Privacy Policy
Last Modified: 9 Oct 2024
Previous Version: 4 Aug 2024
Thank you for your interest in Supabase, Inc., ("Supabase," "we", "our" or "us"). Supabase provides a suite of open source tools, stitched together to build a seamless developer experience. This Privacy Notice explains how information about you, that directly identifies you, or that makes you identifiable ("personal information") is collected, used and disclosed by Supabase in connection with our website at supabase.com (the "Site") and our services offered in connection with the Site (collectively with the Site, the "Service").
What Does This Privacy Notice Apply To?
This Privacy Notice explains how we use your personal information when you use the Service, either as an individual customer or when you access the Service through one of our enterprise customers' accounts. We are the data controller of your personal information when we use it as described in this Privacy Notice, meaning that we determine and are responsible for how your personal information is processed.
Our Service allows customers to submit, manage or otherwise use content relating to others, such as end users of applications built and managed through the Service or their employees and contractors (“Customer Data”). We use such Customer Data primarily as a processor, meaning we process such Customer Data on behalf of and under the instructions of the relevant customer, in accordance with our data processing addendum. This Privacy Notice does not apply to such processing; if you believe your personal information has been included in any Customer Data, we recommend you read the Privacy Notice of the respective customer.
This Privacy Notice sets out how we use personal information. It does not cover our use of information that is not "personal information", "personal information" or similar terms under applicable law. This means that it does not cover our use of aggregated or anonymized information.
Where applicable law permits, it also does not cover deidentified information, meaning information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual (please note that this would not apply to personal information collected from you if you are in the UK, EEA or Switzerland).
We may also provide you with additional privacy notices or disclosures where the scope of the inquiry, request, or personal information we require falls outside the scope of this Privacy Notice. In that case, the additional Privacy Notice or disclosures will set out how we may process the information you provide at that time. Please note that this Privacy Notice does not cover or apply to our processing of information about our employees or contractors or applicants for positions at Supabase.
Region-specific Disclosures
- California - Your California Privacy Rights: If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of personal information to third parties for their direct marketing purposes during the immediately preceding calendar year. Note we do not share your personal information with third parties for their own marketing purposes.
- Nevada: Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. Note we do not sell your personal information within the meaning of Chapter 603A. However, if you would still like to submit such a request, please contact us at [email protected].
- European Economic Area, United Kingdom or Switzerland: If you are located in the European Economic Area ("EEA"), United Kingdom or Switzerland, or otherwise engage with Supabase’s European operations, please see the Privacy Disclosures for the European Economic Area, United Kingdom and Switzerland for additional European-specific privacy disclosures, including the lawful bases we rely on to process your personal information, how we use cookies when you access our Sites from the EEA, UK or Switzerland and your rights in respect of your personal information.
Note for International Visitors: Personal information may be transferred to, stored and processed in a country other than the one in which it was collected. For example, the Sites are primarily hosted in and provided from the United States. Please note the country to which personal data is transferred may not provide the same level of protection for personal information as the country from which it was transferred.
Click on the links below to jump to each section:
- Information we collect and our use
- How we share personal information
- Control over your information
- How we use cookies and other tracking technology to collect information
- Data retention and security
- Links to third-party websites and services
- Children's privacy
- Changes to this privacy notice
- Contact us
Privacy disclosures for the European Economic Area, United Kingdom and Switzerland
1. Information we collect and our use
We collect personal information in connection with your visits to and use of the Service. This collection includes information that you provide in connection with the Service, information from third parties, and information that is collected automatically such as through the use of cookies and other technologies.
Information That You Provide
We collect personal information that you submit directly to us. The categories of information we collect can include:
- Registration information. We collect personal and/or business information that you provide when you register for an account on the Site. This information may include your name, email address, GitHub username. We use this information to administer your account, provide you with the relevant services and information, communicate with you regarding your account, the Site and for customer support purposes.
- Payment information. If you make a purchase or payment on the Site, such as for a subscription, we collect transactional information provided in connection with your purchase or payment. Please note that we use third party payment processors, including Stripe, to process payments made to us. As such, we do not retain any personally identifiable financial information such as credit card numbers. Rather, all such information is provided directly by you to our third-party processor. The payment processor’s use of your personal information is governed by their privacy notice. To view Stripe’s privacy notice, please visit: https://stripe.com/privacy.
