Terms & conditions
Last updated: September 23, 2025
Terms & conditions
Last updated: September 23, 2025
Terms & conditions
Last updated: September 23, 2025
Welcome to Supaframe! These Terms & Conditions (“Terms”) explain the rules for using our service. By using Supaframe, you agree to these Terms. If you do not agree, please stop using the platform.
1. What Is Supaframe?
Supaframe is a no-code platform offering Framer components—such as Booking, Waitlist, Poll, and Contact (with CRM)—that you can embed directly into your Framer website. Visitor interactions are stored securely in Supabase and accessible via your Supaframe dashboard.
We rely on the following services for infrastructure:
Lovable (app hosting)
Framer (marketing site)
Supabase (database & authentication)
Polar.sh (merchant of record for payments)
2. Accounts and Access
You must register using your name and email to access Supaframe.
Google Account Login (optional): You may also sign up or log in via your Google account. This method grants Supaframe access to your Google email address, name, and profile picture, which are used solely for user authentication and profile identification, and are treated in accordance with our data handling practices.
You are responsible for account security and all actions taken under your account. Do not share your credentials.
You must comply with data laws when using Supaframe to collect visitor information.
You may create an account either by providing an email address and password, or by signing in with Google. If you choose Google sign-in, we only receive your name, email address, and profile picture for the purpose of creating and managing your account.
When you enable Google Calendar integration, Supaframe will create events in your designated calendar whenever a booking is made. The invitee’s email address will be added to the event so that they receive an invitation. If you enable Google Meet integration, a meeting link will also be generated automatically. You remain responsible for informing your end-users about this use of their email addresses.
3. Acceptable Use
You agree not to:
Collect sensitive personal data (e.g., health, financial, biometric) using our components
Use the platform for spam, phishing, scams, or other illegal activities
Reverse-engineer or manipulate the service or its security
Impersonate individuals or bypass usage limits or subscription terms
Violations may result in immediate account suspension or termination.
4. Data Ownership and Responsibility
You retain ownership of all data gathered through your components.
Supaframe and Supabase may access data for support or maintenance, but it will never be used for advertising or shared improperly.
You are responsible for ensuring compliance with privacy regulations (e.g., GDPR, CCPA) and for configuring consent appropriately (e.g., including privacy checkboxes).
5. Component-Specific Data Handling
Booking Component
Collects visitor name, email, phone number, message, service selection, and appointment time.
Google Calendar Integration (optional): You may link Supaframe with your Google Calendar. You choose which Google calendar is synced, whether “pending” bookings are added immediately or only upon confirmation, and whether a Google Meet link is included in the event.
Other Components
Waitlist: collects names and emails.
Poll: captures votes and optionally names/emails, with display settings for results.
Contact (CRM): handles names, emails, phone numbers, messages, consent checkboxes, and optional internal notes, tags, or tasks. supaframe.io
6. Payments and Billing
Payments are handled through Polar.sh, including billing, VAT, and compliance management.
Supaframe does not store or process your payment card details.
Manage subscriptions and view invoices via the Polar customer portal. Refer to Polar’s terms for more details.
7. Plans and Usage Limits
Free Plan: up to 5 active components, 100 total submissions lifetime.
Pro Plan: unlimited components and submissions.
Team Plan: forthcoming.
Accounts are personal unless using an approved team plan.
8. Canceling Your Subscription
Cancel anytime through the Polar portal.
Cancellation takes effect at the end of the billing cycle; data remains accessible unless you delete it.
9. Refund Policy
Requests for refunds must be made within 7 days of payment.
Refunds are case-dependent and not guaranteed unless due to service errors.
Processed through Polar.sh.
10. Analytics
We use Umami for anonymized app analytics, and Google Analytics (anonymized) on our public site.
No personally identifiable information is tracked.
11. Limitation of Liability
Supaframe is provided “as is.” We make no warranties regarding uptime, correctness, or data accuracy. We are not liable for:
Downtime or service interruptions
Data loss (though backups are maintained)
Incorrect implementation of components on your site
Any misuse of the service
12. Changes to These Terms
We may update these Terms at any time. New versions will have an updated “Last updated” date. We’ll notify you of significant changes if required.
13. GDPR & Data Processing Agreement (DPA)
Controller–Processor roles. For customers subject to the GDPR (EU/EEA/UK), you act as the data controller with respect to personal data collected through your use of Supaframe components, and Supaframe acts as your data processor.
DPA incorporation. By agreeing to these Terms, you also agree to our Data Processing Agreement (DPA), which governs our processing of personal data on your behalf under Article 28 GDPR. The DPA forms part of these Terms by reference and is available here: /dpa (a signed copy can be provided upon request).
