At Supaframe, your privacy is important to us. This Privacy Policy explains what information we collect, how we use it, how it is stored, and your rights regarding your data. By using Supaframe, you agree to the practices described in this policy.

1. Information We Collect

We collect the following types of information when you use Supaframe:

• Account Information: When you sign up, we collect your name and email address.

• Google Account Login (optional): If you choose to sign up or log in with Google, we collect your email address, name, and profile picture from your Google account to create and authenticate your Supaframe account.

• Booking Data: Information related to bookings made through Supaframe, such as event details, customer contact information, and booking status (pending or confirmed).

• Google Calendar Integration (optional): If you connect your Google Calendar, booking events will be added to the selected calendar. You may choose whether pending bookings are added immediately or only after they are confirmed. If enabled, a Google Meet link may also be automatically generated and included in the event.

• Payment Information: If you make payments, certain billing details are collected and processed securely via third-party providers.

• Usage Data: We may collect information on how you use our services, such as device type, browser type, and interaction logs.

If you choose to sign up or log in using Google, we will receive your name, email address, and profile picture from Google. We use this information solely to create and manage your Supaframe account and to display your profile information within the service. We do not access or store any other information from your Google account.

If you choose to connect your Google Calendar, Supaframe will access your selected calendar to create events when a booking is made. For each booking, we store and use the necessary information (such as the booking details, your calendar ID, and the invitee’s email address) in order to create the calendar event. If enabled, a Google Meet link will also be generated automatically for the event. We do not access any other calendar data, and you can revoke Supaframe’s access to your Google account at any time from your Google Account settings.

2. How We Use Your Information

We use the information we collect to:

• Provide and improve the Supaframe platform and its features.

• Enable user authentication and account management.

• Facilitate bookings, calendar synchronization, and optional Google Meet link generation.

• Communicate with you regarding updates, support, and transactions.

• Maintain the security, stability, and performance of our services.

• We use your data to synchronize bookings with your Google Calendar and, if enabled, to generate Google Meet links automatically.

We do not sell your personal information to advertisers or share it with third parties for marketing purposes.

We process your personal data on the following legal bases under GDPR: (a) performance of a contract (Art. 6(1)(b)), (b) your consent (Art. 6(1)(a)), (c) compliance with legal obligations (Art. 6(1)(c)), (d) our legitimate interests (Art. 6(1)(f)).

3. Data Sharing and Disclosure

We may share your information only in the following cases:

• Service Providers: We work with trusted third-party providers (e.g., Supabase for data hosting, Stripe for payments) to deliver our services.

• Google Services: If you enable Google Login or Calendar integration, we use Google APIs to authenticate your account and manage events in your calendar. These interactions are governed by Google’s Privacy Policy.

• Legal Compliance: If required by law or valid legal process.

We never share your data with unauthorized third parties.

We use trusted third-party subprocessors to deliver our services. These include Supabase (database hosting), Stripe (payment processing), and Google (authentication and integrations). Where data is transferred outside the EEA, we rely on the EU Standard Contractual Clauses or the EU–US Data Privacy Framework to ensure adequate safeguards.

4. Data Security

We take reasonable technical and organizational measures to protect your information from unauthorized access, loss, misuse, or disclosure.

• OAuth tokens and credentials are stored securely and used only for providing booking synchronization and authentication.

• You can revoke Supaframe’s access to your Google account at any time via your Google Account settings.

5. Data Retention

We retain personal data only for as long as necessary to provide our services or as required by applicable law.

If you delete your account, all personal data stored in our Supabase database will be permanently deleted immediately, and we do not keep any backup copy afterwards.

Transaction and payment information is not stored by Supaframe. These are processed and retained by our payment provider (Stripe) in accordance with applicable financial and tax regulations.

If you have integrated Google services (e.g. calendar), you may revoke Supaframe’s access at any time from your Google Account settings.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access, correct, or delete your personal data.

• Restrict or object to the processing of your data.

• Revoke previously granted consents (e.g., disconnect Google Calendar or Google Login).

• Request a copy of the data we hold about you.

To exercise these rights, please contact us at [Insert contact email].

7. International Data Transfers

Your data may be transferred and stored outside of your country of residence. In such cases, we ensure that adequate safeguards are in place to protect your personal information.

8. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will always be posted on this page with a revised “Effective date.” Significant changes will be communicated to you where required.

12. Contact Us

If you have any questions about this Privacy Policy, or if you wish to exercise your rights, contact us here.