Loupely uses a small number of external services to function. When your data passes through one of them, their privacy practices govern how it’s handled.
Supabase: handles authentication, database storage, and infrastructure for all Loupely products. When you sign in with a magic link, Supabase generates and verifies the token. Supabase stores your email address, authentication events, and session tokens. Supabase does not have access to your diagnostic capture data or your WordPress site information. Supabase is SOC 2 Type 2 certified and GDPR-compliant.
Stripe: handles all payment processing. When you Purchase Credits or a plan, your card number goes from your browser to Stripe directly. Loupely receives a record of the transaction, not the card number. Stripe is PCI Service Provider Level 1 certified.
Resend: handles Transactional Email delivery, including magic link sign-in emails and account notifications. Resend receives your email address for the purpose of delivering these messages.
These three services cover the full scope of third-party data handling for Loupely. No data is sold or shared with any advertising or analytics platform.