Back to Stackbase

Privacy Policy

Last updated: February 16, 2026

Introduction

Stackbase ("we", "our", or "us") operates stackbase.sh, providing managed Supabase hosting services. We take your privacy seriously and are committed to protecting your personal data.

This Privacy Policy explains how we collect, use, store, and protect your information when you use our services. By using Stackbase, you agree to the collection and use of information in accordance with this policy.

Data Controller

Stackbase is the data controller responsible for your personal data. If you have any questions about this policy or our data practices, you can contact us at:

Email: hello@stackbase.sh

Information We Collect

We collect information that you provide directly to us and information that is automatically collected when you use our services:

  • Account Information: Name, email address, and password when you create an account
  • Payment Information: Billing details processed through Stripe (we do not store credit card numbers)
  • Usage Data: Information about how you use our services, including database configurations and tenant settings
  • Technical Data: IP address, browser type, device information, and access times
  • Communications: Messages you send to us via email or support channels

Cookies and Tracking

We use cookies and similar tracking technologies to maintain your session and understand how our service is used:

  • Essential Cookies: Supabase authentication session cookies to keep you logged in
  • Analytics: Umami Analytics for privacy-focused website analytics (no personal data collected, GDPR-compliant)

We do not use third-party advertising cookies or tracking pixels. Our analytics solution is designed to respect your privacy and does not track you across websites.

How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and maintaining your Supabase hosting service
  • Processing payments and managing your subscription
  • Sending important service notifications and updates
  • Responding to your support requests and communications
  • Improving our services and developing new features
  • Detecting and preventing fraud, abuse, or security issues
  • Complying with legal obligations

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our services to you
  • Legitimate Interests: Improving our services, preventing fraud, and ensuring security
  • Consent: Where you have given us explicit permission (which you can withdraw at any time)
  • Legal Obligation: Where we must process data to comply with laws

Data Storage and Security

We implement appropriate technical and organizational measures to protect your data:

  • Account Data: Stored securely in Supabase cloud infrastructure
  • Tenant Instances: Hosted on Hetzner servers located in Helsinki, Finland (EU)
  • Encryption: Data is encrypted in transit using TLS/SSL and at rest where applicable
  • Access Controls: Strict access controls and authentication measures protect your data
  • Regular Backups: Automated backups to prevent data loss

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but maintain industry-standard practices.

Third-Party Services

We use trusted third-party services to operate our platform. These providers have access to certain data only to perform specific tasks on our behalf:

  • Stripe: Payment processing (PCI-compliant, handles all payment card data)
  • Supabase: Authentication, database, and cloud infrastructure
  • Resend: Transactional email delivery
  • Umami: Privacy-focused analytics (no personal data collected)
  • Hetzner: Server hosting for tenant Supabase instances (EU-based)

These services are contractually obligated to protect your data and use it only for the purposes we specify.

Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Retained while your account is active
  • Payment Records: Retained for 7 years for tax and accounting purposes
  • Tenant Data: Deleted within 30 days after account closure or instance termination
  • Backups: May persist in backups for up to 90 days after deletion

You can request deletion of your data at any time by contacting us. We will comply with deletion requests except where we are legally required to retain certain information.

Your Rights

You have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Data Portability: Request export of your data in a machine-readable format
  • Right to Restriction: Request limitation of how we process your data
  • Right to Object: Object to our processing of your data based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for processing where we rely on your consent

To exercise any of these rights, please contact us at hello@stackbase.sh. We will respond to your request within 30 days.

Account Deletion

You can delete your account at any time through your dashboard settings or by contacting us. Account deletion will:

  • Terminate all active subscriptions and tenant instances
  • Delete your account data and personal information
  • Remove access to all associated databases and services
  • Cancel any future billing

This action is irreversible. Please export any data you wish to keep before deleting your account.

International Data Transfers

Your data may be transferred to and processed in countries other than your own. Our primary infrastructure is located in the European Union (Finland), which provides strong data protection standards. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected information from a child, please contact us immediately and we will delete it.

Data Breach Notification

In the unlikely event of a data breach that affects your personal data, we will notify you and relevant authorities as required by law, typically within 72 hours of becoming aware of the breach.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: hello@stackbase.sh

For GDPR-related inquiries or to file a complaint, you may also contact your local data protection authority.