- Communications. If you communicate with us through any paper or electronic form, we may collect your name, email address, mailing address, phone number, or any other personal information you choose to provide to us. We use this information to investigate and respond to your inquiries, and to communicate with you, to enhance the services we offer to our users and to manage and grow our organization. If you register for our newsletters or updates, we may communicate with you by email. To unsubscribe from promotional messages, please follow the instructions within our messages and review the Control Over Your Information section below. If you become a contributor, we may also collect your GitHub name and feature you on our website.
- Inquiries and Feedback. If you contact us, we will collect the information that you provide us, such as your contact information and the contents of your communication with us.
You are free to choose which personal information you want to provide to us or whether you want to provide us with personal information at all. However, some information, such as your name, address, payment transaction information, and information on your requested Services may be necessary for the performance of our contractual obligations.
After registration, you may create, upload or transmit files, documents, videos, images, data or information as part of your use of the Service (collectively, “User Content”). User Content and any information contained in the User Content, including personal information you may have included, is stored and collected as part of the Service. You have full control of the information included in the User Content.
Information from Third Party Sources
We may receive personal information about you from our business partners and service providers and combine this information with other data we collect from you. The third-parties may include website and service operators and payment processors and marketing partners. The information may include contact information, demographic information, information about your communications and related activities, and information about your orders. We may use this information to administer and facilitate our services, your orders and our marketing activities.
- Single Sign-On. We use single sign-on ("SSO") such as Github to allow a user to authenticate their account using one set of login information. We will have access to certain information from those third parties in accordance with the authorization procedures determined by those third parties, including, for example, your name, username, email address, language preference, and profile picture. We use this information to operate, maintain, and provide to you the features and functionality of the Service. We may also send you service-related emails or messages (e.g., account verification, purchase confirmation, customer support, changes or updates to features of the Site, technical and security notices).
- Social Media. When you interact with our Site through various social media, such as when you click on the social media icon on the Site, follow us on a social media site, or post a comment to one of our pages, we may receive information from the social network such as your profile information, profile picture, user name, user ID associated with your social media account, and any other information you permit the social network to share with third parties. The data we receive is dependent upon your privacy settings with the social network. We use this information to operate, maintain, and provide to you the features and functionality of the Service, as well as to communicate directly with you, such as to send you email messages about products and services that may be of interest to you.
- Information from Other Sources. We may obtain information from other sources, including through third-party information providers, our shareholders, customers, or through transactions such as mergers and acquisitions. We may combine this information with other information we collect from or about you. In these cases, our Privacy Notice governs the handling of the combined personal information. We use this information to operate, maintain, and provide to you the features and functionality of the Service, as well as to communicate directly with you, such as to send you email messages about products and services that may be of interest to you.
Other Uses of Personal Information
In addition to the uses described above, we may collect and use personal information for the following purposes:
- For our business activities, including to operate the Service and to provide you with the features and functionality of the Service;
- To communicate with you and respond to your requests, such as to respond to your questions, contact you about changes to the Service, and communicate about account related matters;
- For marketing and advertising purposes, such as to market to you or offer you with information and updates on our products or services we think that you may be interested in. While we may use your personal information in this manner, please note that we do not use User Content to send you ads, and we will never share User Content with any third parties for marketing or advertising purposes, unless you have explicitly submitted it to us for that purpose;
- For analytics and research purposes;
- To enforce our Terms of Service, to resolve disputes, to carry out our obligations and enforce our rights, and to protect our business interests and the interests and rights of third parties;
- To comply with contractual and legal obligations and requirements;
- To fulfill any other purpose for which you provide personal information; and
- For any other lawful purpose, or other purpose that you consent to.
2. How we share personal information
We may share your personal information in the instances described below. For further information on your choices regarding your information, see Control Over Your Information.
- We may share your personal information with third-party service providers or business partners who help us deliver or improve our Site or services, or who perform services on our behalf. These third parties are subject to reasonable confidentiality terms and provisions restricting their use of your personal information, and may include parties that process payments and coordinate billing, provide web hosting services, or provide analytics.
- Third parties as required by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our Terms of Service or other agreements or to protect the security or integrity of the Supabase services, including to prevent harm or financial loss, or in connection with preventing fraud or illegal activity; and/or (c) to exercise or protect the rights, property, or personal safety of Supabase, our Customers, visitors, or others.
