Privacy Policy (Older Version)

Last Modified: 14 April 2023

Thank you for your interest in Supabase, Inc., ("Supabase," "we", "our" or "us"). Supabase provides a suite of open source tools, stitched together to build a seamless developer experience. This Privacy Notice explains how information about you, that directly identifies you, or that makes you identifiable ("personal information") is collected, used and disclosed by Supabase in connection with our website at supabase.com (the "Site") and our services offered in connection with the Site (collectively with the Site, the "Service").

We may also provide you with additional privacy notices or disclosures where the scope of the inquiry, request, or personal information we require falls outside the scope of this Privacy Notice. In that case, the additional Privacy Notice or disclosures will govern how we may process the information you provide at that time. Please note that this Privacy Notice does not cover or apply to our processing of information about our employees or contractors.

This Policy explains how we use your personal information when we act as a data controller. As far as you use our Service as a natural person, we are the controller of your personal information. We are responsible for, and control, the processing of your personal information.

Wherever our customers use our Service to submit, manage, or otherwise use content relating to our customers’ end users ("Customer Data") during the provision of our Service, we have contractually committed ourselves to only process such information on behalf and under the instruction of the respective customer, who is the data controller. This Privacy Notice does not apply to such processing and we recommend you read the Privacy Notice of the respective customer, if their processing concerns your personal information.

Region-specific Disclosures

  • California - Your California Privacy Rights: If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of personal information to third parties for their direct marketing purposes during the immediately preceding calendar year. Note we do not share your personal information with third parties for their own marketing purposes.
  • Nevada: Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. Note we do not sell your personal information within the meaning of Chapter 603A. However, if you would still like to submit such a request, please contact us at support@supabase.io.
  • European Economic Area, United Kingdom or Switzerland: If you are located in the European Economic Area ("EEA"), United Kingdom or Switzerland, or otherwise engage with Supabase’s European operations, please see the Privacy Disclosures for the European Economic Area, United Kingdom and Switzerland for additional European-specific privacy disclosures, including what constitutes your personal information, the lawful bases we rely on to process your personal information, how we use cookies when you access our Sites from the EEA, UK or Switzerland and your rights in respect of your personal information.

Note for International Visitors: Personal information may be transferred to, stored and processed in a country other than the one in which it was collected. For example, the Sites are primarily hosted in and provided from the United States. Please note the country to which personal data is transferred may not provide the same level of protection for personal information as the country from which it was transferred.

1. Information we collect and our use

We collect personal information in connection with your visits to and use of the Service. This collection includes information that you provide in connection with the Service, information from third parties, and information that is collected automatically such as through the use of cookies and other technologies.

Information That You Provide

We collect personal information from you. The categories of information we collect can include:

  • Registration information. We collect personal and/or business information that you provide when you register for an account at the Site. This information may include your name, email address, GitHub username. We use this information to administer your account, provide you with the relevant services and information, communicate with you regarding your account, the Site and for customer support purposes.
  • Information collected through the Use of the Service. After registration, you may create, upload or transmit files, documents, videos, images, data or information as part of your use of the Service (collectively, "User Content"). User Content and any information contained in the User Content, including personal information you may have included, is stored and collected as part of the Service. You have full control of the information included in the User Content.
  • Payment information. If you make a purchase or payment on the Site, such as for a subscription, we collect transactional information provided in connection with your purchase or payment. Please note that we use third party payment processors, including Stripe, to process payments made to us. As such, we do not retain any personally identifiable financial information such as credit card numbers. Rather, all such information is provided directly by you to our third-party processor. The payment processor’s use of your personal information is governed by their privacy notice. To view Stripe’s privacy notice, please visit: - Payment information. If you make a purchase or payment on the Site, such as for a subscription, we collect transactional information provided in connection with your purchase or payment. Please note that we use third party payment processors, including Stripe, to process payments made to us. As such, we do not retain any personally identifiable financial information such as credit card numbers. Rather, all such information is provided directly by you to our third-party processor. The payment processor’s use of your personal information is governed by their privacy notice. To view Stripe’s privacy notice, please visit: https://stripe.com/privacy.
  • Communications. If you communicate with us through any paper or electronic form, we may collect your name, email address, mailing address, phone number, or any other personal information you choose to provide to us. We use this information to investigate and respond to your inquiries, and to communicate with you, to enhance the services we offer to our users and to manage and grow our organization. If you register for our newsletters or updates, we may communicate with you by email. To unsubscribe from promotional messages, please follow the instructions within our messages and review the Control Over Your Information section below. If you become a contributor, we may also collect your GitHub name and feature you on our website.
  • Inquiries and Feedback. If you contact us, we will collect the information that you provide us, such as your contact information and the contents of your communication with us.