Subject, nature, and purpose of processing. Supaframe processes personal data to provide, secure, and support the service (e.g., hosting your components, storing submissions, authentication), strictly in accordance with your documented instructions and your configuration.
Categories of data & data subjects. Typical data includes names, emails, form and booking responses submitted by your end-users and site visitors (data subjects) via your components. You remain responsible for configuring consent and ensuring that special categories of data are not collected via Supaframe unless you have a lawful basis and appropriate safeguards in place (see Acceptable Use).
Subprocessors. We engage vetted subprocessors to deliver the service, including Supabase (database & authentication), Polar.sh (merchant of record / payments), and, where you enable integrations, Google (e.g., sign-in, calendar). Our current list and transfer safeguards are described in the DPA.
International transfers. Where personal data is transferred outside the EEA/UK, we implement appropriate safeguards (e.g., EU Standard Contractual Clauses and/or participation in an adequacy mechanism) as detailed in the DPA.
Security. We maintain appropriate technical and organizational measures to protect personal data, proportionate to risk and the state of the art. A high-level description of our measures (including Supabase-managed storage and auth) is provided in the DPA and Privacy Policy.
Assistance & data subject rights. We will reasonably assist you in meeting your GDPR obligations (e.g., responding to data subject requests, security incident notifications) as set out in the DPA.
Deletion & return. Upon account deletion or at the end of our services, we will immediately delete personal data stored in our Supabase database in line with your instructions, except where retention is required by law or handled by third parties you use (e.g., payment records retained by Polar). Details are in the DPA and Privacy Policy.
Audits & records. On reasonable notice, and as described in the DPA, we make available information necessary to demonstrate compliance and support audits or assessments as legally required.
13. Contact Us
Questions or concerns about these Terms? Contact us here.
Welcome to Supaframe! These Terms & Conditions (“Terms”) explain the rules for using our service. By using Supaframe, you agree to these Terms. If you do not agree, please stop using the platform.
1. What Is Supaframe?
Supaframe is a no-code platform offering Framer components—such as Booking, Waitlist, Poll, and Contact (with CRM)—that you can embed directly into your Framer website. Visitor interactions are stored securely in Supabase and accessible via your Supaframe dashboard.
We rely on the following services for infrastructure:
Lovable (app hosting)
Framer (marketing site)
Supabase (database & authentication)
Polar.sh (merchant of record for payments)
2. Accounts and Access
You must register using your name and email to access Supaframe.
Google Account Login (optional): You may also sign up or log in via your Google account. This method grants Supaframe access to your Google email address, name, and profile picture, which are used solely for user authentication and profile identification, and are treated in accordance with our data handling practices.
You are responsible for account security and all actions taken under your account. Do not share your credentials.
You must comply with data laws when using Supaframe to collect visitor information.
You may create an account either by providing an email address and password, or by signing in with Google. If you choose Google sign-in, we only receive your name, email address, and profile picture for the purpose of creating and managing your account.
When you enable Google Calendar integration, Supaframe will create events in your designated calendar whenever a booking is made. The invitee’s email address will be added to the event so that they receive an invitation. If you enable Google Meet integration, a meeting link will also be generated automatically. You remain responsible for informing your end-users about this use of their email addresses.
3. Acceptable Use
You agree not to:
Collect sensitive personal data (e.g., health, financial, biometric) using our components
Use the platform for spam, phishing, scams, or other illegal activities
Reverse-engineer or manipulate the service or its security
Impersonate individuals or bypass usage limits or subscription terms
Violations may result in immediate account suspension or termination.
4. Data Ownership and Responsibility
You retain ownership of all data gathered through your components.
Supaframe and Supabase may access data for support or maintenance, but it will never be used for advertising or shared improperly.
You are responsible for ensuring compliance with privacy regulations (e.g., GDPR, CCPA) and for configuring consent appropriately (e.g., including privacy checkboxes).
5. Component-Specific Data Handling
Booking Component
Collects visitor name, email, phone number, message, service selection, and appointment time.
Google Calendar Integration (optional): You may link Supaframe with your Google Calendar. You choose which Google calendar is synced, whether “pending” bookings are added immediately or only upon confirmation, and whether a Google Meet link is included in the event.
Other Components
Waitlist: collects names and emails.
Poll: captures votes and optionally names/emails, with display settings for results.
Contact (CRM): handles names, emails, phone numbers, messages, consent checkboxes, and optional internal notes, tags, or tasks. supaframe.io
6. Payments and Billing
Payments are handled through Polar.sh, including billing, VAT, and compliance management.
Supaframe does not store or process your payment card details.
Manage subscriptions and view invoices via the Polar customer portal. Refer to Polar’s terms for more details.
7. Plans and Usage Limits
Free Plan: up to 5 active components, 100 total submissions lifetime.
Pro Plan: unlimited components and submissions.