- We may share with other companies and brands owned or controlled by Supabase, and other companies owned by or under common ownership as Supabase. These companies will use your personal information in the same way as we can under this Privacy Notice.
- We may transfer any information we collect in the event we sell or transfer all or a portion of our business or assets (including any shares in the company) or any portion or combination of our products, services, businesses and/or assets. Should such a transaction occur (whether a divestiture, merger, acquisition, bankruptcy, dissolution, reorganization, liquidation, or similar transaction or proceeding), we will use reasonable efforts to ensure that any transferred information is treated in a manner consistent with this Privacy Notice.
- We may disclose your information publicly or with another third party with your prior authorization.
- With others in an aggregated or otherwise anonymized form that does not reasonably identify you directly or indirectly as an individual.
3. Control over your information
Email Communications
From time to time, we may send you emails regarding updates to our Service, products or services, notices about our organization, or information about products/services we offer (or promotional offers from third parties) that we think may be of interest to you. If you wish to unsubscribe from such emails, simply click the “unsubscribe link” provided at the bottom of the email communication. Note that you cannot unsubscribe from certain services-related email communications (e.g., account verification, confirmations of transactions, technical or legal notices).
Modifying Account Information
If you have an online account with us, you have the ability to modify certain information in your account (e.g., your contact information) through the account options provided on the Site. If there is personal information in your User Content, you can use the features and functionality of the Service to edit or delete the personal information or User Content. Not all personal information is maintained in a format that you can access or change. If you would like to request access to, or correction or deletion of personal information, you may send your request to us at the email provided below. We will review your request and may require you to provide additional information to identify yourself, but we do not promise that we will be able to satisfy your request.
4. How We Use Cookies and Other Tracking Technology to Collect Information
We, and our third-party partners, automatically collect certain types of usage information when you visit our Site. We typically collect this information through a variety of tracking technologies, including cookies, web beacons, embedded scripts, location-identifying technologies, file information, and similar technology (collectively, “tracking technologies”).
We, and our third-party partners, use tracking technologies to automatically collect usage and device information, such as:
- Information about your device and its software, such as your IP address, browser type, Internet service provider, device type/model/manufacturer, operating system, date and time stamp, and a unique ID that allows us to uniquely identify your browser or your account (including, for example, a persistent device identifier), and other such information.
- When you access our sites from a mobile device, we may collect unique identification numbers associated with your device or our mobile application mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, and depending on your mobile device settings, we may be able to approximate a device’s location by analyzing other information, like an IP address.
- Information about the way you access and use our services, for example, the site from which you came and the site to which you are going when you leave our services, the pages you visit, the links you click, whether you open emails or click the links contained in emails, whether you access the services from multiple devices, and other actions you take on the Site.
- We use the data collected through tracking technologies to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the site; (b) provide custom content and information; (c) identify you across multiple devices; (d) provide and monitor the effectiveness of our services; (e) monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our Site; (f) diagnose or fix technology problems; and (g) to provide, plan for, and enhance our services.
Note we do not engage in online targeted advertising.
Cookies and Other Tracking Technologies Opt-Out. Depending on your browser or mobile device, you may be able to set your browser to delete or notify you of cookies and other tracking technology by actively managing the settings on your browser or mobile device.
If you would prefer not to accept cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Please note that doing so may negatively impact your experience using the sites, as some features and services on our sites may not work properly. Depending on your mobile device and operating system, you may not be able to delete or block all cookies. You may also set your e-mail options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our e-mail and performed certain functions with it.
5. Data Retention and Security
We will retain your personal information for the length of time needed to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is required or permitted by law. We store data on servers in the U.S. or any other country in which Supabase or its affiliates, subsidiaries, agents or contractors maintain facilities. If you are located in a country where laws governing data collection and use differ from U.S. law, please note that your personal information may be transferred to a country and jurisdiction that does not have the same data protection laws as your jurisdiction. When you register for use with Supabase you have the option of where you store your information and we will not transfer it without providing information to you in advance.
Supabase cares about the security of your information and uses commercially reasonable physical, technical and organizational measures designed to preserve the integrity and security of all information we collect. However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
6. Links to Third-Party Websites and Services
For your convenience, our Site may provide links to third-party websites or services that we do not own or operate. We are not responsible for the practices employed by any websites or services linked to or from the services, including the information or content contained within them. Your browsing and interaction on any other website or service are subject to the applicable third party’s rules and policies, not ours. If you are using a third-party website or service, you do so at your own risk. We encourage you to review the privacy policies of any site or service before providing any personal information.
