Privacy policy
Last updated: July 2, 2026
Overview
SupaDownload helps you export SQL backups from Supabase PostgreSQL databases. This policy explains what we collect, what we do not store, and how data flows through the service.
Account information
When you create an account, authentication is handled by Supabase Auth. We store your email and authentication session via secure cookies. We use your account to enforce export rate limits and keep you signed in.
Database connection strings
We do not store your database connection strings. When you start an export, your connection string is sent over HTTPS to our server only for the duration of that request. It is used to connect to your database, stream a SQL file back to your browser, and then discarded. Connection strings are not written to disk, databases, or logs (passwords are masked in server error logs).
Export rate limits
To prevent abuse, we record when your account last completed a successful export (a timestamp only). This does not include any database credentials or export contents.
What we do not collect
- Contents of your database or exported SQL files after the download completes
- Storage bucket files from your Supabase project
- Payment information (SupaDownload is free to use)
Third-party services
The app is hosted on Vercel and uses Supabase for authentication. We use Vercel Analytics to collect anonymous page-view statistics (no connection strings or database data). Your use of those services is also governed by their respective privacy policies. Database connections during export are made directly from our server to Supabase-hosted PostgreSQL endpoints you authorize.
Error monitoring
If configured by the operator, anonymous error reports may be sent to Sentry to help diagnose failures. These reports do not include connection strings or database contents.
Contact
Questions about this policy? Open an issue or contact the project maintainer through your usual support channel.
See also our terms & disclaimer.