Privacy Policy

Last updated: June 19, 2025

Welcome to Supapen ("we," "our," or "us"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website supapen.com and our browser extension (collectively, the "Service"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the service.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last Updated" date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Service after the date such revised Privacy Policy is posted.

1. Information We Collect

We may collect information about you in a variety of ways. The information we may collect via the Service includes:

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Profile data such as your avatar image

We collect this information through better-auth for authentication purposes when you sign up and log in using a one-time password.

Code and Usage Data

To provide AI-powered assistance, our service needs to access the code in your CodePen projects. This code is used as context for the AI and to provide you with relevant suggestions and modifications.

We also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a browser extension ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. For our browser extension, we may collect data on your interactions with the extension's features.

We use PostHog for product analytics to understand how you use our features and to improve the service.

2. How We Use Your Information

Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Service to:

  • Create and manage your account.
  • Provide, operate, and maintain our Service.
  • Improve, personalize, and expand our Service.
  • Understand and analyze how you use our Service.
  • Develop new products, services, features, and functionality.
  • Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the Service, and for marketing and promotional purposes.
  • Process your transactions.
  • Send you emails, such as one-time passwords and important notices.
  • Find and prevent fraud and abuse.
  • For compliance purposes, including enforcing our Terms of Service, or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.

3. Disclosure of Your Information

We do not sell your personal information. We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

By Law or to Protect Rights

If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.

Third-Party Service Providers

We may share your information with third parties that perform services for us or on our behalf, including data storage, hosting services, AI model providers, analytics, email delivery, and error monitoring. We use the following third-party services:

  • Stripe: For handling payments.
  • Supabase: We use Supabase for our PostgreSQL database to store your user data, including profile information and chat history.
  • OpenRouter: We use OpenRouter to route requests to various Large Language Models (LLMs) to power our AI features. The code you provide as context is sent to them to generate responses.
  • PostHog: For product analytics to understand user behavior and improve our service.
  • Vercel: Our landing page and APIs are hosted on Vercel. Vercel may collect access logs that include your IP address.
  • Resend: We use Resend to send transactional emails, such as one-time passwords for authentication.
  • Sentry: For error monitoring and bug tracking to help us identify and fix issues with the service.

We only share the minimum information necessary for these third parties to perform their functions. They are obligated not to disclose or use it for any other purpose.

4. Data Security

We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

5. Data Retention

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

6. Your Data Protection Rights

Depending on your location, you may have the following rights regarding your personal information:

  • The right to access – You have the right to request copies of your personal data.
  • The right to rectification – You have the right to request that we correct any information you believe is inaccurate.
  • The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
  • The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
  • The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

7. Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

9. Contact Us

If you have any questions about this Privacy Policy, you can contact support.