Legal

Privacy Policy

Effective Date: March 1, 2026 Last Updated: March 3, 2026

1. Introduction

JioBase is a managed reverse proxy service that routes Supabase API traffic through Cloudflare's global edge network. The service is designed to bypass ISP-level DNS blocking of *.supabase.co in India, allowing developers to keep their applications functioning without infrastructure changes.

This Privacy Policy explains what personal data JioBase collects, how that data is used, and your rights regarding your information. It applies to all users of the JioBase website (jiobase.com), the JioBase dashboard, the JioBase management API, and the proxy infrastructure.

By registering for a JioBase account or using the service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this policy, please do not use the service.

Disclaimer: JioBase is an independent project operated by Sunith VS. It is not affiliated with, endorsed by, or connected to Supabase Inc., Cloudflare Inc., Jio Platforms Limited, or Reliance Industries. The name "JioBase" is a project name and domain, not a registered trade name or business entity.

2. Data Controller Information

Name Sunith VS
Role Individual Developer and Data Fiduciary
Location India
Website sunithvs.com
Email hi@sunithvs.com

3. Data We Collect

JioBase collects the minimum data necessary to provide the service. The data we collect falls into the following categories:

3.1 Account Data

Collected when you register for a JioBase account:

  • Email address - used as your unique identifier and for account communications
  • Password (hashed) - stored only as a PBKDF2 hash with 100,000 iterations using SHA-256. Your plaintext password is never stored
  • Name - used to personalize your dashboard experience

3.2 App Configuration Data

Collected when you create a proxy app:

  • App name - a label you choose for your proxy app
  • Slug - a unique subdomain identifier (e.g., myapp.jiobase.com)
  • Supabase project URL - the upstream Supabase URL your proxy routes traffic to

3.3 Usage Data

Collected automatically as your proxy handles requests:

  • Request counts - the total number of API requests processed by your proxy app
  • Timestamps - when each request was processed
  • HTTP status codes - the response status returned by Supabase (e.g., 200, 404, 500)
  • Response latency - the time taken to fulfill each proxied request

3.4 Session Data

Collected when you log in to the JioBase dashboard:

  • Session token - a randomly generated identifier stored in a secure cookie
  • IP address at login - recorded at the time of authentication
  • User agent - the browser and operating system used to access the dashboard

3.5 Technical Data

Collected automatically when you access the JioBase website or dashboard:

  • Browser type and version
  • Device type (desktop, mobile, tablet)
  • Referring URL

4. Data That Transits Our Infrastructure (NOT Collected)

This is the most important section of this policy. Because JioBase acts as a reverse proxy, all of your Supabase traffic flows through our infrastructure. However, JioBase's application code does not read, store, log, cache, or process the contents of this traffic. The proxy simply forwards requests to Supabase and returns responses to your client.

The following types of data pass through JioBase's proxy but are never collected, stored, logged, cached, or processed by JioBase:

  • API request and response payloads - the actual data your application sends to and receives from Supabase (database rows, JSON responses, form data)
  • Supabase authentication tokens (JWT) - your users' access tokens, refresh tokens, and session data managed by Supabase Auth
  • File upload and download content - images, documents, and other files transferred through Supabase Storage
  • WebSocket message payloads - Realtime subscription data, presence updates, and broadcast messages
  • Database query contents and results - SQL queries, PostgREST filter parameters, RPC function arguments, and returned data

Cloudflare's Role in Transit

JioBase runs on Cloudflare Workers. TLS encryption is terminated at Cloudflare's edge network, which means Cloudflare has technical access to the unencrypted request and response data in transit. This is standard for any service hosted behind Cloudflare and is necessary for the proxy to function. However, JioBase's application code does not access, inspect, or log payload contents at any point. Cloudflare's handling of data in transit is governed by Cloudflare's Privacy Policy.