7. Children’s Privacy
Our services are not intended for children under the age of 13. We do not knowingly solicit or collect personal information from children under the age of 13. If we learn that any personal information has been collected inadvertently from a child under 13, we will delete the information as soon as possible. If you believe that we might have collected information from a child under 13, please contact us at [email protected].
8. Changes to Privacy Notice
We reserve the right to change this Privacy Notice from time to time in our sole discretion. We will notify you about material changes in the way we treat personal information by sending a notice to the primary email address specified in your Supabase account and/or by placing a prominent notice on our Site. It is your responsibility to review this Privacy Notice periodically. When we do change the Privacy Notice, we will also revise the “last modified” date.
9. Contact Us
For additional inquiries about this Privacy Notice, please send us an email at [email protected].
Privacy disclosures for the European economic area, United Kingdom, and Switzerland.
The following disclosures (“Privacy Disclosures”) apply to you if you access or use the Site or the Services from the European Economic Area, United Kingdom or Switzerland.
Supabase, Inc is the data controller of your personal information when we use it as described in these Privacy Disclosures, meaning that we determine and are responsible for how your personal information is processed.
1. Personal Information You Provide To Us
We collect the following categories of personal information that you submit directly to us when you use the Service:
(a) Contact information, such as first name, last name and email address
How we may use the Personal Information | Legal Bases for Processing | Recipients of Personal Information |
---|---|---|
When you create an account and access the Service as an individual, we use this information to set up and authenticate your account on the Service. | The processing is necessary for the performance of a contract with you and to take steps prior to entering into a contract with you, namely our Terms of Service. | We may share this information with the following service providers through the provision of the Service: Stripe, Orb, Hubspot, Amazon Web Services, Google Cloud, Postmark,Twilio, Fly.io, and PandaDoc. |
We use this information to communicate with you, including sending service-related communications. | The processing is necessary for the performance of a contract with you, namely our Terms of Service. | |
We use this information to deal with enquiries and complaints made by or about you relating to the Service. | The processing is necessary for our legitimate interests, namely administering the Service, and for communicating with you effectively to respond to your queries or complaints. | |
We use this information to send you marketing communications in accordance with your preferences. | We will only use your personal information in this way to the extent you have given us consent to do so. |
(b) Your registration / account information. When you create an account and access the Service as an individual, If you use an email and password to sign up to the service we will collect your email address, and password. If you use Github we use single sign-on ("SSO") such as Github to allow a user to authenticate their account using one set of login information. The data we receive is dependent on your privacy settings with the social network.
How we may use the Personal Information | Legal Bases for Processing | Recipients of Personal Information |
---|---|---|
We use this information to create your account on the Service. | The processing is necessary for the performance of a contract with you. | We may share this information with the following service providers through the provision of the Service: Github, Amazon Web Services. |
(c) Payment transaction and billing information. When you make a purchase through your own individual account on the Service, we collect information such as your billing address and Tax ID and other information such as date and time of your transaction and products / services purchased.
How we may use the Personal Information | Legal Bases for Processing | Recipients of Personal Information |
---|---|---|
We use this information to process your orders through the Service and collect payment. | The processing is necessary for the performance of a contract. | We may share this information with the following service providers through the provision of the Service: Stripe, Orb, Tableau, PandaDoc, Hubspot, and Amazon Web Services. |
We use this information to verify your identity in connection with the detection and prevention of fraud or financial crime. | The processing is necessary for our and third partiers' legitimate interests, namely the detection and prevention of fraud and financial crime. |
(d) Chat, comments and opinions. When you contact us directly, e.g. by email or phone or through our feedback form we will record your comments and opinions.
How we may use the Personal Information | Legal Bases for Processing | Recipients of Personal Information |
---|---|---|
When you contact us about your own individual account, or contact us as a prospective customer, we use this information to address your questions, issues and concerns. | The processing is necessary for our legitimate interests, namely communicating with you and responding to queries, complaints and concerns. | We may share this information with the following service providers through the provision of the Service: Hubspot, Tableau, Google Gsuite, Notion, Amazon Web Services, and Slack. |
We use this information to improve the Service. | The processing is necessary for our legitimate interests (to develop and improve our service). |
(e) Information you submit through our Supabase AI tool. When you submit a query through our Supabase AI tool, we will collect the content of your query and information about the databases and other content you manage through the Service. We will only collect information about the structure of your databases and metadata, such as column and row headings or other information about how that content is organized. We will not access the content of the databases itself or the information you manage through the Service.
