PRIVACY POLICY

Loupely LLC

Effective Date: April 1, 2026  |  Last Updated: May 29, 2026

This Privacy Policy describes how Loupely LLC (“Loupely,” “we,” “us,” or “our”), a Pennsylvania limited liability company, collects, uses, stores, and shares information when you use the Loupely product, including the Chrome browser extension, the WordPress plugin, the account system at useloupely.com and loupely.co, and all associated infrastructure (collectively, the “Services”).

By using the Services, you agree to the practices described in this Privacy Policy. If you do not agree, you must not use the Services.

Chrome Web Store Limited Use Disclosure: The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements. Data collected through the Chrome extension is used solely to provide the diagnostic and triage services described in this Privacy Policy. We do not transfer this data to third parties for advertising, we do not sell it, and we do not use it to determine creditworthiness.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address. This is the only account information we collect directly. No password is stored.

1.2 Authentication Event Data

When you sign in using a magic link, our authentication provider, Supabase, automatically records your IP address, browser and device information (including User-Agent string and Chrome version), and the timestamp of the authentication event as part of its standard security logging. This logging occurs at the Supabase platform level.

1.3 Diagnostic Session Metadata

When you run a diagnosis using Loupely, we store metadata about the session. We do not store the full diagnostic text generated by the AI. The metadata we store includes:

  • failure class (the category of problem detected, such as a plugin conflict, WooCommerce error, or authentication failure)
  • triage route (whether the recommended next step is a DIY fix, a settings change, or a developer handoff)
  • platform, page builder, and plugin information
  • whether a credit was consumed and whether the issue was later resolved
  • the timestamp of the session

1.4 Your Description of the Problem

If you type a description of what stopped working or what looks wrong, that text is stored in association with your session. We use this text in aggregate and anonymized form to improve the quality of diagnosis. Do not include passwords, API keys, or sensitive credentials in your description.

1.5 Capture Data (Processed, Not Stored)

When you run a diagnosis, the extension assembles a capture file containing CSS data, browser state, and server data from the site you are diagnosing. This capture file is transmitted to our servers for analysis and diagnosis generation. We use this data to produce the diagnosis and triage recommendation. We do not store the full capture file contents after the diagnosis is complete.

1.6 Credential Scanning

Credential scanning occurs entirely within your browser before any data leaves your device. API keys, authentication tokens, and other sensitive credentials are detected and removed locally by the extension before the capture payload is transmitted. Redacted values are never transmitted to Loupely servers.

1.7 Payment Information

Payment processing is handled entirely by Stripe. We do not collect, store, or have access to your credit card number or other payment card data. Stripe provides us with a record of the transaction (plan purchased, amount, date) but not your card details. Your payment information is governed by Stripe’s privacy policy.

1.8 Usage and Technical Data

We may collect technical data about how you interact with the Services, including which features you use, error logs, and performance data. This information is used to improve reliability and diagnose technical problems with the Services themselves.

2. How We Use the Information We Collect

We use the information we collect for the following purposes:

  • Providing the Services: processing your captures, generating diagnoses, managing your account, and delivering triage guidance.
  • Improving the Services: analyzing diagnostic session metadata and, in anonymized and aggregated form, using diagnosis patterns to improve accuracy and expand the range of failure patterns we can detect.
  • Account management: sending magic link emails, account notifications, and responding to support requests.
  • Billing and payments: managing credit balances, processing plan purchases through Stripe, and maintaining records of transactions. Credits are shared with Loupely Lens under the same account.
  • Security: detecting and investigating abuse, unauthorized access, and fraud.
  • Legal compliance: complying with applicable laws and responding to lawful legal requests.

We do not use your data for advertising. We do not sell your data. We do not use your data to build profiles for use outside the Services.

3. How We Share Information

3.1 Service Providers

We share information with the following service providers as necessary to operate the Services:

  • Supabase: authentication, database, and infrastructure services. Supabase processes authentication event data including email addresses, IP addresses, and timestamps.
  • Anthropic PBC: AI model inference. Sanitized diagnostic capture data is transmitted to Anthropic to generate real human terms diagnoses. Anthropic does not retain API inputs after the request completes.
  • Stripe: payment processing. Transaction records are shared with Stripe to process purchases.
  • Resend: email delivery. Your email address is transmitted to Resend to deliver transactional emails. Resend processes email delivery events on our behalf.

3.2 Legal Disclosures

We may disclose information if required by law, subpoena, court order, or other legal process, or when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud or a security incident.