5. How We Use Your Data

JioBase uses the data described in Section 3 for the following purposes:

  • Service operation - to authenticate you, route proxy traffic to the correct Supabase project, and display usage metrics in your dashboard
  • Rate limiting and quota enforcement - to track your usage against your plan limits (free tier: 1 app, 50,000 requests per month) and enforce rate limits
  • Abuse detection and prevention - to identify unusual traffic patterns that may indicate misuse of the service
  • Account communications - to send you essential service notifications such as quota warnings, security alerts, or changes to the terms of service
  • Service improvement - to analyze aggregated, anonymized usage patterns to improve the reliability and performance of the proxy

6. Legal Basis for Processing

JioBase processes your personal data under the following legal bases:

Consent (Registration)

By creating a JioBase account, you provide explicit consent for us to process your account data for the purpose of providing the service. You may withdraw this consent at any time by deleting your account.

Contractual Necessity

Processing of app configuration data and usage metrics is necessary to fulfill our contractual obligation to provide the proxy service, enforce plan limits, and display your usage dashboard.

Legitimate Interest

Processing of session data, technical data, and aggregated analytics is carried out in our legitimate interest to maintain the security, stability, and reliability of the service, and to prevent abuse.

7. Data Sharing and Third Parties

JioBase does not sell, rent, or trade your personal data to any third party. Data is shared only in the following limited circumstances:

Cloudflare, Inc. (Infrastructure Provider)

JioBase's entire infrastructure runs on Cloudflare's platform, including Workers (compute), D1 (database), KV (key-value storage), Pages (web hosting), and Analytics Engine (metrics). Cloudflare processes data as a sub-processor on our behalf and in accordance with their own privacy policy. You can review Cloudflare's Privacy Policy for details on how they handle data.

Law Enforcement and Legal Requirements

JioBase may disclose your personal data if required to do so by law, regulation, legal process, or enforceable governmental request. This includes responding to lawful requests from Indian authorities under the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023. We will notify you of such requests unless legally prohibited from doing so.

8. Data Retention

JioBase retains your data only for as long as necessary to provide the service and fulfill legal obligations:

Data TypeRetention Period
Account data (email, name, hashed password)While your account is active, plus 30 days after account deletion
App configuration dataWhile your account is active, plus 30 days after account deletion
Usage metrics (request counts, latency, status codes)12 months from the date of collection
Session dataExpires per session time-to-live (TTL) configuration
Transit data (API payloads, tokens, files, WebSocket messages)Not retained. This data passes through and is never stored.
System and infrastructure logsPer Cloudflare's retention policy (typically 72 hours)

9. Your Rights (Under DPDP Act, 2023)

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights:

Right to Access

You have the right to obtain a summary of your personal data held by JioBase, including the processing activities performed on that data. You can view most of your data directly through the dashboard. For a complete data export, contact us at hi@sunithvs.com.

Right to Correction

You have the right to correct inaccurate or incomplete personal data. You can update your name and email through the dashboard, or contact us for assistance.

Right to Erasure (Account Deletion)

You have the right to request the deletion of your personal data. When you delete your account, all associated data (account information, app configurations, and usage metrics) will be permanently removed within 30 days. To request account deletion, use the account settings page in the dashboard or contact us directly.

Right to Withdraw Consent

You may withdraw your consent for data processing at any time by deleting your account. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Right to Nominate

Under the DPDP Act, 2023, you have the right to nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity. To register a nominee, contact us at hi@sunithvs.com.

Right to Grievance Redressal

You have the right to file a complaint regarding the processing of your personal data. See Section 17 (Grievance Officer) for the complaint process and timelines.

10. Data Security

JioBase implements technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

  • Password hashing - all passwords are hashed using PBKDF2 with 100,000 iterations and SHA-256. Plaintext passwords are never stored or logged.
  • TLS encryption in transit - all connections to JioBase (both from clients and to Supabase) use TLS encryption. Connections without TLS are rejected.
  • Cloudflare infrastructure security - all data at rest in D1 and KV is encrypted by Cloudflare. Cloudflare's data centers implement physical security controls and are SOC 2 Type II certified.
  • Secure session cookies - the jb_session cookie is configured as HTTP-only and Secure, preventing client-side JavaScript access and ensuring transmission only over HTTPS.
  • Timing-safe authentication - login and session validation use constant-time comparison functions to prevent timing-based attacks.
  • Rate limiting and lockout - login endpoints implement rate limiting and account lockout mechanisms to prevent brute-force attacks.