You are free to choose which personal information you want to provide to us or whether you want to provide us with personal information at all. However, some information, such as your name, address, payment transaction information, and information on your requested Services may be necessary for the performance of our contractual obligations.

Information from Third Party Sources

We may receive personal information about you from our business partners and service providers and combine this information with other data we collect from you. The third-parties may include website and service operators, payment processors, marketing partners, and shipping providers. The information may include contact information, demographic information, information about your communications and related activities, and information about your orders. We may use this information to administer and facilitate our services, your orders and our marketing activities.

  • Single Sign-On. We use single sign-on ("SSO") such as GitHub to allow a user to authenticate their account using one set of login information. We will have access to certain information from those third parties in accordance with the authorization procedures determined by those third parties, including, for example, your name, username, email address, language preference, and profile picture. We use this information to operate, maintain, and provide to you the features and functionality of the Service. We may also send you service-related emails or messages (e.g., account verification, purchase confirmation, customer support, changes or updates to features of the Site, technical and security notices).
  • Social Media. When you interact with our Site through various social media, such as when you click on the social media icon on the Site, follow us on a social media site, or post a comment to one of our pages, we may receive information from the social network such as your profile information, profile picture, gender, user name, user ID associated with your social media account, age range, language, country, and any other information you permit the social network to share with third parties. The data we receive is dependent upon your privacy settings with the social network. We use this information to operate, maintain, and provide to you the features and functionality of the Service, as well as to communicate directly with you, such as to send you email messages about products and services that may be of interest to you.
  • Employment Applications. If you apply for employment, we collect your contact and demographic information, educational and work history, employment interests, information obtained during interviews and any other information you choose to provide. We use the information provided to evaluate your candidacy for employment, to communicate with you during the application process and to facilitate the onboarding process.
  • Information from Other Sources. We may obtain information from other sources, including through third-party information providers, our shareholders, customers, or through transactions such as mergers and acquisitions. We may combine this information with other information we collect from or about you. In these cases, our Privacy Notice governs the handling of the combined personal information. We use this information to operate, maintain, and provide to you the features and functionality of the Service, as well as to communicate directly with you, such as to send you email messages about products and services that may be of interest to you.

Other Uses of Personal Information

In addition to the uses described above, we may collect and use personal information for the following purposes:

  • For our business activities, including to operate the Service and to provide you with the features and functionality of the Service;
  • To communicate with you and respond to your requests, such as to respond to your questions, contact you about changes to the Service, and communicate about account related matters;
  • For marketing and advertising purposes, such as to market to you or offer you with information and updates on our products or services we think that you may be interested in. While we may use your personal information in this manner, please note that we do not use User Content to serve you ads, and we will never share User Content with any third parties for marketing or advertising purposes, unless you have explicitly submitted it to us for that purpose;
  • For analytics and research purposes;
  • To enforce our Terms of Service, to resolve disputes, to carry out our obligations and enforce our rights, and to protect our business interests and the interests and rights of third parties;
  • To comply with contractual and legal obligations and requirements;
  • To fulfill any other purpose for which you provide personal information; and
  • For any other lawful purpose, or other purpose that you consent to.

2. How we share personal information

We may share your personal information in the instances described below. For further information on your choices regarding your information, see Control Over Your Information.

  • We may share your personal information with third-party service providers or business partners who help us deliver or improve our Site or services, or who perform services on our behalf, which are subject to reasonable confidentiality terms, and may include processing payments, providing web hosting services, or providing analytics.
  • Third parties as required by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our Terms of Service or other agreements or to protect the security or integrity of the Supabase services, including to prevent harm or financial loss, or in connection with preventing fraud or illegal activity; and/or (c) to exercise or protect the rights, property, or personal safety of Supabase, our Customers, visitors, or others.
  • We may share with other companies and brands owned or controlled by Supabase, and other companies owned by or under common ownership as Supabase. These companies will use your personal information in the same way as we can under this Privacy Notice.
  • We may transfer any information we collect in the event we sell or transfer all or a portion of our business or assets (including any shares in the company) or any portion or combination of our products, services, businesses and/or assets. Should such a transaction occur (whether a divestiture, merger, acquisition, bankruptcy, dissolution, reorganization, liquidation, or similar transaction or proceeding), we will use reasonable efforts to ensure that any transferred information is treated in a manner consistent with this Privacy Notice.
  • We may disclose your information publicly or with another third party with your prior authorization.
  • With others in an aggregated or otherwise anonymized form that does not reasonably identify you directly as an individual.

