Production Agreement

Effective Date: November 18, 2025

1. Introduction

This Production Database Access Agreement ("Agreement") describes the risks and responsibilities associated with using Supanator to manage your Supabase projects. By using Supanator, you acknowledge that you are performing administrative operations on live production databases and accept full responsibility for your actions.

2. Administrative Access Level

2.1 Service Role Keys

Supanator uses service role keys which provide full administrative access to your Supabase project. These keys:

  • Bypass all Row Level Security (RLS) policies
  • Allow unrestricted read, write, and delete operations on all data
  • Enable schema modifications (tables, columns, indexes, policies)
  • Permit execution of arbitrary SQL queries
  • Provide access equivalent to direct database administrator access

2.2 Management API Access

When using OAuth authentication, Supanator also accesses the Supabase Management API, which allows:

  • Viewing and modifying project settings
  • Managing Edge Functions
  • Configuring authentication providers
  • Accessing storage buckets and files
  • Viewing and managing database backups

2.3 Why Service Role Key is Required

Supanator requires your service role key because certain Supabase APIs cannot be accessed any other way:

Database Operations use the Supabase REST API (/rest/v1/):

  • Reading, inserting, updating, and deleting rows
  • Querying table metadata and structure
  • The anon key would only show data permitted by RLS policies, making administration impossible

Storage Operations use the Storage API (/storage/v1/):

  • Managing buckets and files
  • Uploading, downloading, and deleting files
  • The anon key would be restricted by storage policies

User Administration uses the Auth Admin API (/auth/v1/admin/):

  • Creating, updating, and deleting user accounts
  • Managing MFA, banning users, sending password resets
  • These endpoints explicitly require service role authentication and reject anon keys

Your keys never leave your device or pass through our servers. They are stored securely in your device's Keychain and sent directly to Supabase's APIs over HTTPS.

3. Real Operations on Real Data

WARNING: All operations performed in Supanator execute directly against your live Supabase project. There is no sandbox, staging, or simulation mode within the app.

3.1 Immediate Effect

  • Database queries execute immediately upon confirmation
  • Schema changes take effect instantly
  • File uploads and deletions are permanent
  • User account modifications are applied in real-time

3.2 Irreversible Actions

Many operations cannot be undone, including but not limited to:

  • Deleted rows, tables, and schemas
  • Dropped columns and indexes
  • Removed files from storage
  • Deleted user accounts and sessions
  • Truncated tables
  • Executed UPDATE and DELETE statements

4. Your Responsibilities

4.1 Verification

You are responsible for:

  • Confirming you are connected to the intended project before any operation
  • Verifying the correctness of SQL queries before execution
  • Reviewing data selections before bulk operations
  • Checking file paths before uploads or deletions

4.2 Backup and Recovery

You are responsible for:

  • Maintaining your own backup strategy
  • Enabling Point-in-Time Recovery (PITR) in Supabase if needed
  • Testing backup restoration procedures
  • Understanding that Supanator does not create automatic backups

4.3 Security

You are responsible for:

  • Securing your device with Face ID, Touch ID, or a strong passcode
  • Not sharing your device while authenticated in Supanator
  • Logging out when the app is not in use
  • Revoking access if your device is lost or compromised

4.4 Authorization

You confirm that you:

  • Are authorized to perform administrative operations on the connected project
  • Have permission from the project owner (if applicable)
  • Understand your organization's policies regarding database access

4.5 Enterprise and Workplace Use

IMPORTANT: If you are using Supanator to access databases owned by your employer, client, or any organization:

  • You must obtain explicit permission from your organization before using Supanator
  • Your organization's IT security policies may prohibit the use of third-party database management tools
  • You are responsible for ensuring compliance with your organization's data handling policies
  • Some organizations require security reviews before approving third-party tools
  • Using Supanator without proper authorization may violate your employment agreement or organizational policies

If your organization requires additional information, security documentation, or has questions about Supanator's security practices, please contact: [email protected]