Team Plan: forthcoming.
Accounts are personal unless using an approved team plan.
8. Canceling Your Subscription
Cancel anytime through the Polar portal.
Cancellation takes effect at the end of the billing cycle; data remains accessible unless you delete it.
9. Refund Policy
Requests for refunds must be made within 7 days of payment.
Refunds are case-dependent and not guaranteed unless due to service errors.
Processed through Polar.sh.
10. Analytics
We use Umami for anonymized app analytics, and Google Analytics (anonymized) on our public site.
No personally identifiable information is tracked.
11. Limitation of Liability
Supaframe is provided “as is.” We make no warranties regarding uptime, correctness, or data accuracy. We are not liable for:
Downtime or service interruptions
Data loss (though backups are maintained)
Incorrect implementation of components on your site
Any misuse of the service
12. Changes to These Terms
We may update these Terms at any time. New versions will have an updated “Last updated” date. We’ll notify you of significant changes if required.
13. GDPR & Data Processing Agreement (DPA)
Controller–Processor roles. For customers subject to the GDPR (EU/EEA/UK), you act as the data controller with respect to personal data collected through your use of Supaframe components, and Supaframe acts as your data processor.
DPA incorporation. By agreeing to these Terms, you also agree to our Data Processing Agreement (DPA), which governs our processing of personal data on your behalf under Article 28 GDPR. The DPA forms part of these Terms by reference and is available here: /dpa (a signed copy can be provided upon request).
Subject, nature, and purpose of processing. Supaframe processes personal data to provide, secure, and support the service (e.g., hosting your components, storing submissions, authentication), strictly in accordance with your documented instructions and your configuration.
Categories of data & data subjects. Typical data includes names, emails, form and booking responses submitted by your end-users and site visitors (data subjects) via your components. You remain responsible for configuring consent and ensuring that special categories of data are not collected via Supaframe unless you have a lawful basis and appropriate safeguards in place (see Acceptable Use).
Subprocessors. We engage vetted subprocessors to deliver the service, including Supabase (database & authentication), Polar.sh (merchant of record / payments), and, where you enable integrations, Google (e.g., sign-in, calendar). Our current list and transfer safeguards are described in the DPA.
International transfers. Where personal data is transferred outside the EEA/UK, we implement appropriate safeguards (e.g., EU Standard Contractual Clauses and/or participation in an adequacy mechanism) as detailed in the DPA.
Security. We maintain appropriate technical and organizational measures to protect personal data, proportionate to risk and the state of the art. A high-level description of our measures (including Supabase-managed storage and auth) is provided in the DPA and Privacy Policy.
Assistance & data subject rights. We will reasonably assist you in meeting your GDPR obligations (e.g., responding to data subject requests, security incident notifications) as set out in the DPA.
Deletion & return. Upon account deletion or at the end of our services, we will immediately delete personal data stored in our Supabase database in line with your instructions, except where retention is required by law or handled by third parties you use (e.g., payment records retained by Polar). Details are in the DPA and Privacy Policy.
Audits & records. On reasonable notice, and as described in the DPA, we make available information necessary to demonstrate compliance and support audits or assessments as legally required.
13. Contact Us
Questions or concerns about these Terms? Contact us here.
Welcome to Supaframe! These Terms & Conditions (“Terms”) explain the rules for using our service. By using Supaframe, you agree to these Terms. If you do not agree, please stop using the platform.
1. What Is Supaframe?
Supaframe is a no-code platform offering Framer components—such as Booking, Waitlist, Poll, and Contact (with CRM)—that you can embed directly into your Framer website. Visitor interactions are stored securely in Supabase and accessible via your Supaframe dashboard.
We rely on the following services for infrastructure:
Lovable (app hosting)
Framer (marketing site)
Supabase (database & authentication)
Polar.sh (merchant of record for payments)
2. Accounts and Access
You must register using your name and email to access Supaframe.
Google Account Login (optional): You may also sign up or log in via your Google account. This method grants Supaframe access to your Google email address, name, and profile picture, which are used solely for user authentication and profile identification, and are treated in accordance with our data handling practices.
You are responsible for account security and all actions taken under your account. Do not share your credentials.
You must comply with data laws when using Supaframe to collect visitor information.
You may create an account either by providing an email address and password, or by signing in with Google. If you choose Google sign-in, we only receive your name, email address, and profile picture for the purpose of creating and managing your account.
When you enable Google Calendar integration, Supaframe will create events in your designated calendar whenever a booking is made. The invitee’s email address will be added to the event so that they receive an invitation. If you enable Google Meet integration, a meeting link will also be generated automatically. You remain responsible for informing your end-users about this use of their email addresses.