3. Control over your information

Email Communications

From time to time, we may send you emails regarding updates to our Service, products or services, notices about our organization, or information about products/services we offer (or promotional offers from third parties) that we think may be of interest to you. If you wish to unsubscribe from such emails, simply click the "unsubscribe link" provided at the bottom of the email communication. Note that you cannot unsubscribe from certain services-related email communications (e.g., account verification, confirmations of transactions, technical or legal notices).

Modifying Account Information

If you have an online account with us, you have the ability to modify certain information in your account (e.g., your contact information) through the account options provided on the Site. If there is personal information in your User Content, you can use the features and functionality of the Service to edit or delete the personal information or User Content. Not all personal information is maintained in a format that you can access or change. If you would like to request access to, or correction or deletion of personal information, you may send your request to us at the email provided below. We will review your request and may require you to provide additional information to identify yourself, but we do not promise that we will be able to satisfy your request.

4. How We Use Cookies and Other Tracking Technology to Collect Information

We, and our third-party partners, automatically collect certain types of usage information when you visit our Site, read our emails, or otherwise engage with us.  We typically collect this information through a variety of tracking technologies, including cookies, web beacons, embedded scripts, location-identifying technologies, file information, and similar technology (collectively, "tracking technologies").

We, and our third-party partners, use tracking technologies to automatically collect usage and device information, such as:

  • Information about your device and its software, such as your IP address, browser type, Internet service provider, device type/model/manufacturer, operating system, date and time stamp, and a unique ID that allows us to uniquely identify your browser or your account (including, for example, a persistent device identifier), and other such information.
  • When you access our sites from a mobile device, we may collect unique identification numbers associated with your device or our mobile application mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, and depending on your mobile device settings, we may be able to approximate a device’s location by analyzing other information, like an IP address.
  • Information about the way you access and use our services, for example, the site from which you came and the site to which you are going when you leave our services, the pages you visit, the links you click, whether you open emails or click the links contained in emails, whether you access the services from multiple devices, and other actions you take on the Sites.

We use the data collected through tracking technologies to:  (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the site; (b) provide custom content and information; (c) identify you across multiple devices; (d) provide and monitor the effectiveness of our services; (e) monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our Site; (f) diagnose or fix technology problems; and (g) to provide, plan for, and enhance our services.

Note we do not engage in online targeted advertising.

Cookies and Other Tracking Technologies Opt-Out. Depending on your browser or mobile device, you may be able to set your browser to delete or notify you of cookies and other tracking technology by actively managing the settings on your browser or mobile device.

If you would prefer not to accept cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Please note that doing so may negatively impact your experience using the sites, as some features and services on our sites may not work properly. Depending on your mobile device and operating system, you may not be able to delete or block all cookies. You may also set your e-mail options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our e-mail and performed certain functions with it.

5. Data Retention and Security

We will retain your personal information for the length of time needed to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is required or permitted by law. We store data on servers in the U.S. or any other country in which Supabase or its affiliates, subsidiaries, agents or contractors maintain facilities. If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that your personal information may be transferred to a country and jurisdiction that does not have the same data protection laws as your jurisdiction. When you register for use with Supabase you have the option of where you store your information and we will not transfer it without providing information to you in advance.

Supabase cares about the security of your information and uses commercially reasonable physical, technical and organizational measures designed to preserve the integrity and security of all information we collect. However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.

For your convenience, our Site may provide links to third-party websites or services that we do not own or operate. We are not responsible for the practices employed by any websites or services linked to or from the services, including the information or content contained within them. Your browsing and interaction on any other website or service are subject to the applicable third party’s rules and policies, not ours. If you are using a third-party website or service, you do so at your own risk. We encourage you to review the privacy policies of any site or service before providing any personal information.

