What Lens captures and where it goes #
When you click on an element with Loupely Lens, the extension reads the full CSS Cascade for that element from your browser’s computed style data. This capture happens locally in your browser. The capture file is assembled in the extension before anything leaves your machine. The credential scanner runs at this stage, checking for sensitive values in the captured CSS data and removing any that match known credential patterns.
When you click Diagnose, the capture payload is transmitted to Loupely’s servers over HTTPS. A rule engine runs locally on that data and returns the diagnosis. The payload content isn’t stored server-side after the result is generated. What is stored is session metadata: the URL of the page, the problem class identified, the element type, the triage route, and the timestamp.
No AI model is in the diagnosis path #
Lens’s diagnosis is produced by a local rule engine, not a language model. The engine classifies the CSS problem, identifies what’s winning and why, and generates an override prescription where one is possible. No third-party AI service receives your capture data. The only external call when you click Diagnose is to Loupely’s own servers to log the session.
What CSS data contains #
CSS data describes how elements are styled. It includes color values, sizing, font properties, positioning, layout rules, the stylesheets those rules came from, and which rules were overridden. It doesn’t contain your site’s content, your users’ personal data, your database records, or authentication credentials. The one edge case: if a developer has used CSS custom properties to store values that happen to be sensitive (unusual, but technically possible), those values would appear in a Lens capture. The credential scanner checks for patterns that match common credential formats, but non-standard values won’t be caught.
Lens on third-party sites #
Lens works on any website you can open in Chrome, including sites you don’t own. When you capture an element on a third-party site, the CSS data from that site’s public styles is included in the capture payload sent to Loupely’s servers. This is data the site serves publicly to any browser. Loupely doesn’t store it beyond the session metadata. Don’t use Lens on pages you’re not authorized to inspect.