Privacy Policy

1. Introduction

Supascale ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our self-hosted Supabase management platform ("Service").

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Name and email address
• Billing information (processed securely by Stripe)
• Account credentials (passwords are hashed and never stored in plain text)

2.2 Service Data

We automatically collect certain information when you use the Service:

• Login activity and timestamps
• License activation and validation records
• Support request history
• IP addresses for security purposes

2.3 Your Supabase Project Data

We do not collect, access, or store any data from your Supabase instances. Supascale runs entirely on your infrastructure. Your databases, storage files, user data, and application data remain on your servers under your exclusive control. We have no technical ability to access this data.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve the Service
• To process transactions and send related information
• To send technical notices, updates, and support messages
• To respond to your comments, questions, and requests
• To monitor and analyze usage trends to improve user experience
• To detect, investigate, and prevent fraudulent transactions and abuse
• To comply with legal obligations

4. What We Do Not Do

We are committed to the following practices:

• We do not use your data to train AI models or machine learning systems
• We do not sell your personal information to any third parties
• We do not share your data with third parties for their marketing purposes
• We do not access your Supabase project data — it stays on your infrastructure
• We do not engage in data mining or profiling for advertising

5. Data Retention

5.1 Active Accounts

We retain your account information for as long as your account is active or as needed to provide you services.

5.2 Account Deletion

If you request account deletion, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention).

5.3 Backup Retention

System backups containing your data may persist for up to 30 days after deletion before being permanently removed.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• TLS 1.2+ encryption for all data in transit
• Encryption of sensitive data at rest
• Regular security assessments and penetration testing
• Role-based access controls
• Secure password hashing using industry-standard algorithms
• Regular security updates and patch management

7. Third-Party Services

We use the following third-party services to operate our business:

• Stripe — Payment processing. Stripe's privacy policy: stripe.com/privacy
• Email service provider — Transactional emails (account verification, password resets, receipts)

These services have their own privacy policies governing their use of your information. We encourage you to review them.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — Request a copy of the personal data we hold about you
• Correction — Request correction of inaccurate or incomplete data
• Deletion — Request deletion of your personal data
• Objection — Object to processing of your data in certain circumstances
• Portability — Request transfer of your data to another service
• Withdrawal — Withdraw consent where processing is based on consent

To exercise these rights, please contact us through our contact form.

9. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect and how it is used
• The right to request deletion of your personal information
• The right to opt-out of the sale of personal information (note: we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• The right to lodge a complaint with a supervisory authority
• The right to restrict processing of your personal data
• The right to receive your data in a structured, commonly used format

Our legal basis for processing your personal data includes: contract performance, legitimate interests, and consent where applicable.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable law.

12. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete that information promptly. If you believe we have collected information from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes constitutes acceptance of the modified Privacy Policy.