# Privacy Policy for Supanator

**Effective Date: October 1, 2025 (2025-10-01)**

## 1. Introduction

This Privacy Policy describes how Supanator ("we," "our," or "the app") collects, uses, and protects your information when you use our iOS application. By using Supanator, you agree to the collection and use of information in accordance with this policy.

## 2. Information We Collect

### 2.1 Information You Provide
- **Supabase API Tokens**: We collect the experimental API tokens, management tokens, and service role keys you provide to connect to your Supabase projects
- **Project URLs**: The URLs of your Supabase projects
- **Token Names**: Optional names you assign to saved tokens for your convenience

### 2.2 Automatically Collected Information
- **Usage Data**: Basic app usage statistics (features used, crash reports)
- **Device Information**: iOS version, device model, app version

### 2.3 AI Assistant Data Collection
- **Chat Conversations**: When you use the Supanator AI chat assistant, your questions and conversation history are sent to our secure proxy server
- **Project Schema Information**: Database table names, column names, function names, and storage bucket information from your connected Supabase project
- **Support ID**: A unique anonymous identifier generated on your device for rate limiting and support purposes, synced across your devices via iCloud Keychain

### 2.4 Information We Do NOT Collect
- Personal identification information (name, email, phone number)
- Location data
- Contact information
- Payment information (handled by Apple App Store)
- Actual database content (row data, file contents, secrets)

## 3. How We Use Your Information

We use the collected information solely to:
- Authenticate and connect to your Supabase projects
- Enable app functionality (database management, storage, functions, etc.)
- Provide AI-powered assistance through the chat feature
- Save your preferences locally on your device
- Improve app performance and fix bugs
- Enforce usage limits on AI features during beta (10 requests per hour)

## 4. Data Storage and Security

### 4.1 Local Storage
- All API tokens and credentials are stored locally on your device using iOS Keychain
- We do NOT transmit or store your credentials on any external servers
- Data is encrypted using iOS native security features

### 4.2 Fresh Install Detection
- Uninstalling the app will clear all stored credentials upon reinstallation
- This ensures your sensitive data doesn't persist after app removal

### 4.3 Widget Data
- Analytics data for widgets is stored in a secure app group container
- Only accessible by the main app and widget extension

### 4.4 AI Chat Data
- Chat conversations are NOT stored permanently on our servers
- Conversations are processed in real-time and forwarded to OpenAI
- Your Support ID is hashed for privacy before being used for rate limiting
- Support ID is stored in iCloud Keychain and syncs across your Apple devices

## 5. Third-Party Services

### 5.1 Supabase
- Supanator connects directly to Supabase services using your provided credentials
- All data interactions occur directly between your device and Supabase servers
- We do not intercept, store, or process your Supabase data
- Your use of Supabase is governed by Supabase's own privacy policy and terms of service

### 5.2 OpenAI (AI Chat Assistant)
- **Service Provider**: Supanator AI uses OpenAI's GPT models to provide intelligent assistance
- **Data Transmitted**: Your chat messages and project schema information (table names, column names, function names) are sent to OpenAI via our secure proxy server
- **Data NOT Transmitted**: Actual database content (row data), API keys, passwords, or other sensitive credentials
- **OpenAI's Privacy**: Your data is subject to OpenAI's data processing practices and privacy policy
- **No Permanent Storage**: We do not store your AI conversations on our servers after processing
- **Usage Limits**: During beta, AI chat is limited to 10 requests per hour per user to manage costs

**IMPORTANT**: Do not share passwords, API keys, personal information, or other sensitive data in AI chat conversations.

### 5.3 Apple Services
- App Store for distribution and in-app purchases
- StoreKit for subscription management
- iCloud Keychain for Support ID synchronization across devices
- Your subscription data is managed by Apple

## 6. Data Sharing

We do NOT:
- Sell, trade, or rent your information to third parties
- Share your credentials with anyone
- Access your Supabase data for any purpose other than app functionality
- Collect or store analytics about your Supabase projects
- Store your AI chat conversations permanently

We DO share:
- AI chat messages and project schema with OpenAI for processing (as described in Section 5.2)
- Anonymous usage data with our proxy server for rate limiting purposes

## 7. Your Rights

You have the right to:
- Delete all stored credentials at any time through the app
- Clear AI chat conversation history at any time
- Decline to use the AI chat feature
- Uninstall the app to remove all local data
- Manage your subscriptions through iOS Settings
- Request information about data stored locally on your device
- Access your Support ID from the app's feedback page

## 8. Children's Privacy

Supanator is not intended for use by children under 13 years of age. We do not knowingly collect information from children under 13.

## 9. Disclaimer and Limitation of Liability

### 9.1 No Warranty
SUPANATOR IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

### 9.2 Limitation of Liability
IN NO EVENT SHALL THE DEVELOPER OF SUPANATOR BE LIABLE FOR ANY CLAIM, DAMAGES, OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT, OR OTHERWISE, ARISING FROM, OUT OF, OR IN CONNECTION WITH THE APP OR THE USE OR OTHER DEALINGS IN THE APP.

### 9.3 User Responsibility
- You are solely responsible for maintaining the security of your API tokens
- You are responsible for any actions taken using your Supabase credentials
- You are responsible for the content you share in AI chat conversations
- Do not share sensitive information (passwords, API keys, personal data) in AI chats
- We are not liable for any data loss, security breaches, or damages resulting from your use of the app
- You use this app and AI features at your own risk

### 9.4 Third-Party Services
- We are not responsible for the availability, accuracy, or reliability of Supabase services
- We are not liable for any issues arising from Supabase service interruptions or changes
- Your relationship with Supabase is governed by their terms, not ours
- We are not responsible for OpenAI's AI responses, accuracy, or any actions taken based on AI suggestions
- AI-generated content may contain errors and should be verified before use in production environments
- Your use of OpenAI services through our app is subject to OpenAI's terms of service

### 9.5 No Professional Advice
This app and its AI chat feature are not intended to provide professional database administration advice. AI suggestions should be reviewed and tested before implementing in production environments. Always consult with qualified professionals for critical database operations.

## 10. Indemnification

You agree to indemnify, defend, and hold harmless the developer of Supanator from and against any and all claims, liabilities, damages, losses, costs, expenses, or fees arising from your use of the app or violation of these terms.

## 11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by updating the "Effective Date" at the top of this policy. Continued use of the app after changes constitutes acceptance of the updated policy.

## 12. Data Retention

- Credentials remain stored until you explicitly delete them or uninstall the app
- AI chat conversations are NOT stored on our servers after processing
- Support ID persists in iCloud Keychain until you uninstall the app from all your devices
- Rate limiting data is automatically deleted after 1 hour
- We do not have access to delete your data remotely
- Subscription information is retained by Apple according to their policies

## 13. International Use

This app is designed for use globally. By using Supanator outside of your country, you consent to the transfer and processing of your data in accordance with this policy.

## 14. Contact Information

For questions about this Privacy Policy or the app, please contact:
- Email: jean.robert.nino@icloud.com
- Through the in-app contact form
- App Store: Through the App Store support feature

## 15. Acceptance of Terms

By using Supanator, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and accept all risks associated with using the app.

## 16. Severability

If any provision of this Privacy Policy is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Privacy Policy will otherwise remain in full force and effect.

## 17. Governing Law

This Privacy Policy is governed by the laws applicable to software distributed through the Apple App Store, without regard to conflict of law principles.

---

**Remember**: Supanator is an independent tool not affiliated with Supabase Inc. Use at your own discretion and risk.