7. Children’s Privacy

Our services are not intended for children under the age of 13. We do not knowingly solicit or collect personal information from children under the age of 13. If we learn that any personal information has been collected inadvertently from a child under 13, we will delete the information as soon as possible. If you believe that we might have collected information from a child under 13, please contact us at privacy@supabase.io.

8. Changes to Privacy Notice

We reserve the right to change this Privacy Notice from time to time in our sole discretion. We will notify you about material changes in the way we treat personal data by sending a notice to the primary email address specified in your Supabase account and/or by placing a prominent notice on our Site. It is your responsibility to review this Privacy Notice periodically. When we do change the Privacy Notice, we will also revise the "last modified" date.

9. Contact Us

For additional inquiries about this Privacy Notice, please send us an email at privacy@supabase.io.

This Privacy Notice was last modified on 27th March 2021

Privacy disclosures for the European economic area, United Kingdom, and Switzerland.

While we are primarily based in the United States, Supabase maintains operations in Europe and may direct our services to individuals located in the European Economic Area ("EEA"), United Kingdom and Switzerland, including through our Site supabase.com (collectively, our "European Services"). The following disclosures ("Privacy Disclosures") apply to our processing of personal data in connection with our European Services.

Supabase, Inc. is the data controller responsible for the processing of personal data in connection with our European Services. This means that we determine and are responsible for how your personal information is used.

Personal Data: When we use the term "personal data" in this section, we mean information relating to an identified or identifiable natural person.

1. Personal data we collect from you when you use the Supabase European Services, and how we use it.

We collect the categories of personal data that you voluntarily submit directly to us when you use the European Services, as set forth in our Privacy Notice under the section entitled Information We Collect and Our Use. The table at Annex 1 sets out in detail the categories of personal data we collect about you and how we use that information when you use the European Services, as well as the legal basis which we rely on to process the personal information and recipients of that personal information.

2. Information we collect about you automatically.

We also automatically collect personal information indirectly about how you access and use the European Services, and information about the device you use to access the European Services. For example, we may collect:

(a) information about the features you use and the pages you view on the European Services;

(b) information about your device (such as your IP address, device identifier, device type, model and manufacturer); and

(c) information about your usage patterns (such as how often you use the Supabase European Services and your language settings).

We use this information to provide you the features and functionality of the European Services, to monitor and improve the European Services and to develop new services.

The table at Annex 2 sets out further information about the categories of personal information we collect about you automatically and how we use that information. The table also lists the legal basis which we rely on to process the personal information and recipients of that personal information.

We may link or combine the personal information we collect about you and the information we collect automatically.

We may anonymise and aggregate any of the personal information we collect (so that it does not directly identify you). We may use anonymised information for purposes that include testing our IT systems, research, data analysis, improving the Supabase European Services. We may also share such anonymised and aggregated information with others.

3. How long will we store your personal information

We will usually store the personal information we collect about you for no longer than necessary for the purposes set out in Annex 1 and Annex 2, in accordance with our legal obligations and legitimate business interests.

The criteria used to determine the period for which personal information about you will be retained varies depending on the legal basis under which we process the personal information:

  1. Legitimate Interests. Where we are processing personal information based on our legitimate interests, we generally will retain such information for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of data subjects.
  2. Consent. Where we are processing personal information based on your consent, we generally will retain the information until you withdraw your consent, or otherwise for the period of time necessary to fulfill the underlying agreement with you or provide you with the applicable service for which we process that personal information.
  3. Contract. Where we are processing personal information based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.
  4. Legal Obligation. Where we are processing personal information based on a legal obligation, we generally will retain the information for the period of time necessary to fulfill the legal obligation.
  5. Legal Claim. We may need to apply a "legal hold" that retains information beyond our typical retention period where we face threat of legal claim.  In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.

In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the personal information, as well as the potential risk of harm from unauthorized use or disclosure of your personal information.

4. Recipients of Personal Information

In addition to the recipients listed in Annexes 1 and 2, we may also share your personal information with the following (as required in accordance with the uses set out in Annexes 1 and 2):

  1. Service providers and advisors: we may share your personal information with third party vendors and other service providers that perform services for us or on our behalf, which may include providing professional services, such as legal and accounting services, mailing, email or chat services, fraud prevention, web hosting, or providing analytic services.
  2. Affiliates. Other companies owned by or under common ownership as Supabase, including our subsidiaries (i.e., any organization we own or control) and our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns. These companies will use your personal information in the same way as we can under these Privacy Disclosures.
  3. Purchasers and third parties in connection with a business transaction: your personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business.
  4. Law enforcement, regulators and other parties for legal reasons: we may share your personal information with third parties as required by law or if we reasonably believe that such action is necessary to (i) comply with the law and the reasonable requests of law enforcement; (ii) detect and investigate illegal activities and breaches of agreements, including our Terms; and/or (iii) exercise or protect the rights, property, or personal safety of Supabase, its users or others.

