, you can add a custom domain (available on paid plans).
3

Configure website access permissions

Depending on your plan, you can control who can see the website:
  • Public: anyone with the URL can visit the published app (public website access)
  • Workspace (Business and Enterprise plans): only authenticated workspace members can visit the published app URL (private website access). You can choose to grant access to the whole workspace or specific people and groups.
4

Configure website info (metadata for SEO and social preview)

Lovable provides site metadata, but you can customize how your site appears in browser tabs, search results, and link previews. Add the following info to help people find your site:
  • Icon & title: the site icon (favicon) and site title shown in browser tabs, search results, and link previews.
    • Click on the icon to upload a new one.
    • Click on the title text to update it.
  • Description: the meta description used in search results and link previews.
    • Click on the text to update it, or leave empty and Lovable will auto-generate a description.
  • Social image: the social sharing image (OG image) shown when your website link is shared, for example, on social media and messaging apps.
    • Click to upload an image or choose to generate one (title and description need to be filled out to generate).
See Optimize your app for SEO and AI search for more information on optimizing your Lovable apps for search engines, social media previews, and AI systems.
5

Review your publish settings

Review all info and optionally run an SEO review. Click on any of the fields to update the settings.
  • URL
  • Published website visibility
  • Website info (icon & title, description, social image)
6

Review security findings before publishing

Always review security findings before publishing to reduce the risk of data leaks, unauthorized access, and sensitive information exposure.Before you publish, review the outcome of the Basic scan that ran automatically in the background.
  • If the Basic scan finds issues, Lovable shows a warning with a summary of the findings. Click it to open the Security view, where you can review and fix them. Findings do not block publishing by default, but you should resolve critical issues before making your app available.
  • If the Basic scan passes, you can continue publishing. You can also run the optional Deep scan for additional coverage.
The Deep scan is an optional agentic codebase review that usually takes around 4 minutes. It looks for application-code vulnerabilities such as exposed secrets, unsafe input handling, and authorization gaps.If you run the Deep scan, Lovable shows either a warning with any findings, or a Basic & Deep security scans passed message when both scans complete with no findings. In either case, you can continue publishing unless your workspace has stricter publishing controls enabled.See Security overview and Project security view for more information.
Publishing controlsWorkspace admins and owners can enforce stricter publishing rules in Workspace settings → Privacy & security to help ensure insecure applications are never deployed.
  • Block publishing with critical findings prevents publishing while error-level findings are unresolved.
  • Require security scan before first publish prevents the first publish of a project until a security scan has completed.
7

Publish your project

When ready, click Publish. When the deployment is complete, you’ll receive a pop-up with the published link.After publishing your project, you can continue to iterate on it. To push updates later, click Publish → Update.
When published, you can update your live app at any time, change the website address (published URL), or connect a custom domain for a polished, on-brand experience.
After publishing publicly, rerun your SEO review to unlock live checks for indexing, performance, accessibility, AI-search readiness, and Google Search Console setup.If you connect a custom domain, rerun the review again so Lovable can help verify your domain in Google Search Console and submit your sitemap.

How publishing works in Lovable

Each time you publish, Lovable deploys a snapshot of your project to a live URL. Only the current version is deployed, and future changes are not automatically published.
  • Changes are not automatically published and pushed live.
  • To deploy new changes, click Publish → Update.
If you don’t see recent changes on your live site, you need to republish.

How to unpublish your project

You can unpublish and remove your live app in two ways:
  • Go to Project settings → Unpublish project → Unpublish
  • Click Publish → Edit settings → Unpublish (top-right corner)
Once unpublished:
  • The live URL becomes inaccessible
  • Your project remains in the editor