3.3 Business Transfers

If Loupely LLC is involved in a merger, acquisition, or sale of all or substantially all of its assets, your information may be transferred as part of that transaction. We will notify you by email to your account address and by a prominent notice on our website if a transfer changes how your information is used, and we will give you the opportunity to close your account before the change takes effect.

3.4 No Sale or Advertising Use

We do not sell personal information. We do not transfer personal information to advertising platforms, data brokers, or information resellers. We do not use personal information to determine creditworthiness.

4. Data Retention

We retain account information (email address and authentication records) for as long as your account is active. If you close your account, we delete your email address and authentication records within 30 days, except where retention is required by applicable law or necessary to resolve outstanding disputes or enforce our Terms.

Diagnostic session metadata is retained for up to 30 days to support ongoing improvement of diagnosis accuracy, after which data is deleted or de-identified. Problem descriptions you enter are retained for the same period.

Payment records are retained for 7 years as required by applicable US tax and accounting law.

5. Data Security

We transmit all personal and sensitive data over encrypted connections (HTTPS/TLS). Data stored in Supabase is encrypted at rest. Payment data is processed exclusively by Stripe and never stored on Loupely infrastructure. Credential scanning ensures that API keys and tokens are removed from capture data before leaving your device.

No security system is impenetrable. We cannot guarantee that unauthorized parties will never gain access to your data. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

6. Cookies and Tracking

The Loupely website uses session cookies necessary to maintain your authenticated session. We do not use third-party advertising cookies or behavioral tracking technologies on our website. The Chrome extension does not install cookies on the websites you visit.

We may use basic analytics to understand how users navigate our website (pages visited, time on site, referral source). Where we do so, we use privacy-respecting analytics that do not share data with advertising networks.

7. Your Rights and Choices

7.1 Access and Correction

You may request access to the personal information we hold about you, and you may request correction of inaccurate information, by contacting us at the address in Section 12.

7.2 Deletion

You may request deletion of your account and associated personal information by contacting us at the address in Section 12. We will process deletion requests within 30 days, subject to any retention obligations described in Section 4.

7.3 Data Portability

You may request a copy of the personal information associated with your account in a structured, commonly used, machine-readable format by contacting us at the address in Section 12.

7.4 Opt-Out of Diagnostic Data Use for Improvement

If you do not want your diagnostic session metadata or problem descriptions used for improving the Services, you may opt out by contacting us at the address in Section 12. Opting out does not affect the quality of diagnoses you receive.

7.5 Email Communications

We send transactional emails (magic links, account notifications, purchase confirmations). You cannot opt out of transactional emails while your account is active.

8. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • The right to know what personal information we collect about you, how we use it, and with whom we share it.
  • The right to delete personal information we hold about you, subject to certain exceptions.
  • The right to correct inaccurate personal information.
  • The right to opt out of the sale or sharing of personal information. We do not sell or share personal information as defined under the CCPA.
  • The right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, contact us at the address in Section 12. We will respond to verified requests within 45 days as required by law.

Categories of personal information we collect: identifiers (email address, IP address), internet activity (authentication events, diagnostic session metadata), commercial information (transaction records), and inferences drawn from session and diagnosis metadata to improve diagnosis quality.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

9. International Users and GDPR

Loupely is operated from the United States. If you are accessing the Services from the European Economic Area (EEA), the United Kingdom, or Switzerland, your personal information will be transferred to and processed in the United States. We rely on your consent (provided when you create an account and accept these terms) as the legal basis for processing your personal data.

If you are located in the EEA, UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) or equivalent applicable law, including: the right of access, the right to rectification, the right to erasure, the right to restriction of processing, the right to data portability, the right to object to processing, and the right to withdraw consent at any time.

To exercise any of these rights, contact us at the address in Section 12.

10. Children’s Privacy

The Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will delete that information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated policy at useloupely.com and update the “Last Updated” date at the top of this document. For material changes, we will provide advance notice by email to your account address. Your continued use of the Services after the effective date of an updated Privacy Policy constitutes your acceptance of the changes.

12. Contact

For questions about this Privacy Policy, to exercise your privacy rights, or to submit a data request:

Loupely LLC

Scranton, Pennsylvania

privacy@useloupely.com

useloupely.com

We will acknowledge receipt of privacy-related inquiries within 5 business days and respond to substantive requests within 30 days (or 45 days for CCPA requests), subject to any extensions permitted by applicable law.