3. Acceptable Use
You agree not to:
Collect sensitive personal data (e.g., health, financial, biometric) using our components
Use the platform for spam, phishing, scams, or other illegal activities
Reverse-engineer or manipulate the service or its security
Impersonate individuals or bypass usage limits or subscription terms
Violations may result in immediate account suspension or termination.
4. Data Ownership and Responsibility
You retain ownership of all data gathered through your components.
Supaframe and Supabase may access data for support or maintenance, but it will never be used for advertising or shared improperly.
You are responsible for ensuring compliance with privacy regulations (e.g., GDPR, CCPA) and for configuring consent appropriately (e.g., including privacy checkboxes).
5. Component-Specific Data Handling
Booking Component
Collects visitor name, email, phone number, message, service selection, and appointment time.
Google Calendar Integration (optional): You may link Supaframe with your Google Calendar. You choose which Google calendar is synced, whether “pending” bookings are added immediately or only upon confirmation, and whether a Google Meet link is included in the event.
Other Components
Waitlist: collects names and emails.
Poll: captures votes and optionally names/emails, with display settings for results.
Contact (CRM): handles names, emails, phone numbers, messages, consent checkboxes, and optional internal notes, tags, or tasks. supaframe.io
6. Payments and Billing
Payments are handled through Polar.sh, including billing, VAT, and compliance management.
Supaframe does not store or process your payment card details.
Manage subscriptions and view invoices via the Polar customer portal. Refer to Polar’s terms for more details.
7. Plans and Usage Limits
Free Plan: up to 5 active components, 100 total submissions lifetime.
Pro Plan: unlimited components and submissions.
Team Plan: forthcoming.
Accounts are personal unless using an approved team plan.
8. Canceling Your Subscription
Cancel anytime through the Polar portal.
Cancellation takes effect at the end of the billing cycle; data remains accessible unless you delete it.
9. Refund Policy
Requests for refunds must be made within 7 days of payment.
Refunds are case-dependent and not guaranteed unless due to service errors.
Processed through Polar.sh.
10. Analytics
We use Umami for anonymized app analytics, and Google Analytics (anonymized) on our public site.
No personally identifiable information is tracked.
11. Limitation of Liability
Supaframe is provided “as is.” We make no warranties regarding uptime, correctness, or data accuracy. We are not liable for:
Downtime or service interruptions
Data loss (though backups are maintained)
Incorrect implementation of components on your site
Any misuse of the service
12. Changes to These Terms
We may update these Terms at any time. New versions will have an updated “Last updated” date. We’ll notify you of significant changes if required.
13. GDPR & Data Processing Agreement (DPA)
Controller–Processor roles. For customers subject to the GDPR (EU/EEA/UK), you act as the data controller with respect to personal data collected through your use of Supaframe components, and Supaframe acts as your data processor.
DPA incorporation. By agreeing to these Terms, you also agree to our Data Processing Agreement (DPA), which governs our processing of personal data on your behalf under Article 28 GDPR. The DPA forms part of these Terms by reference and is available here: /dpa (a signed copy can be provided upon request).
Subject, nature, and purpose of processing. Supaframe processes personal data to provide, secure, and support the service (e.g., hosting your components, storing submissions, authentication), strictly in accordance with your documented instructions and your configuration.
Categories of data & data subjects. Typical data includes names, emails, form and booking responses submitted by your end-users and site visitors (data subjects) via your components. You remain responsible for configuring consent and ensuring that special categories of data are not collected via Supaframe unless you have a lawful basis and appropriate safeguards in place (see Acceptable Use).
Subprocessors. We engage vetted subprocessors to deliver the service, including Supabase (database & authentication), Polar.sh (merchant of record / payments), and, where you enable integrations, Google (e.g., sign-in, calendar). Our current list and transfer safeguards are described in the DPA.
International transfers. Where personal data is transferred outside the EEA/UK, we implement appropriate safeguards (e.g., EU Standard Contractual Clauses and/or participation in an adequacy mechanism) as detailed in the DPA.
Security. We maintain appropriate technical and organizational measures to protect personal data, proportionate to risk and the state of the art. A high-level description of our measures (including Supabase-managed storage and auth) is provided in the DPA and Privacy Policy.
Assistance & data subject rights. We will reasonably assist you in meeting your GDPR obligations (e.g., responding to data subject requests, security incident notifications) as set out in the DPA.
Deletion & return. Upon account deletion or at the end of our services, we will immediately delete personal data stored in our Supabase database in line with your instructions, except where retention is required by law or handled by third parties you use (e.g., payment records retained by Polar). Details are in the DPA and Privacy Policy.
Audits & records. On reasonable notice, and as described in the DPA, we make available information necessary to demonstrate compliance and support audits or assessments as legally required.
13. Contact Us
Questions or concerns about these Terms? Contact us here.