Supalink logo mark
Supalink

Privacy Policy

Last updated: June 2026

1. Information We Collect

We collect information you provide directly (such as email, handle, profile content, and support messages), information generated through your use of Supalink (such as logs, device/browser metadata, and usage events), and information received from selected third-party services (for example Google sign-in data you authorize).

For product improvement, we also collect limited analytics data about how features are used — for example sign-in steps completed, auth method chosen (Google or email), whether an account is new or returning, new project onboarding steps, editor actions (such as first edit type, publish, preview, and theme changes). We do not send email addresses, one-time codes, or page content into analytics. After you sign in, we may associate analytics with your Supabase account ID (a random UUID), not your email.

2. How We Use Information

We use personal information to provide and secure Supalink, authenticate accounts, publish and host creator pages, maintain platform reliability, detect abuse, respond to support requests, and improve product performance and user experience through analytics.

3. Legal Bases and Consent

Where required by applicable law, we process personal information on one or more legal grounds, including performance of our contract with you, legitimate interests (such as fraud prevention and service improvement), compliance with legal obligations, and your consent where consent is required.

4. Cookies, Local Storage, and Analytics

Supalink uses essential cookies and local storage needed for login, security, and core functionality (including Supabase session storage).

We use product analytics to understand feature usage and improve Supalink. Our primary analytics provider is PostHog (EU cloud). PostHog may set first-party cookies or similar identifiers to distinguish browsers and measure funnels. We configure PostHog to send only events we define (such as sign-in flow steps), not automatic click tracking, and we do not use session replay or screen recording.

We also use Vercel Analytics for aggregated page-view and performance metrics on our website. We do not intentionally use your data for unrelated third-party ad sales.

5. Sharing and Processors

We share personal information only as reasonably needed to operate Supalink, including with service providers such as Supabase (auth, database, and storage), Vercel (hosting, delivery, and aggregated web analytics), PostHog (product analytics on EU infrastructure), and Google services (for OAuth sign-in and related integrations). These providers process data on our behalf under their terms and our instructions. We may also disclose information where required by law or to protect rights, safety, and platform integrity.

6. International Data Transfers

Your information may be processed in countries other than your own, depending on where our infrastructure and providers operate. We take reasonable steps to protect transferred information using contractual, technical, and organizational safeguards.

7. Retention

We keep personal information only for as long as needed for service operation, security, dispute handling, and legal compliance. Retention periods vary by data type and purpose. When no longer required, we delete, anonymize, or securely isolate data, including data held in backups and logs according to operational constraints.

8. Security

We implement reasonable administrative, technical, and organizational safeguards to protect personal information. No method of transmission or storage is fully secure, but we continuously work to reduce risk and respond to incidents promptly.

9. Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, restrict, object to certain processing, or request portability of your personal information. You may also request account or content deletion. We provide global baseline rights and honor additional regional rights where legally required.

10. Children's Privacy

Supalink is not intended for children under 13. If we learn that we have collected personal information from a child under 13 without appropriate authorization, we will take reasonable steps to remove it.

11. Changes to this Policy

We may update this Privacy Policy from time to time to reflect product, legal, or operational changes. Updated versions become effective when posted on this page with a revised "Last updated" date.

12. Contact

For privacy questions, data requests, or complaints, contact us at legal@supalink.in.