Privacy Policy - Supanator

1. Introduction

This Privacy Policy describes how Supanator ("we," "our," or "the app") collects, uses, and protects your information when you use our iOS application. By using Supanator, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

Supabase Authentication: You can authenticate using either:
- OAuth 2.0: Securely log in with your Supabase account credentials. We use OAuth tokens to access your Supabase projects on your behalf
- Personal Access Tokens: Manually provide experimental API tokens or personal access tokens from your Supabase account
Project Access Keys: When you authenticate, we retrieve your project's service role keys and anon keys from the Supabase Management API
Token Names: Optional names you assign to saved authentication methods for your convenience

2.2 Automatically Collected Information

Usage Data: Basic app usage statistics (features used, crash reports)
Device Information: iOS version, device model, app version

2.3 AI Assistant Data Collection

Chat Conversations: When you use the Supanator AI chat assistant, your questions and conversation history are sent to our secure proxy server
Project Schema Information: Database table names, column names, function names, and storage bucket information from your connected Supabase project
Support ID: A unique anonymous identifier generated on your device for rate limiting and support purposes, synced across your devices via iCloud Keychain

2.4 Information We Do NOT Collect

Personal identification information (name, email, phone number)
Location data
Contact information
Payment information (handled by Apple App Store)
Actual database content (row data, file contents, secrets)

3. How We Use Your Information

We use the collected information solely to:

Authentication: Facilitate OAuth 2.0 login and manage authentication sessions with Supabase
API Key Retrieval: Use your OAuth tokens or personal access tokens to retrieve your project's API keys from Supabase Management API
Project Access: Connect to and manage your Supabase projects using your retrieved API keys
Token Management: Automatically refresh OAuth access tokens before expiration to maintain seamless access
App Functionality: Enable database management, storage operations, edge functions, and other Supabase features
AI Assistance: Provide AI-powered help through the chat feature (optional)
Preferences: Save your authentication methods and preferences locally on your device
Performance: Improve app performance and fix bugs
Rate Limiting: Enforce usage limits on AI features during beta (10 requests per hour)

4. Data Storage and Security

4.1 Local Storage

OAuth Tokens: OAuth access tokens, refresh tokens, and expiration times are stored securely in iOS Keychain on your device
API Keys: Service role keys and anon keys retrieved from your Supabase projects are stored locally in iOS Keychain
No Server Storage: We do NOT store your OAuth tokens, API keys, or credentials on any external servers
Encryption: All sensitive data is encrypted using iOS native Keychain security features

4.2 Fresh Install Detection

Uninstalling the app will clear all stored credentials upon reinstallation. This ensures your sensitive data doesn't persist after app removal.

4.3 AI Chat Data

Chat conversations are NOT stored permanently on our servers
Conversations are processed in real-time and forwarded to OpenAI
Your Support ID is hashed for privacy before being used for rate limiting

5. Third-Party Services

We use trusted third-party services like Supabase (for backend operations), OpenAI (for AI chat), and Apple (for app distribution and payments). Your data shared with these services is governed by their respective privacy policies.

6. Your Rights

You have the right to log out, revoke access, view stored data, delete credentials, clear chat history, decline AI features, uninstall the app, or manage your subscription at any time.

7. Contact Information

For questions about this Privacy Policy or the app, please contact us at [email protected].