5. What Supanator Does NOT Provide

5.1 Safety Features Not Included

  • Automatic backups before destructive operations
  • Transaction rollback for failed queries
  • Recovery of accidentally deleted data
  • Validation that SQL queries are safe or correct
  • Protection against unintended data modifications
  • Confirmation of query scope before execution

5.2 No Guarantees

  • We do not guarantee data integrity after operations
  • We do not verify the correctness of your SQL syntax
  • We do not prevent execution of harmful queries
  • We do not monitor for accidental bulk deletions

6. AI-Generated Content

6.1 AI Assistance Limitations

When using Supanator AI or SQL generation features:

  • AI-generated SQL may contain errors or produce unintended results
  • AI does not understand your specific business logic or data relationships
  • Generated queries are suggestions, not verified solutions
  • AI may misinterpret your natural language requests

6.2 Your Obligation

Before executing any AI-generated SQL:

  • Review the query carefully
  • Understand what the query will do
  • Test on non-production data when possible
  • Verify the query targets the intended tables and rows
  • Consider running SELECT before UPDATE or DELETE

6.3 Liability

You accept full responsibility for any consequences of executing AI-generated queries, including data loss, corruption, or unintended modifications.

7. Recommended Precautions

Before using Supanator on production databases, we strongly recommend:

  • Ensure you have recent, tested backups
  • Enable Point-in-Time Recovery in your Supabase project
  • Use a staging or development project to learn the app
  • Double-check the project name before performing operations
  • Start with read-only operations (SELECT) before modifications
  • Use WHERE clauses carefully in UPDATE and DELETE statements
  • Review row counts before bulk operations
  • Keep your device secured at all times

8. Limitation of Liability

8.1 No Warranty

SUPANATOR IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. WE DO NOT WARRANT THAT THE APP WILL PREVENT DATA LOSS OR THAT OPERATIONS WILL EXECUTE AS INTENDED.

8.2 Limitation

IN NO EVENT SHALL THE DEVELOPER BE LIABLE FOR ANY DATA LOSS, CORRUPTION, BUSINESS INTERRUPTION, OR DAMAGES ARISING FROM YOUR USE OF SUPANATOR, INCLUDING BUT NOT LIMITED TO:

  • Accidental deletion of data
  • Unintended schema modifications
  • Execution of incorrect SQL queries
  • AI-generated query results
  • Unauthorized access due to device compromise

8.3 Maximum Liability

OUR MAXIMUM LIABILITY SHALL NOT EXCEED THE AMOUNT YOU PAID FOR THE APP IN THE TWELVE MONTHS PRECEDING THE CLAIM.

9. Indemnification

You agree to indemnify and hold harmless the developer of Supanator from any claims, damages, or expenses arising from:

  • Your use of administrative features
  • Data loss or corruption resulting from your actions
  • Unauthorized access to your Supabase projects
  • Violation of your organization's policies
  • Any third-party claims related to your database operations

10. Acknowledgment

By using Supanator, you explicitly acknowledge that you:

  1. Understand this is a production database administration tool
  2. Accept that all operations are performed on live data
  3. Take full responsibility for all actions and their consequences
  4. Will not hold the developer liable for data loss or damages
  5. Have read and understood the Privacy Policy
  6. Are authorized to perform administrative operations on connected projects
  7. Will review AI-generated SQL before execution
  8. Maintain your own backup and recovery procedures

11. Agreement to Terms

Continued use of Supanator constitutes acceptance of this Agreement. If you do not agree to these terms, you must stop using the app immediately and revoke Supanator's access to your Supabase account.

12. Changes to This Agreement

We may update this Agreement from time to time. We will notify you of changes by updating the "Effective Date" at the top. Continued use after changes constitutes acceptance of the updated Agreement.

13. Contact Information

For questions about this Agreement, please contact:

This Agreement supplements the Privacy Policy and Terms of Service.
It specifically governs your use of Supanator for production database administration.

Supanator is an independent tool not affiliated with Supabase Inc.
© 2026 Supanator.