How we may use the Personal Information | Legal Bases for Processing | Recipients of Personal Information |
---|---|---|
When you use the Supabase AI to submit queries through your own individual account, we will use this information to generate automated responses to your query. | The processing is necessary for the performance of a contract with you, namely our Terms of Service. | We may share this information with the following service providers through the provision of the Service: OpenAI, LLC and its affiliates, Fly.io, and AWS. |
We this information to assess the performance of the chatbot tool and improve the Service. | The processing is necessary for our legitimate interests (to develop and improve our service). |
(f) Information received from third parties, such as social networks. If you interact with us through a social network, we may receive information from the social network such as your name, profile information, and any other information you permit the social network to share with third parties. We use single sign-on ("SSO") such as Github to allow a user to authenticate their account using one set of login information. The data we receive is dependent on your privacy settings with the social network.
How we may use the Personal Information | Legal Bases for Processing | Recipients of Personal Information |
---|---|---|
We use this information to reshare content created through the use of the Service. | The processing is necessary for our legitimate interests (to develop our service and inform our marketing strategy). | We may share this information with the following service providers through the provision of the Service: Commonroom, Github, and Slack. |
We use this information to authenticate you and allow you to access the Service. | The processing is necessary for the performance of a contract with you. |
2. Information we collect about your Use of the Site and Service.
We also automatically collect the following personal information about how you access and use the Service, and information about the device you use to access the Service:
(a) Approximate Location information. When you visit our Service, we may collect information about your location. This information may be derived from WiFi positioning or your IP address.
How we may use the Personal Information | Legal Bases for Processing | Recipients of Personal Information |
---|---|---|
We use information to present the Service to you on your device, including localizing features of the Service. | The processing is necessary for performance of a contract with you, namely our Terms of Service. If you access the Service as an authorized user of another customer, the processing is necessary for our and the customer's legitimate interests, namely presenting the Service to you on your device. | We may share this information with the following service providers through the provision of the Service: Sentry, Tableau, Posthog, Plausible, BigQuery (Google Cloud), Fly.io, Vercel, Cloudflare, Configcat, and Amazon Web Services. |
We use this information to determine content that may be of interest to you. | We will only use your personal information in this way to the extent you give us your consent to do so. |
(b) Information about how you access and use the Service. For example, how frequently you access the Service, the time you access the Service and how long you use it for, the approximate location that you access the Service from, the site from which you came and the site to which you are going when you leave our website, the website pages you visit, the links you click, whether you access the Service from multiple devices, and other actions you take on the Service.
How we may use the Personal Information | Legal Bases for Processing | Recipients of Personal Information |
---|---|---|
We use information about how you use and connect to the Service to present the Service to you on your device. | The processing is necessary for performance of a contract with you, namely our Terms of Service. If you access the Service as an authorized user of another customer, the processing is necessary for our and the customer's legitimate interests, namely presenting the Service to you on your device. | We may share this information with the following service providers through the provision of the Service: Posthog, Plausible, Fly.io, Sentry, Hubspot, BigQuery (Google Cloud), Vercel, and Amazon Web Services. |
We use this information to monitor and improve the Service and business, resolve issues and to inform the development of new products and services. | We will only use your personal information in this way to the extent you give us your consent to do so. |
(c) Log files and information about your device. We also collect information about the tablet, smartphone or other electronic device you use to connect to the Service. This information can include details about the operating systems, browsers and applications connected to the Service through the device and your IP address.
How we may use the Personal Information | Legal Bases for Processing | Recipients of Personal Information |
---|---|---|
We use information about how you use and connect to the Service to present the Service to you on your device. | The processing is necessary for performance of a contract with you, namely our Terms of Service. If you access the Service as an authorized user of another customer, the processing is necessary for our and the customer's legitimate interests, namely presenting the Service to you on your device. | We may share this information with the following service providers through the provision of the Service: Posthog, Plausible, Hubspot, Fly.io, Vercel, Sentry, Google Cloud, and Amazon Web Services. |
We use this information to identify and detect multiple attempts to access the Service to detect fraudulent use of the Service, attempts to breach the security of the Service and to ensure that the Service does not get overloaded. | The processing is necessary for our legitimate interests, namely maintaining the security and integrity of the Service. | |
We use this information to monitor and improve the Service and business, resolve issues and to inform the development of new products and services. | We will only use your personal information in this way to the extent you give us your consent to do so. |
We may link or combine the personal information we collect about you and the information we collect automatically.
