Privacy policy

Loupe is built so that the hard questions don't have to be asked. This page is the short version of the data story; the long version is the source code.

What Loupe never sees

• Your screen contents.
• Your keystrokes, clicks, or touch input.
• Your clipboard.
• Your device names, your Apple ID, your iCloud data.

The screen stream and input channel are end-to-end encrypted with DTLS-SRTP between your two devices. The signaling server only relays SDP offers, answers, and ICE candidates — it does not have the keys, and it cannot decrypt the media.

What the public signaling server sees

If you use the default theloupe.team signaling endpoint, the server sees:

• That two devices are negotiating a session (timestamps, IP addresses).
• The encrypted SDP blobs and ICE candidates (it cannot decrypt them).
• Aggregate rate-limit counters per IP for abuse protection.

This metadata is kept in memory only, for the lifetime of a session (typically under 60 seconds idle), and is not logged to disk by default. Server logs are rotated daily and retained for 14 days.

What you give us when you join the waitlist

• Your email address.
• The page that referred you (e.g. / vs /docs/pricing.html).
• A timestamp.

The waitlist is stored on a single file on the Loupe server and is not shared with third parties. When the beta opens, we email you once. You can ask us to delete your email at any time by replying to that email.

Cookies and tracking

Loupe does not set any tracking cookies. The site does not embed any third-party scripts, fonts, analytics, tag managers, or pixels. There is no Facebook pixel, no Google Analytics, no Mixpanel, no Segment, no Hotjar. The site is fully static except for the waitlist form and the pairing API.

On-device permissions (camera)

The iOS and macOS controllers can scan a QR code from your Loupe host to pair. Scanning happens entirely on your device using Apple's AVFoundation framework. The decoded token never leaves the controller unless you explicitly tap Connect. No images from the camera are recorded, stored, transmitted, or analysed beyond the single QR decode that hands you back into the pairing flow.

Camera access is requested the first time you tap Scan QR code. You can revoke it at any time in System Settings → Privacy & Security → Camera (macOS) or Settings → Loupe → Camera (iOS). The controller continues to work for token-paste and token-file pairing without camera access.

If you self-host

If you run your own signaling server (see the self-host guide), none of your session metadata reaches us. You are the operator; you decide your own retention policy.

Your rights (GDPR / DSGVO)

You have the right to access, correct, and delete any personal data we hold about you. For the waitlist this means your email address and the timestamp it was added. To exercise these rights, email privacy@theloupe.team. We respond within 30 days.

Changes to this policy

Material changes are announced on the GitHub release page and, if you are on the waitlist, by email. The current version is always the one served from this URL.

Last updated: 2026-06-19.