A security incident means unauthorized access to or disclosure of user data. That covers unauthorized access to Loupely’s servers, a breach of Supabase (which handles authentication and data storage for Loupely Lens), exposure of user email addresses or account records, or a vulnerability in the Lens Chrome extension that allowed unauthorized access to user data or captured CSS data.
Suspected vulnerabilities that haven’t been exploited go through the vulnerability reporting process, not this one. See Reporting a Security Vulnerability.
How Loupely responds #
When an incident is confirmed, the immediate response is containment: stopping the access and determining scope. Affected users are notified with specific details about what happened, what data was involved, and what steps Loupely is taking. Notification aims to happen within 72 hours of the scope being confirmed, sooner when possible.
Post-containment, the cause is investigated, the vulnerability is addressed, and a summary is made available.
If something looks like unauthorized access to your account or unexpected exposure of your data, contact security@loupelylens.com. For vulnerabilities you’ve discovered rather than incidents you’ve experienced, see Reporting a Security Vulnerability.