5. Marketing and Advertising

From time to time we may contact you with information about our services, including sending you marketing messages and asking for your feedback on our services. Most marketing messages we send will be by email. For some marketing messages, we may use personal information we collect about you to help us determine the most relevant marketing information to share with you.

We will only send you marketing messages if you have given us your consent to do so. You can withdraw your consent at a later date by clicking on the unsubscribe link at the bottom of our marketing emails or by updating your preferences via your account on the Site.

6. Storing and transferring your personal information

Security. We implement appropriate technical and organizational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. All personal information we collect will be stored by our cloud hosting provider on secure servers. We will never send you unsolicited emails or contact you by phone requesting credit or debit card information or national identification numbers.

International Transfers of your Personal Information. The personal information we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third party service providers have operations. If you are located in the EEA, United Kingdom or Switzerland, your personal information may be processed outside of those regions, including in the United States.

In the event of such a transfer, we ensure that: (i) the personal information is transferred to countries recognized as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission.

If you wish to enquire further about these safeguards used, please contact us using the details set out at the end of these Privacy Disclosures.

7. Profiling

We may analyze personal data we have collected about you to create a profile of your interests and send product updates. We may also use personal data about you to detect and reduce fraud.

8. Your rights in respect of your personal information

In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:

  1. Right of access. You have the right to obtain:
    1. confirmation of whether, and where, we are processing your personal information;
    2. information about the categories of personal information we are processing, the purposes for which we process your personal information and information as to how we determine applicable retention periods;
    3. information about the categories of recipients with whom we may share your personal information; and
    4. a copy of the personal information we hold about you.
  2. Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
  3. Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
  4. Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.
  5. Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
  6. Right to withdraw consent. There are certain circumstances where we require your consent to process your personal information. In these instances, and if you have provided consent, you have the right to withdraw your consent. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information before your withdrawal.

You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.

You also have the right to lodge a complaint to your local data protection authority. If you are based in the European Union, information about how to contact your local data protection authority is available here. If you are based in the UK or Switzerland, your local data protection authorities are the UK Information Commissioner's Office (https://ico.org.uk/global/contact-us/) and the Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact/address.html).

If you wish to exercise one of these rights, please contact us using the contact details at the end of these Privacy Disclosures.

Due to the confidential nature of data processing we may ask you to provide proof of identity when exercising the above rights. This can be done by providing a scanned copy of a valid identity document or a signed photocopy of a valid identity document.

9. Cookies and similar technologies used on our European Services

Our European Services uses cookies and similar technologies such as pixels and Local Storage Objects (LSOs) like HTML5 (together "cookies") to distinguish you from other users of our European Services. This helps us to provide you with a good experience when you browse our European Services and also allows us to monitor and analyse how you use and interact with our European Services so that we can continue to improve our European Services.

Cookies are pieces of code that allow for personalization of our European Services experience by saving your information such as user ID and other preferences. A cookie is a small data file that we transfer to your computer's hard disk for record-keeping purposes.

We use the following types of cookies:

  1. Strictly necessary cookies. These are cookies that are required for the operation of our European Services. They include, for example, cookies that enable you to log into secure areas of our European Services.

Please see Annex 3 for more information about the cookies we use on the European Services.

Most browsers also allow you to change your cookie settings to block certain cookies. Depending on your mobile device and operating system, you may not be able to delete or block all cookies. Please note that if you choose to refuse all cookies you may not be able to use the full functionality of our European Services. These settings will typically be found in the "options" or "preferences" menu of your browser. In order to understand these settings, the following links may be helpful, otherwise you should use the "Help" option in your browser for more details.

If you would like to find out more about cookies and other similar technologies, please visit allaboutcookies.org.

Please note that deleting or blocking cookies may not be effective for all types of tracking technologies, such as Local Storage Objects (LSOs) like HTML5.

