Log inGet Started

Privacy Policy

Last updated: February 21, 2026

1. Information We Collect

1.1 Account Information

When you create a Supasync account, we collect your name, email address, and authentication credentials. For paid subscriptions, we collect billing information through our payment processor Stripe.

1.2 Platform Connection Data

When you connect third-party platforms (Framer, Webflow, Airtable, or other CMS platforms) to Supasync, we collect and store OAuth tokens, API keys, and connection metadata necessary to facilitate data synchronization. We only access data you explicitly authorize through platform-specific permission scopes.

1.3 Synchronized Data

We process and temporarily cache data synchronized between your connected platforms and Supabase. This includes content, metadata, field mappings, and schema information. We act as a data processor and do not claim ownership of your synced data.

1.4 Usage Information

We automatically collect information about your use of our services, including sync operations, API requests, error logs, and performance metrics. This helps us improve service reliability and troubleshoot issues.

2. How We Process Your Data

2.1 Data Synchronization

Supasync acts as an intermediary to synchronize data between your connected platforms and Supabase. We process data in real-time or on scheduled intervals based on your configuration. Data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

2.2 Data Storage

We store connection credentials securely using industry-standard encryption. Synchronized data may be temporarily cached for up to 24 hours to optimize performance and enable conflict resolution. Your Supabase database remains the primary source of truth.

2.3 Data Retention

We retain your account information and connection settings for as long as your account is active. Sync logs and operational data are retained for 90 days. Upon account deletion, we permanently delete all associated data within 30 days, except where required by law.

2.4 Data Deletion and Loss Prevention

Important: Supasync provides configurable deletion behavior to protect against accidental data loss. By default, when you delete content in connected platforms (Notion, Webflow, Airtable), the corresponding data in your Supabase database is NOT automatically deleted. This "delete protection" mode prevents permanent data loss from accidental deletions.

You can configure three deletion modes for each sync connection:

  • Ignore Mode (Default): Platform deletions do not affect Supabase data. Your data remains safe and can be restored to the platform if needed.
  • Archive Mode: Platform deletions mark records as deleted in Supabase (soft delete) but preserve the data. Records are flagged with deletion timestamps for audit purposes.
  • Sync Deletes Mode: Platform deletions permanently delete data from Supabase. This mode should only be used when you fully understand the risks and have appropriate backup systems in place.

We strongly recommend using Ignore or Archive mode to prevent irreversible data loss. You are solely responsible for maintaining independent backups of your data regardless of the deletion mode you choose.

3. Third-Party Platform Integrations

3.1 Platform Authorization

When you connect platforms like Framer, Webflow, or Airtable, you grant Supasync permission to access specific data through OAuth 2.0 or API key authentication. We only request the minimum permissions necessary for synchronization functionality.

3.2 Platform Data Access

We access your platform data solely to perform synchronization operations you configure. We do not sell, rent, or share your platform data with third parties for marketing purposes. Each platform integration is governed by that platform's terms of service and privacy policy.

3.3 Webhook Processing

We receive webhook notifications from connected platforms to enable real-time synchronization. Webhook data is processed immediately and not stored beyond operational requirements.

4. Data Security Measures

We implement comprehensive security measures including: encryption at rest and in transit, regular security audits, access controls and authentication, automated backup systems, intrusion detection and monitoring, and secure credential storage using industry-standard key management.

Despite our security measures, no system is completely secure. You are responsible for maintaining the security of your account credentials and connected platform access tokens.

5. Information Sharing and Disclosure

5.1 Service Providers

We share information with trusted service providers who assist in operating our platform: Stripe for payment processing, cloud infrastructure providers for hosting, and monitoring services for performance tracking. All service providers are contractually obligated to protect your data.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice on our website of any change in ownership or use of your personal information.

6. Your Rights and Choices

6.1 Access and Portability

You have the right to access your personal information and request a copy in a portable format. Contact us at privacy@supa-sync.com to exercise this right.

6.2 Correction and Deletion

You can update your account information through your account settings. You may request deletion of your account and associated data at any time. Note that deletion is permanent and cannot be reversed.

6.3 Data Processing Objection

You may object to certain data processing activities. However, this may limit your ability to use Supasync services. You can disconnect platform integrations at any time through your account settings.

6.4 Deletion Behavior Control

You have full control over how deletions in connected platforms affect your Supabase data. You can configure deletion behavior for each sync connection through your account settings. We recommend reviewing and understanding your deletion settings to prevent unintended data loss. Changes to deletion behavior take effect immediately and apply to all future deletion events.

7. International Data Transfers

Supasync operates globally and may transfer your data to servers located outside your country of residence. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses and compliance with applicable data protection regulations.

8. Children's Privacy

Supasync is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. Changes to Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through a prominent notice on our platform. Your continued use after changes constitutes acceptance of the updated policy.

10. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Email: privacy@supa-sync.com
Data Protection Officer: dpo@supa-sync.com