PRIVACY POLICY
Loupely LLC · Loupely Lens
Effective Date: April 1, 2026 | Last Updated: June 12, 2026
This Privacy Policy describes how Loupely LLC (“Loupely,” “we,” “us,” or “our”), a Pennsylvania limited liability company, collects, uses, stores, and shares information when you use Loupely Lens, including the Chrome browser extension, the account system at loupelylens.com, and the associated infrastructure (collectively, the “Services”).
By using the Services, you agree to the practices described here. If you do not agree, do not use the Services.
Single Purpose of the Extension
Loupely Lens has one purpose: to read the CSS cascade behind an element you click on a web page and explain, in plain terms, why a visual change is not taking effect and what to do about it. Every permission the extension requests and every piece of data it handles exists to serve that single purpose.
| Chrome Web Store Limited Use Disclosure. Loupely Lens’s use of information obtained through the Services adheres to the Chrome Web Store User Data Policy, including its Limited Use requirements. Specifically: (a) we use the data only to provide and improve the single user-facing purpose described above; (b) we do not transfer the data to others except as needed to provide or improve that purpose, to comply with applicable law, for security purposes such as investigating abuse, or as part of a merger, acquisition, or asset sale; (c) we do not use or transfer the data for personalized, re-targeted, or interest-based advertising; and (d) we do not allow humans to read the data, except with your consent, for security purposes, to comply with law, or in aggregated and anonymized form for internal operations.The diagnosis runs entirely inside your browser. The screenshot Loupely Lens takes of the element you click is stored only in your local browser storage and is never transmitted to Loupely or any third party. The full CSS and page-structure capture is assembled and analyzed locally and is never sent to our servers. |
1. Information We Collect
1.1 Account Information
When you create an account, we collect your email address. That is the only account information we collect directly. We do not use or store passwords.
1.2 Sign-In and Authentication Data
Loupely Lens uses passwordless sign-in. You enter your email address and we email you a six-digit, single-use code that you type into the extension to sign in. There is no password and no magic link. When you request or verify a code, our authentication provider, Supabase, records your IP address, browser and device information (including the User-Agent string and Chrome version), and the timestamp of the event as part of its standard security logging at the platform level.
1.3 Diagnostic Session Metadata
When you run a diagnosis, the diagnosis itself is performed entirely by a local, rule-based engine in your browser. No AI model is called, and no page content is sent for analysis. We record a small set of session metadata so we can keep a record that a diagnosis occurred and improve the quality of future diagnoses. This metadata includes:
- the visual problem class detected (for example, a layout constraint, a color conflict, or an overlap)
- the triage route (whether the suggested next step is a do-it-yourself CSS override or a developer handoff)
- the CSS property you chose to change and its current and target values, plus any optional note you type (described in Section 1.4)
- technical attributes of the element and page: the element’s tag, how many ancestor levels were scanned, the platform (for example, WordPress), the page builder if detected, the viewport width, whether dark mode was active, and whether the element was inside the WordPress admin toolbar
- the timestamp of the session and a flag indicating whether a screenshot was taken (the screenshot itself is not sent)
This metadata is tied to your account. It does not include the address (URL) of the page you were on, the page’s content, its HTML, its CSS, or the screenshot.
1.4 Your Description of the Problem
If you type a short note describing what looks wrong, that text is stored with your session and is included in the property-change record. We use it in aggregated and de-identified form to improve diagnosis quality. Do not include passwords, API keys, or other sensitive credentials in this note.
1.5 Capture Data and Screenshots (Handled Locally, Not Stored by Us)
When you run a diagnosis, the extension reads CSS and page-structure (DOM) data from the element you clicked and assembles it into a capture file. This file is built and analyzed entirely within your browser. The capture file is never transmitted to Loupely. You may choose to download it yourself to share with a developer; if you do, you control where it goes.
Before any data is assembled, the extension redacts sensitive elements (such as password and payment fields) and scans inline styles for credential patterns, removing them so they are not written into the capture file. Loupely Lens never suggests changes to password fields, payment inputs, or submit controls.
Loupely Lens also takes a screenshot crop of the element you clicked so you can confirm the right element. This screenshot is stored only in your local browser storage, is shown to you in the extension and on the detail page, and is deleted when your session ends or you start a new capture. It is never transmitted to Loupely or any third party.
1.6 Payment Information
Payments are processed entirely by Stripe. We do not collect, store, or have access to your card number or other payment-card data. Stripe gives us a record of each transaction (the plan purchased, the amount, and the date) but not your card details. Your payment information is governed by Stripe’s privacy policy.
1.7 Usage and Technical Data
We may collect limited technical data about how the Services perform, such as error logs and performance data, to keep the Services reliable and to diagnose technical problems with the Services themselves.
2. How We Use Information
We use the information we collect to:
- Provide the Services: manage your account and sign-in, run the local diagnosis flow, and manage your free trial and any plan.
- Improve the Services: analyze diagnostic session metadata and, in aggregated and de-identified form, use diagnosis patterns to improve accuracy and expand the range of problems we can detect.
- Communicate with you: email your sign-in codes, account notices, and purchase confirmations, and respond to support requests.
- Handle billing: process plan purchases through Stripe and keep transaction records.
- Maintain security: detect and investigate abuse, unauthorized access, and fraud.
- Comply with law: meet legal obligations and respond to lawful requests.
We do not use your data for advertising. We do not sell your data. We do not use your data to build profiles for use outside the Services or to determine creditworthiness.
3. How We Share Information
3.1 Service Providers
We share information with the following providers only as needed to operate the Services:
- Supabase, Inc. — authentication, database, and backend (Edge Function) infrastructure, and delivery of sign-in code emails. Supabase processes your email address, sign-in event data (including IP address and timestamps), and the diagnostic session metadata described in Section 1.3.