10. Tracking technologies used in our emails

Our emails may contain tracking pixels that identify if and when you have opened an email that we have sent you, how many times you have read it and whether you have clicked on any links in that email. This helps us measure the effectiveness of our marketing email campaigns, make the emails we send to you more relevant to your interests and to understand if you have opened and read any important administrative emails we might send you.

Most popular email clients will allow you to block these pixels by disabling certain external images in emails. You can do this through the settings on your email client – these generally give you the option of choosing whether emails will display "remote images", "remote content" or "images" by default.

Some browsers also give you the option of downloading and installing extensions that block pixels and other tracking technologies.

Annex 1 – Personal information you provide to us

Category of Personal InformationHow we may use the Personal InformationLegal Bases for ProcessingRecipients of Personal Information
Contact information, such as first name, last name and email address.We may use this information to set up and authenticate your account on the Service.The processing is necessary for the performance of a contract with you and to take steps prior to entering into a contract with you, namely our Terms of Service.

We may share this information with the following service providers through the provision of the Service: Segment, Auth0, Stripe, Intercom, Hubspot, Mixpanel, Notion, Slack, Amazon Web Services, and BigQuery (Google Cloud).

We may use this information to communicate with you, including sending service-related communications.The processing is necessary for the performance of a contract with you, namely our Terms of Service.
We may use this information to deal with enquiries and complaints made by or about you relating to the Service.The processing is necessary for our legitimate interests, namely administering the Service, and for communicating with you effectively to respond to your queries or complaints.
We may use this information in connection with providing you with marketing communications in accordance with your preferences.We will only use your personal information in this way to the extent you have given us consent to do so.
Your registration / account information such as your full name, email, and password.

We may use this information to create your account on the Service.

The processing is necessary for the performance of a contract with you.

We may share this information with the following service providers through the provision of the Service: Segment, Auth0, Stripe, Amazon Web Services.

We use this information to deal with enquiries and complaints made by or about you relating to the Service.

The processing is necessary for our legitimate interests, namely for communicating with our members effectively to respond to any queries or complaints.
Payment transaction information. When you make a purchase, we may collect information such as your billing address and other information such as date and time of your transaction.

We may use this information to process your orders through the Service.

The processing is necessary for the performance of a contract.

We may share this information with the following service providers through the provision of the Service: Stripe, and Amazon Web Services.

We may use this information to verify your identity in connection with the detection and prevention of fraud or financial crime.The processing is necessary for our and third partiers' legitimate interests, namely the detection and prevention of fraud and financial crime.
Approximate Location information. When you visit our Service, we may collect information about your location. This information may be derived from WiFi positioning or your IP address.We may use information to present the Service to you on your device.The processing is necessary for performance of a contract with you.

We may share this information with the following service providers through the provision of the Service: Sentry, BigQuery (Google Cloud), and Amazon Web Services.

We may use this information to localise features of the Service.The processing is necessary for our legitimate interest, namely localising features of the Service and tailoring the Service so that it is more relevant to our users.
We may use this information to determine content that may be of interest to you.The processing is necessary for our legitimate interests, namely tailoring the Service so that it is more relevant to you.
Chat, comments and opinions. When you contact us directly, e.g. by email or phone we will record your comments and opinions.We may use this information to address your questions, issues and concerns.The processing is necessary for our legitimate interests, namely communicating with you and responding to queries, complaints and concerns.

We may share this information with the following service providers through the provision of the Service: Intercom, Hubspot, Google Gsuite, and Slack.

We may use this information to improve the Service.The processing is necessary for our legitimate interests (to develop and improve our service).
Information received from third parties, such as social networks. If you interact with us through a social network, we may receive information from the social network such as your name, profile information, and any other information you permit the social network to share with third parties. We use single sign-on ("SSO") such as GitHub to allow a user to authenticate their account using one set of login information. The data we receive is dependent on your privacy settings with the social network.We may use this information to reshare content created through the use of the ServiceThe processing is necessary for our legitimate interests (to develop our service and inform our marketing strategy)We may share this information with the following service providers through the provision of the Service: Auth0 and Slack.

We may use this information to authenticate you and allow you to access the Service.

The processing is necessary for the performance of a contract with you.
Your preferences, such as preferences set for notifications, marketing communications, how the Service is displayed and the active functionalities on the Service.

