A security incident at Loupely means unauthorized access to, or unauthorized disclosure of, user data. That includes unauthorized access to Loupely’s servers or database, a breach of Supabase (which handles authentication and storage), exposure of user email addresses or account records, or a vulnerability in the Chrome extension or WordPress Plugin that allowed unauthorized data access.
Suspected vulnerabilities that haven’t been exploited are handled through the vulnerability reporting process, not this one.
How Loupely responds to an incident #
When a confirmed incident occurs, the immediate priority is containment: stopping the unauthorized access and assessing the scope of what was exposed. Affected accounts are identified, and users whose data was involved are notified with specific information about what happened, what data was affected, and what actions Loupely is taking. The goal is notification within 72 hours of confirmation.
After containment, the cause is investigated, the vulnerability is patched, and a post-incident summary is made available.
If you believe you’ve experienced something that looks like unauthorized account access or data exposure related to Loupely, contact security@useloupely.com. If you’ve found a vulnerability rather than an incident, see Reporting a Security Vulnerability.