FAQ

No. Publishing only makes the app available at the published URL. It does not grant anyone access to your project in the editor or your project code, and it does not make your project automatically remixable.Access to the editor, source code, chat history, and unpublished changes is always controlled by project access.
Project access and website access are independent settings. You can combine them in different ways depending on your needs.
  • Project access controls who can access the project in the editor, including source code, chat history, work in progress, and changes that have not yet been published.
  • Website access controls who can visit the published app at its live URL.
Below are common configurations:
  1. Internal team app
    • Project access: Workspace
    • Website access: Workspace Result: Only workspace members can view and edit the project in the editor and visit the published app.
  2. Private work-in-progress, public app
    • Project access: Restricted
    • Website access: Anyone Result: Only you can view and edit the project in the editor, but anyone with the published URL link can visit the published app.
    Keep in mind that workspace owners have full access to all projects in the workspace and can view and edit them.
  3. Team-built, publicly shared app
    • Project access: Workspace
    • Website access: Anyone Result: Only workspace members can view and edit the project in the editor, but anyone with the published URL link can visit the published app.
  4. Private prototype shared internally
    • Project access: Restricted
    • Website access: Workspace Result: Only you can view and edit the project in the editor, and only workspace members can visit the published app.
    Keep in mind that workspace owners have full access to all projects in the workspace and can view and edit them.
Key reminder: Publishing does not change who can access your project in the editor, and project access does not affect who can visit the published app.
Yes, on Business and Enterprise plans you can restrict who can access your published app.You can choose to grant access to the whole workspace or specific people and groups. This means you publish internally so only authenticated workspace members can visit the published app.
Publishing deploys a snapshot. Changes aren’t automatically pushed to your live app.To publish updates, click Publish and then Update.
You can customize how your site appears in browser tabs, search results, and link previews.By default, Lovable generates site metadata, adds a Lovable logo as the favicon, and a screenshot of your app as the Open Graph (OG) image.To change this, click Publish and review and configure the website info, and optionally run an SEO review:
  • Icon & title: the site icon (favicon) and page title shown in browser tabs, search results, and link previews. Click on the icon to upload a new one. Click on the page title text to update it.
  • Description: the meta description used in search results and link previews. Click on the text to update it.
  • Share image: the social sharing image (OG image) shown when your website link is shared, for example, on social media and messaging apps. Click to upload an image.
See Optimize your app for SEO and AI search for more information on optimizing your Lovable apps for search engines, social media previews, and AI systems.
You can change your project URL subdomain, which forms your lovable.app website address in two ways:
  1. Click Publish → Edit settings → URL, edit your subdomain, save the change, and click Done.
  2. Go to Project settings → URL subdomain, change the subdomain, and click Update URL subdomain.
Note that renaming the project does not change the project URL, it only changes the project display name.On paid plans, you can also add a custom domain.
Publishing errors are usually caused by build issues in the current version. Ask the Lovable Agent to investigate and help resolve the problem.If the Publish button is disabled, your workspace admin or owner probably enabled a publishing control in Workspace settings → Privacy & security:
  • Block publishing with critical findings prevents publishing while error-level findings are unresolved. Open the Security view, fix them, and try again.
  • Require security scan before first publish prevents the first publish of a project until a security scan has completed. Wait for the scan that started when you opened the publish dialog to finish, or run a scan from the Security view.
Yes, especially if your site is public. Some SEO checks only run against the live published site, including indexing, performance, accessibility, AI-search readiness, and Google Search Console setup.After publishing, run an SEO review to check your live site. If you connect a custom domain later, run the review again so Lovable can re-check the new host, verify Google Search Console, and submit your sitemap.
Lovable builds web apps and publishing always deploys to a web URL (for example, yourproject.lovable.app or your custom domain). There isn’t a built-in flow that packages and submits your project to the App Store or Google Play, but you have two good options if you want an installable, store-ready experience:
  • Progressive Web App (PWA): make your published app installable so users can “Add to Home Screen” and launch it like a native app, with offline support and a full-screen shell. This is the fastest path and works from any modern mobile browser.
  • Capacitor wrapper: wrap your published URL in a native shell with Capacitor outside of Lovable, then submit that shell to the App Store or Play Store. This is the right path when you need access to native device APIs (camera, push notifications, biometrics, etc.) or when a store requires a “real” native binary.
The separate Lovable mobile app is for building projects from your phone. It does not turn your project into a native app for end users.