SupaPanel com.supapanel.app

Privacy Policy

Last updated: March 27, 2026

SupaPanel – com.supapanel.app

This Privacy Policy describes how SupaPanel ("we", "us", or "our") handles information when you use the SupaPanel mobile application (the "App"). We are committed to protecting your privacy and being transparent about our practices.

1. Who We Are

SupaPanel is a mobile dashboard application for managing Supabase projects. The App is developed and operated as an independent product. For privacy-related enquiries, contact us at: ClarixDev@outlook.com

2. Information We Collect

We collect the minimum information necessary to operate the App:

• Anonymous Device Identifier: A randomly generated UUID (universally unique identifier) is created on first launch and stored securely on your device. This identifier is used solely to associate your device with an active Pro subscription. It contains no personal information and cannot be used to identify you.
• Subscription Status: When you purchase a Pro subscription, our backend server stores your anonymous device UUID, subscription plan, expiry date, and platform (Android/iOS) in a secure database. This information is used exclusively to unlock Pro features in the App.
• In-App Purchase Receipt: When you make a purchase, the purchase receipt is sent to our backend server to verify the transaction with Google Play or Apple App Store. The receipt is used only for verification and is not stored after processing.

3. Information We Do NOT Collect

• We do not collect your name, email address, phone number, or any contact information.
• We do not collect your Supabase Personal Access Token (PAT). Your PAT is stored exclusively in your device's secure encrypted storage (Android Keystore / iOS Secure Enclave) and is never transmitted to our servers.
• We do not access your location, camera, microphone, or contacts.
• We do not use advertising identifiers or track you across other apps or websites.
• We do not build user profiles or sell data to third parties.

4. How We Use Your Information

The limited information we collect is used exclusively to:

• Verify in-app purchases and grant Pro subscription access.
• Maintain your subscription status across app sessions and reinstalls.
• Process subscription renewals, cancellations, and refunds.

5. Data Storage and Security

• Your PAT and device UUID are stored on your device using expo-secure-store with WHEN_UNLOCKED_THIS_DEVICE_ONLY access policy, backed by AES-256 encryption provided by the Android Keystore system.
• Subscription data on our server is stored in a Supabase database with row-level security policies that prevent unauthorised reads or writes. Only our backend server (using a service role key) can write subscription records.
• All network communication between the App and our backend server uses HTTPS (TLS 1.2+).

6. Third-Party Services

The App integrates with the following third-party services:

• Google Play Billing – processes in-app purchases on Android. Subject to Google's Privacy Policy.
• Supabase – our backend database provider for subscription records. Subject to Supabase's Privacy Policy.
• Supabase Management API – the App communicates directly with the Supabase Management API using your PAT to display your project data. This communication is between your device and Supabase only; we do not proxy or log it.
• Railway – our backend server is hosted on Railway. Subject to Railway's Privacy Policy.

7. Data Retention

Subscription records are retained for as long as necessary to fulfil the purposes described in this policy, or as required for legal and accounting obligations (typically up to 7 years for financial records). If you wish to have your subscription record deleted, contact us at ClarixDev@outlook.com.

Data stored locally on your device (PAT, device UUID, project cache) can be removed at any time by uninstalling the App or through the App's Settings → Sign Out option.

8. Your Rights (GDPR – EEA / UK Residents)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of Access: Request a copy of the data we hold about you.
• Right to Rectification: Request correction of inaccurate data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data.
• Right to Restriction: Request that we restrict processing of your data.
• Right to Data Portability: Receive your data in a machine-readable format.
• Right to Object: Object to our processing of your data.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

Our legal basis for processing the anonymous device UUID and subscription data is contract performance (Article 6(1)(b) GDPR) — the data is necessary to provide the Pro subscription service you purchased.

To exercise any of these rights, contact us at ClarixDev@outlook.com.

9. Your Rights (CCPA – California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected.
• Right to Delete: Request deletion of personal information we have collected.
• Right to Opt-Out of Sale: We do not sell personal information. No opt-out is required.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, contact us at ClarixDev@outlook.com.

10. Children's Privacy

SupaPanel is intended for use by software developers and is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

11. International Data Transfers

Our backend server is hosted in the United States (via Railway). If you are accessing the App from the EEA, UK, or other regions with data protection laws, your subscription data may be transferred to and processed in the United States. We rely on standard contractual clauses and the security measures described in Section 5 to protect such transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will provide notice within the App. Your continued use of the App after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: ClarixDev@outlook.com