MVP Factory Base
LoginRegister

Effective date: May 30, 2026

Privacy Policy

Information We Collect

MVP Factory collects the information needed to provide authenticated web and mobile workflows: account identifiers, email address, profile details, organization membership, role, operational records, uploaded files, audit events, internal notifications, and support requests.

When you use the mobile app or dashboard, we may process technical information such as session cookies, device type, browser or app version, IP address, user agent, timestamps, and security logs. The app does not request location, contacts, camera, microphone, SMS, phone, or advertising identifier permissions by default.

How We Use Information

We use information to authenticate users, authorize organization-scoped access, operate records and file workflows, show internal notifications, maintain audit logs, provide support, prevent abuse, troubleshoot issues, and meet legal or security obligations.

If Google login is enabled for a client, Google account information is used only for authentication through Supabase Auth. We do not sell Google user data or use it for advertising.

Sharing and Processors

Data is processed by service providers that operate the application, including Supabase for authentication, database, and storage, Vercel for web hosting, Expo for mobile build and update infrastructure, and Infisical for production secret management. Client deployments may add approved providers such as email, analytics, or payment processors.

We do not sell personal information. We may disclose information when required by law, to protect the service, or to fulfill instructions from the organization that controls the workspace.

Retention, Security, and Your Choices

Organization data is retained while the workspace is active unless deletion is requested or a legal obligation requires retention. Audit logs may be retained for security, troubleshooting, and compliance evidence. Uploaded files are stored in private organization-scoped buckets protected by membership and role policies.

You may request access, correction, export, or deletion of account data through the configured support address. Organization owners may also manage membership and access inside the dashboard.

Children and International Use

The service is intended for business use and is not directed to children under 13. Data may be processed in countries where our providers operate, using safeguards appropriate to the selected client deployment.