We may anonymize and aggregate any of the personal information we collect (so that it does not directly identify you). We may use anonymized information for purposes that include testing our IT systems, research, data analysis, improving the Service. We may also share such anonymized and aggregated information with others.
3. How long will we store your personal information
We will usually store the personal information we collect about you for no longer than necessary for the purposes set out above, in accordance with our legal obligations and legitimate business interests.
The criteria used to determine the period for which personal information about you will be retained varies depending on the legal basis under which we process the personal information:
(a) Legitimate Interests. Where we are processing personal information based on our legitimate interests, we generally will retain such information for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of data subjects.
(b) Consent. Where we are processing personal information based on your consent, we generally will retain the information until you withdraw your consent, or otherwise for the period of time necessary to fulfill the underlying agreement with you or provide you with the applicable service for which we process that personal information.
(c) Contract. Where we are processing personal information based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.
(d) Legal Obligation. Where we are processing personal information based on a legal obligation, we generally will retain the information for the period of time necessary to fulfill the legal obligation.
(e) Legal Claim. We may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.
(f) Contact information – if you have an account with us, we retain this for as long as you have an account on our services, and for 60 days after you close your account.
In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the personal information, as well as the potential risk of harm from unauthorized use or disclosure of your personal information.
4. Recipients of Personal Information
In addition to the recipients listed above, we may also share your personal information with the following:
Recipients | Why we share your personal information with these recipients | How these recipients will use your personal information |
---|---|---|
Service providers | We will share your personal information with third party vendors and other service providers that perform services for us or on our behalf, which may include mailing, email or chat services, payment and billing services, fraud prevention, web hosting, or providing analytic services. | These recipients will use your personal information as processors on our instructions. |
Advisors | We may share your personal information with companies that provide professional and advisory services to us, such as legal and accounting services. | These recipients will use your personal information to provide professional services to us. The lawful basis we rely on for sharing personal information with these recipients is that the sharing is necessary for our legitimate interests, namely receiving professional advice. |
Affiliates | We will share personal information with other companies owned by or under common ownership as Supabase, including our subsidiaries (i.e., any organization we own or control) and our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns. | These companies will use your personal information in the same way as we can under these Privacy Disclosures. The lawful basis we rely on for sharing your personal information is that it is necessary for our legitimate interests, namely providing global support and management of the Service. |
Purchasers and third parties in connection with a business transaction. | Your personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business. For instance, if we sell the Service to a third party, we will share the personal information we have collected through the Service with that buyer. | These recipients will use your personal information to complete a transaction to buy all or the part of our business that includes the Service. The lawful basis for sharing personal information with these recipients is that it is necessary for our and the recipient's legitimate interests, namely completing a transaction to buy all or part of our business. |
Law enforcement, regulators and other parties for legal reasons. | we may share your personal information with third parties as required by law or if we reasonably believe that such action is necessary to (i) comply with the law and the reasonable requests of law enforcement; (ii) detect and investigate illegal activities and breaches of agreements, including our Terms; and/or (iii) exercise or protect the rights, property, or personal safety of Supabase, its users or others. | These recipients will use your personal information in the performance of their regulatory or law enforcement role. The lawful basis we rely on for sharing personal information with these recipients is that the processing is either necessary to comply with a legal obligation to which we are subject, or is necessary for our legitimate interests, namely enforcing our rights or complying with requests from regulatory authorities. |
5. Marketing and Advertising
From time to time we may contact you with information about our services, including sending you marketing messages and asking for your feedback on our services. Most marketing messages we send will be by email. For some marketing messages, we may use personal information we collect about you to help us determine the most relevant marketing information to share with you.
We will only send you marketing messages if you have given us your consent to do so. You can withdraw your consent at a later date by clicking on the unsubscribe link at the bottom of our marketing emails or by updating your preferences via your account on the Service.
6. Storing and Transferring your Personal Information
Security. We implement appropriate technical and organizational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. All personal information we collect will be stored by our cloud hosting provider on secure servers. We will never requesting credit or debit card information or national identification numbers from you through unsolicited emails or phone calls.
