This analysis describes what Supabase's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision delineates the operational scope of data collection and retention by Supabase regarding payment transactions. By delegating payment processing to third parties and explicitly not retaining financial data, the provision clarifies that Supabase's data handling obligations do not extend to sensitive payment credentials, which remain subject to the payment processor's independent privacy terms.
The updated policy discloses that Supabase may use business contact information, including email domains, to identify organizations for sales and marketing outreach. The policy now explicitly states that personal information will be shared with Customer.io, a marketing communications service provider. For marketing communications, the policy relies on user consent for three purposes: sending marketing messages, using approximate location information to determine relevant communications, and combining personal information from different sources for relevance determination. These three consents operate independently, meaning you can grant or withdraw any of them without affecting the others. You can manage these marketing-related consents separately through the consent mechanisms available in your account or in response to marketing communications.
View change record →Users' payment information, including credit card numbers, is transmitted directly to Stripe rather than through Supabase's systems, and Supabase does not store this financial data. Users' financial information handling is therefore governed by Stripe's separate privacy notice rather than Supabase's policy.
How other platforms handle this
When you initiate a payment transaction using Google Pay with any party other than a Seller (such party is a 'Third Party' and such transaction is a 'Third-Party Transaction'), Google may pass details of your Payment Method and related information to the Third Party so that it can charge your Paymen...
Fees do not include any taxes, duties, or assessments that may be owed by Customer for use of the Services ("Taxes"), unless otherwise specified in the applicable invoice. Customer is responsible for remitting any necessary withholding Taxes to the relevant authority on a timely basis and providing ...
Airbnb Payments will collect the Total Fees at the time of booking confirmation (i.e. when the booking request is accepted by a Host for instant bookings). In the event of a cancellation, Airbnb Payments will refund the Guest in accordance with the Host's cancellation policy, and any refund will be ...
Monitoring
Supabase has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you make a purchase or payment on the Site, such as for a subscription, we collect transactional information provided in connection with your purchase or payment. Please note that we use third party payment processors, including Stripe, to process payments made to us. As such, we do not retain any personally identifiable financial information such as credit card numbers. Rather, all such information is provided directly by you to our third-party processor. The payment processor's use of your personal information is governed by their privacy notice. To view Stripe's privacy notice, please visit: https://stripe.com/privacy.— Excerpt from Supabase's Supabase Privacy Policy
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision delineates the operational scope of data collection and retention by Supabase regarding payment transactions. By delegating payment processing to third parties and explicitly not retaining financial data, the provision clarifies that Supabase's data handling obligations do not extend to sensitive payment credentials, which remain subject to the payment processor's independent privacy terms.
Users' payment information, including credit card numbers, is transmitted directly to Stripe rather than through Supabase's systems, and Supabase does not store this financial data. Users' financial information handling is therefore governed by Stripe's separate privacy notice rather than Supabase's policy.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Supabase.