We use this information to provide notifications, send news, alerts and marketing communications and provide the Service in accordance with your choices.

The processing is necessary for our legitimate interest, namely ensuring the user receives the correct marketing and other communications, and that this is displayed in accordance with the user's preferences.

We may share this information with the following service providers through the provision of the Service: Segment, Intercom and Hubspot.

We use this information to ensure that we comply with our legal obligation to send only those marketing communications to which you have consented.

The processing is necessary for compliance with a legal obligation to which we are subject.

Annex 2 – Personal information collected automatically

Category of personal informationHow we may use itLegal basis for the processingRecipients of Personal Data
Approximate location information. Other than information you choose to provide to us, we do not collect information about your precise location. Your device’s IP address may however help us determine an approximate location.We may use information you provide to us about your location to monitor and detect fraud or suspicious activity in relation to your Supabase account.The processing is necessary for our legitimate interests, namely to protect our business and your account from fraud and other illegal activities.

Approximate location information: We may share this information with the following service providers through the provision of the Service: Sentry, BigQuery (Google Cloud), and Amazon Web Services.

Information about how you access and use the Service. We may share this information with the following service providers through the provision of the Service: Segment, Mixpanel, Intercom, Hubspot, BigQuery (Google Cloud), and Amazon Web Services.

Log files and information about your device. We may share this information with the following service providers through the provision of the Service: Segment, Mixpanel, Intercom, Hubspot, Sentry, BigQuery (Google Cloud), and Amazon Web Services.

We may use this information to tailor how the Service is displayed to you (such as the language in which it is provided to you).The processing is necessary for our legitimate interest, namely tailoring our service so that it is more relevant to our users.
Information about how you access and use the Service. For example, how frequently you access the Service, the time you access the Service and how long you use it for, the approximate location that you access the Service from, the site from which you came and the site to which you are going when you leave our website, the website pages you visit, the links you click, whether you open emails or click the links contained in emails, whether you access the Service from multiple devices, and other actions you take on the Service.

We may use information about how you use and connect to the Service to present the Service to you on your device.

The processing is necessary for our legitimate interests, namely to tailor the Service to the user.
We may use this information to determine products and services that may be of interest to you for marketing purposes.The processing is necessary for our legitimate interests, namely to inform our direct marketing.

We may use this information to monitor and improve the Service and business, resolve issues and to inform the development of new products and services.

The processing is necessary for our legitimate interests, namely to monitor and resolve issues with the Service and to improve the Service generally.
Log files and information about your device. We also collect information about the tablet, smartphone or other electronic device you use to connect to the Service. This information can include details about the, operating systems, browsers and applications connected to the Service through the device and your IP address.

We may use information about how you use and connect to the Service to present the Service to you on your device.

The processing is necessary for our legitimate interests, namely to tailor the Service to the user.

We may use this information to monitor and improve the Service and business, resolve issues and to inform the development of new products and services.

The processing is necessary for our legitimate interests, namely to monitor and resolve issues with the Service and to improve the Service generally.

Annex 3 - Cookies

Cookie NameType of cookieHow long does the cookie stay on my device?Purpose of the cookie

a0:session

Strictly necessary1 DayAuthentication Purposes.

a0:state

Strictly necessary2 HoursAuthentication Purposes.

youtube-nocookie

Strictly necessaryPersistent

Privacy-enhanced cookie, essential for embedded videos. Link.

Privacy Enhanced Mode allows you to embed YouTube videos without using cookies that track viewing behavior. This means no activity is collected to personalize the viewing experience.

Annex 4 - Information you submit through our Supabase AI tool

When you submit a support query through our chatbot tool, we will collect the content of your query and information about the databases and other content you manage through the Service. We will only collect information about the structure of your databases and content, such as column and row headings or other information about how that content is organized. We will not access the content of the databases itself or the information you manage through the Service.

How we use the Personal InformationLegal Bases for ProcessingRecipients of Personal Information
When you use the chatbot to submit queries through your own individual account, we will use this information to generate automated responses to your query.The processing is necessary for the performance of a contract with you, namely our Terms of Service.We may share this information with the following service providers through the provision of the Service: OpenAI, LLC and its affiliates.
We use this information to assess the performance of the chatbot tool and improve the Service.The processing is necessary for our legitimate interests (to develop and improve our service).We may share this information with the following service providers through the provision of the Service: OpenAI, LLC and its affiliates.