REFUND POLICY

Loupely LLC · Loupely Lens

Effective Date: April 1, 2026    |    Last Updated: June 12, 2026

This Refund Policy applies to purchases made through Loupely LLC at loupelylens.com. It supplements the refund terms in the Loupely Lens Terms of Service.

1. Annual Plans

1.1 Eligibility Window

An annual plan is eligible for a full refund if both of the following are true: the refund request is made within 14 days of the original purchase date, and fewer than 5 diagnoses have been run under the plan. Both conditions must be satisfied.

1.2 After the Eligibility Window

After 14 days, or after 5 or more diagnoses have been run, an annual plan is non-refundable for the remainder of the plan year. Annual plans are not prorated on cancellation.

1.3 Renewals

A refund request for an automatic renewal, made within 7 days of the renewal date and where the plan has not been used in the renewal period, will be evaluated on a case-by-case basis. Contact us at support@loupelylens.com as soon as possible if you did not intend to renew.

2. How to Request a Refund

Email support@loupelylens.com with the subject line “Refund Request” and include: the email address on your Loupely account, the plan you purchased, the approximate purchase date, and the reason for your request. We will respond within 3 business days. Approved refunds are processed through Stripe and appear on your original payment method within 5 to 10 business days, depending on your card issuer.

3. Service Interruptions

If a substantial and extended interruption of the Services prevents you from using a plan you have paid for, we will consider a pro-rata credit or refund for the affected period at our discretion. “Substantial and extended” means an outage affecting core diagnostic functionality lasting more than 48 consecutive hours. Brief interruptions, scheduled maintenance, and degraded performance that does not prevent diagnoses from completing do not qualify.

4. Contact

Loupely LLC

Scranton, Pennsylvania

support@loupelylens.com

loupelylens.com

VULNERABILITY DISCLOSURE POLICY

Loupely LLC · Loupely Lens

Effective Date: April 1, 2026    |    Last Updated: June 12, 2026

Loupely LLC takes the security of its products seriously. This Vulnerability Disclosure Policy describes how to report a security vulnerability in the Loupely Lens Chrome extension or any other component of Loupely’s infrastructure, and what you can expect from us when you do. This policy is published at loupelylens.com/security and is linked from the Loupely Lens listing in the Chrome Web Store.

1. What to Report

We want to hear about vulnerabilities that could affect the confidentiality, integrity, or availability of Loupely’s systems or user data. Examples include:

  • authentication or authorization flaws that could allow unauthorized access to user accounts or diagnostic data;
  • injection vulnerabilities (SQL injection, cross-site scripting, cross-site request forgery) in the Loupely web application or API;
  • vulnerabilities in the Loupely Lens extension code that could be exploited to access data beyond the extension’s intended scope;
  • insecure transmission or storage of user data; and
  • a credential-redaction bypass, meaning a method by which sensitive credentials could be written into a capture file despite the local redaction layer.

2. What Not to Report

Please do not report through this channel: issues that require physical access to a user’s device; findings from automated scanners run without prior coordination; social-engineering attacks targeting Loupely staff; denial-of-service issues requiring high-volume traffic; or issues in third-party services we use (Supabase, Stripe, Google, Resend) — report those directly to the relevant vendor.

3. How to Report

Send your report to security@loupelylens.com with the subject line “Security Vulnerability Report.” Include a description of the vulnerability and the component it affects, the steps to reproduce it, the potential impact if exploited, and any supporting evidence. You may encrypt your report using our PGP public key; contact us to request it.

4. What to Expect From Us

Acknowledgment: within 3 business days.

Assessment: initial evaluation within 10 business days of acknowledgment.

Resolution: we will work to resolve confirmed vulnerabilities as promptly as the severity warrants and notify you when a fix is deployed.

Coordination: we ask for 90 days from acknowledgment before public disclosure. If you believe a vulnerability poses an immediate and serious risk, contact us to discuss an accelerated timeline.

5. Our Commitments to You

If you report a vulnerability in good faith and in accordance with this policy: we will not pursue legal action against you for the responsible disclosure; we will treat your report confidentially; we will keep you informed through to resolution; and we will credit you by name in the release notes for the fix if you wish.

6. Scope

This policy covers the Loupely Lens Chrome extension and the Loupely web application at loupelylens.com, together with the associated backend API and infrastructure.

7. Contact

Loupely LLC

Scranton, Pennsylvania

security@loupelylens.com

loupelylens.com/security