International Transfers of your Personal Information. The personal information we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third party service providers have operations, including the United States and Singapore.
These international transfers of your personal information will be made pursuant to appropriate safeguards in accordance with applicable law:
Where we may transfer your personal information | Safeguards that apply to that transfer |
---|---|
United States | The transfer is subject to standard contractual clauses approved by the European Commission or the UK Information Commissioner for the transfer of personal information. |
Singapore | The transfer is subject to standard contractual clauses approved by the European Commission or the UK Information Commissioner for the transfer of personal information. |
If you wish to enquire further about these safeguards used, please contact us using the details set out at the end of these Privacy Disclosures.
7. Your rights in respect of your personal information
In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:
- Right of access. You have the right to obtain:
- confirmation of whether, and where, we are processing your personal information;
- information about the categories of personal information we are processing, the purposes for which we process your personal information and information as to how we determine applicable retention periods;
- information about the categories of recipients with whom we may share your personal information; and
- a copy of the personal information we hold about you.
- Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal information to another person.
- Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
- Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.
- Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
- Right to withdraw consent. There are certain circumstances where we require your consent to process your personal information. In these instances, and if you have provided consent, you have the right to withdraw your consent. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information before your withdrawal.
You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
You also have the right to lodge a complaint to your local data protection authority. If you are based in the European Union, information about how to contact your local data protection authority is available here. If you are based in the UK or Switzerland, your local data protection authorities are the UK Information Commissioner's Office (https://ico.org.uk/global/contact-us/) and the Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact/address.html).
If you wish to exercise one of these rights, please contact us using the contact details at the end of these Privacy Disclosures.
Due to the confidential nature of data processing we may ask you to verify your identity when exercising the above rights.
8. Cookies and similar technologies used on our European Services
Cookies
We use the following types of cookies:
Cookie | Type of cookie | When is the cookie dropped? | How long does the cookie stay on my device? | Purpose of the cookie | Links to respective privacy notices |
---|---|---|---|---|---|
Stripe | Strictly necessary | When you access the payment interface on our Service. | 30 minutes | Detecting and preventing fraudulent payments and transactions. | Stripe Cookie Settings |
Stripe | Strictly necessary | When you access the payment interface on our Service. | 1 year | Detecting and preventing fraudulent payments and transactions. | Stripe Cookie Settings |
Stripe | Strictly necessary | When you access the payment interface on our Service. | 2 years | Detecting and preventing fraudulent payments and transactions. | Stripe Cookie Settings |
Cloudflare | Strictly necessary | When you first access the Site. | 30 minutes | Identify and block bots from accessing the Service. | Cloudflare Cookies |
Cloudflare | Strictly necessary | When you first access the Site. | End of Session | Manage traffic to our Service to ensure that it does not get overloaded. | Cloudflare Cookies |
Youtube | Strictly necessary | When you view a Youtube embedded video on our Site. | End of Session | To display embedded videos to you on our Site. | Google Cookie Policy |
hCaptcha | Strictly necessary | When you respond to a CAPTCHA to prove you are not a robot. | End of Session | To record your responses to the CAPTCHA and grant you access to certain areas of the Service. | hCaptcha Privacy Policy |
Posthog | Analytics | When you access the Service. | 1 year | To monitor and analyze how you use the Service. | Posthog Privacy Policy |
Cookies are pieces of code that we transfer to your computer's hard disk for record-keeping purposes. The cookies listed as strictly necessary are required for the operation of the Service, such as cookies that enable you to log in to secure areas of the Service.
We use Analytics cookies to collect information to assess how our Service is used. We will only do so, however, only if you give us your consent to do so.
Most browsers also allow you to change your cookie settings to block certain cookies. Depending on your mobile device and operating system, you may not be able to delete or block all cookies. Please note that if you choose to refuse all cookies you may not be able to use the full functionality of our Service. These settings will typically be found in the "options" or "preferences" menu of your browser. In order to understand these settings, the following links may be helpful, otherwise you should use the "Help" option in your browser for more details.
- Cookie settings in Internet Explorer
- Cookie settings in Firefox
- Cookie settings in Chrome
- Cookies settings in Safari web and iOS.
If you would like to find out more about cookies and other similar technologies, please visit allaboutcookies.org.
Please note that deleting or blocking cookies may not be effective for all types of tracking technologies, such as Local Storage Objects (LSOs) like HTML5.