- Stripe, Inc. — payment processing and purchase receipts. Transaction records are shared with Stripe to process purchases.
- Resend, Inc. — delivery of transactional emails on our behalf, where applicable. Your email address is transmitted to Resend to deliver the message.
3.2 Legal Disclosures
We may disclose information if required by law, subpoena, court order, or other legal process, or where we believe disclosure is necessary to protect our rights, protect anyone’s safety, or investigate fraud or a security incident.
3.3 Business Transfers
If Loupely LLC is involved in a merger, acquisition, or sale of all or substantially all of its assets, your information may transfer as part of that transaction. If a transfer would change how your information is used, we will notify you by email and by a notice on our website, and give you the opportunity to close your account first.
3.4 No Sale and No Advertising Use
We do not sell personal information. We do not transfer personal information to advertising platforms, data brokers, or information resellers, and we do not use it for creditworthiness decisions.
4. Data Retention
We retain account information (your email address and sign-in records) for as long as your account is active. If you close your account, we delete your email address and sign-in records within 30 days, except where retention is required by law or necessary to resolve a dispute or enforce our Terms.
Diagnostic session metadata and any problem descriptions you enter are retained for up to 30 days to support diagnosis improvement, after which they are deleted or de-identified. Payment records are retained for 7 years as required by applicable US tax and accounting law.
5. Data Security
We transmit personal and sensitive data over encrypted connections (HTTPS/TLS), and data stored in our Supabase infrastructure is encrypted at rest. Sensitive page elements are redacted and credential patterns are scanned out locally before any capture data is assembled. Payment data is handled exclusively by Stripe and is never stored on Loupely infrastructure. No security system is perfect; we cannot guarantee that unauthorized parties will never gain access to data, and in the event of a breach affecting your personal information we will notify you as required by law.
6. Permissions the Extension Uses
Loupely Lens requests only the narrowest set of permissions needed for its single purpose. It requests no broad host permissions, runs no background content scripts, and does nothing on any page until you click the Loupely Lens icon to start a diagnosis.
| Permission | Why it is needed |
|---|---|
| activeTab | Lets the extension read the current tab only at the moment you click the Loupely Lens icon to start a diagnosis. Access is limited to that tab and that action. |
| scripting | Lets the extension inject its capture script into the active tab on demand when you start picking an element. It is not injected ahead of time or in the background. |
| storage | Keeps you signed in and holds capture, preview, and session state locally so the extension popup and the page can coordinate. This data stays in your browser. |
Loupely Lens does not request access to your browsing history, does not read pages you have not chosen to diagnose, and does not observe your network traffic.
7. Cookies and Tracking
The loupelylens.com website uses only the session cookies needed to keep you signed in. We do not use third-party advertising cookies or behavioral tracking on our website, and the Chrome extension does not set cookies on the websites you visit. Where we use basic website analytics (such as pages visited and referral source), we use privacy-respecting analytics that do not share data with advertising networks.
8. Your Rights and Choices
8.1 Access, Correction, and Portability
You may request access to the personal information we hold about you, request correction of inaccurate information, or request a copy in a structured, commonly used, machine-readable format, by contacting us at the address in Section 13.
8.2 Deletion
You may request deletion of your account and associated personal information by contacting us at the address in Section 13. We process deletion requests within 30 days, subject to the retention obligations in Section 4.
8.3 Opt Out of Data Use for Improvement
If you do not want your diagnostic session metadata or problem descriptions used to improve the Services, you may opt out by contacting us at the address in Section 13. Opting out does not affect the diagnoses you receive.
8.4 Email Communications
We send transactional emails (sign-in codes, account notices, and purchase confirmations). You cannot opt out of transactional emails while your account is active, because they are required to operate the Services.
9. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect, how we use it, and with whom we share it; to delete personal information, subject to certain exceptions; to correct inaccurate personal information; to opt out of the sale or sharing of personal information (we do neither); and to be free from discrimination for exercising your rights. To exercise these rights, contact us at the address in Section 13. We respond to verified requests within 45 days as required by law.
Categories of personal information we collect: identifiers (email address, IP address), internet or network activity (sign-in events and diagnostic session metadata), commercial information (transaction records), and inferences drawn from session metadata to improve diagnosis quality. We do not sell personal information and do not share it for cross-context behavioral advertising.
10. International Users and GDPR
Loupely is operated from the United States. If you access the Services from the European Economic Area, the United Kingdom, or Switzerland, your personal information will be transferred to and processed in the United States. Where you are a business user, our Data Processing Agreement governs that processing and relies on the European Commission’s Standard Contractual Clauses. Where we process your data as a controller, we rely on your consent (given when you create an account and accept these terms) and on our legitimate interest in operating and improving the Services.
If you are in the EEA, UK, or Switzerland, you have rights including access, rectification, erasure, restriction of processing, data portability, objection to processing, and withdrawal of consent. To exercise them, contact us at the address in Section 13.
11. Children’s Privacy
The Services are not directed to children. We do not knowingly collect personal information from children under 13 (or under the minimum age of consent in your jurisdiction, where higher). If we learn that we have collected such information, we will delete it promptly.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will post the updated policy at loupelylens.com and update the “Last Updated” date above. For material changes, we will provide advance notice by email to your account address. Continued use of the Services after the effective date of an updated policy constitutes acceptance of the changes.
13. Contact
Loupely LLC
Scranton, Pennsylvania
privacy@loupelylens.com
loupelylens.com
We will acknowledge privacy-related inquiries within 5 business days and respond to substantive requests within 30 days (or 45 days for CCPA requests), subject to any extensions permitted by law.