11. Cookies

JioBase uses a single cookie that is strictly necessary for the service to function:

CookiePurposeType
jb_sessionAuthenticates your session when logged in to the dashboardStrictly necessary, HTTP-only, Secure

JioBase does not use any tracking cookies, analytics cookies, advertising cookies, or third-party cookies. No cookie consent banner is required because the sole cookie used is strictly necessary for the service to function.

12. Children's Privacy

JioBase is a developer tool intended for use by software developers and businesses. The service is not directed at individuals under the age of 18. JioBase does not knowingly collect personal data from children under 18. If you believe that a child under 18 has provided personal data to JioBase, please contact us at hi@sunithvs.com, and we will promptly delete the data and terminate the associated account.

13. International Data Transfers

JioBase processes data on Cloudflare's global edge network, which spans over 300 cities in more than 100 countries. Your data may be processed at any of Cloudflare's data center locations worldwide, including locations outside of India. Cloudflare applies consistent security and privacy protections across its entire network, regardless of location. By using JioBase, you acknowledge that your data may be transferred to and processed in locations outside India as part of Cloudflare's standard infrastructure operations.

14. DPDP Act, 2023 Compliance

JioBase is committed to compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act). As a Data Fiduciary under the Act, JioBase adheres to the following obligations:

  • Consent - JioBase obtains clear, informed consent at the time of account registration. Consent is specific to the purposes described in this policy and can be withdrawn at any time.
  • Purpose limitation - personal data is processed only for the specific purposes described in Section 5 of this policy. Data is not repurposed without obtaining fresh consent.
  • Storage limitation - personal data is retained only for the durations specified in Section 8. Data is deleted when it is no longer necessary for the stated purpose or upon your request.
  • Data accuracy - JioBase provides mechanisms for you to review and correct your personal data through the dashboard and by contacting the Grievance Officer.
  • Reasonable security safeguards - JioBase implements the technical and organizational security measures described in Section 10 to protect personal data against breaches.

15. CERT-In Compliance

JioBase complies with the directions issued by the Indian Computer Emergency Response Team (CERT-In) under Section 70B of the Information Technology Act, 2000:

  • Incident reporting - cybersecurity incidents, including data breaches, unauthorized access, and service disruptions, will be reported to CERT-In within the mandated timeframe of 6 hours of becoming aware of the incident.
  • Log retention - system logs relevant to cybersecurity are maintained within Cloudflare's infrastructure. JioBase cooperates with Cloudflare to ensure logs are available for the periods mandated by CERT-In directives.
  • Point of contact - the Grievance Officer named in Section 17 serves as the designated point of contact for CERT-In communications.

16. Intermediary Status

JioBase operates as an intermediary under Section 2(1)(w) of the Information Technology Act, 2000. As a reverse proxy service, JioBase functions as a mere conduit for data transmitted between your application's end users and your Supabase project.

Under Section 79 of the IT Act, JioBase is eligible for safe harbor protection because:

  • JioBase's role is limited to providing access to a communication system over which data is transmitted or temporarily stored
  • JioBase does not initiate the transmission, select the receiver of the transmission, or select or modify the information contained in the transmission
  • JioBase observes due diligence as required under the IT Act and applicable rules

You, as the developer, remain solely responsible for the data that your application transmits through the proxy and for ensuring that your use of Supabase complies with applicable laws.

17. Grievance Officer

In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, JioBase has appointed the following Grievance Officer:

Name Sunith VS
Email hi@sunithvs.com

Complaint process: If you have a concern about how JioBase handles your personal data, you may submit a written complaint to the Grievance Officer at the email address above.

  • Your complaint will be acknowledged within 24 hours of receipt
  • The Grievance Officer will investigate and resolve your complaint within 15 days of acknowledgment
  • If you are not satisfied with the resolution, you may escalate the matter to the Data Protection Board of India established under the DPDP Act, 2023

18. Changes to This Privacy Policy

JioBase may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

  • We will provide at least 30 days' notice before material changes take effect
  • Notice will be provided via email to the address associated with your account
  • The "Last Updated" date at the top of this page will be revised
  • Continued use of the service after the effective date of the updated policy constitutes acceptance of the changes

19. Contact Information

If you have any questions about this Privacy Policy, your personal data, or your rights, you can reach us through the following channels:

Email hi@sunithvs.com
Website sunithvs.com