Privacy Policy
Last updated: January 15, 2026
1. Introduction
SoftifyBase Security Scanner ("we", "our", or "the Service") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Supabase penetration testing service.
2. Information We Collect
2.1 Information You Provide
When using SoftifyBase Security Scanner, you may provide:
- Supabase Project URL: The URL of the Supabase project you are testing
- API Keys: Anonymous (anon) keys required to authenticate with your Supabase project
- Contact Information: If you choose to contact us for support
2.2 Information Collected Automatically
We may automatically collect:
- Usage Data: Information about how you interact with the Service
- Device Information: Browser type, operating system, and device identifiers
- Log Data: IP addresses, access times, and pages viewed
2.3 Security Test Results
During security testing, the Service may temporarily process information from your Supabase project to identify vulnerabilities. This may include database schema information, API responses, and security configuration data.
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Perform security testing as requested by you
- Generate vulnerability reports and recommendations
- Respond to your inquiries and provide support
- Monitor and analyze usage patterns to improve user experience
- Detect, prevent, and address technical issues or abuse
4. Data Retention
4.1 Credentials
Your Supabase URL and API keys are NOT stored on our servers. These credentials are used only during the active scanning session and are discarded immediately after the scan completes.
4.2 Scan Results
Vulnerability scan results are stored locally in your browser session. We do not retain copies of your scan results on our servers unless you explicitly choose to save or export them.
4.3 Usage Analytics
Aggregated, anonymized usage data may be retained for analytics purposes to improve the Service. This data cannot be used to identify individual users or their tested projects.
5. Information Sharing and Disclosure
We do NOT sell, trade, or rent your personal information. We may share information only in the following circumstances:
- With Your Consent: When you explicitly authorize us to share information
- Legal Requirements: When required by law, court order, or governmental authority
- Protection of Rights: To protect our rights, privacy, safety, or property
- Service Providers: With trusted third parties who assist in operating the Service (subject to confidentiality agreements)
6. Data Security
We implement appropriate technical and organizational security measures to protect your information, including:
- HTTPS encryption for all data transmission
- No persistent storage of sensitive credentials
- Regular security assessments of our own infrastructure
- Access controls and authentication for administrative functions
However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.
7. Your Rights and Choices
Depending on your jurisdiction, you may have the right to:
- Access: Request access to personal information we hold about you
- Correction: Request correction of inaccurate personal information
- Deletion: Request deletion of your personal information
- Portability: Request a copy of your data in a portable format
- Objection: Object to certain processing of your personal information
- Withdrawal: Withdraw consent where processing is based on consent
To exercise these rights, please contact us through our GitHub repository.
8. Cookies and Tracking
We may use cookies and similar tracking technologies to enhance your experience:
- Essential Cookies: Required for the Service to function properly
- Preference Cookies: Remember your settings and preferences
- Analytics Cookies: Help us understand how the Service is used
You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service.
9. Third-Party Services
The Service interacts with Supabase, a third-party database service. Your use of Supabase is governed by Supabase's own terms of service and privacy policy. We are not responsible for the privacy practices of Supabase or any other third-party services.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. By using the Service, you consent to the transfer of your information to these countries. We will take appropriate measures to ensure your data remains protected in accordance with this Privacy Policy.
11. Children's Privacy
The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.
13. Regional Privacy Rights
European Users (GDPR)
If you are in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with a supervisory authority.
California Users (CCPA)
California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected and the right to opt-out of the sale of personal information. We do not sell personal information.
14. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us through our GitHub repository.