This analysis describes what Supabase's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The clause establishes the operational basis for federated authentication and specifies the categories of user data that flow from third-party identity providers to Supabase. This framework determines which data Supabase obtains through SSO authorization and how that data is processed for service delivery and user communications.
The updated policy discloses that Supabase may use business contact information, including email domains, to identify organizations for sales and marketing outreach. The policy now explicitly states that personal information will be shared with Customer.io, a marketing communications service provider. For marketing communications, the policy relies on user consent for three purposes: sending marketing messages, using approximate location information to determine relevant communications, and combining personal information from different sources for relevance determination. These three consents operate independently, meaning you can grant or withdraw any of them without affecting the others. You can manage these marketing-related consents separately through the consent mechanisms available in your account or in response to marketing communications.
View change record →Users who authenticate via SSO authorize Supabase to receive and process specified profile data from third-party identity providers. The terms authorize Supabase to use this data for account operation, service maintenance, and delivery of transactional and service-related communications.
Cross-platform context
See how other platforms handle Single Sign-On and Third-Party Account Data and similar clauses.
Compare across platforms →Monitoring
Supabase has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Single Sign-On. We use single sign-on ("SSO") such as GitHub to allow a user to authenticate their account using one set of login information. We will have access to certain information from those third parties in accordance with the authorization procedures determined by those third parties, including, for example, your name, username, email address, language preference, and profile picture. We use this information to operate, maintain, and provide to you the features and functionality of the Service. We may also send you service-related emails or messages (e.g., account verification, purchase confirmation, customer support, changes or updates to features of the Site, technical and security notices).— Excerpt from Supabase's Supabase Privacy Policy
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The clause establishes the operational basis for federated authentication and specifies the categories of user data that flow from third-party identity providers to Supabase. This framework determines which data Supabase obtains through SSO authorization and how that data is processed for service delivery and user communications.
Users who authenticate via SSO authorize Supabase to receive and process specified profile data from third-party identity providers. The terms authorize Supabase to use this data for account operation, service maintenance, and delivery of transactional and service-related communications.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Supabase.