unbubble.dev

Privacy Policy

Privacy Policy

This Privacy Policy explains what unbubble.dev processes, why it processes that information, and what rights you have in relation to that processing.

Last updated: April 3, 2026Operator: Ricardo Loureiro Nunes de Carvalhoricardo.lncarvalho@gmail.com

Controller

The controller for data handled through unbubble.dev is Ricardo Loureiro Nunes de Carvalho. You can contact us about privacy matters at ricardo.lncarvalho@gmail.com.

What account and project data we process

  • Email address and account login information.
  • Authentication provider information from Supabase Auth, Google, and GitHub.
  • Account metadata such as signup date and provider avatar metadata where available.
  • Project metadata such as project name and Bubble app URL.
  • Project membership and role information needed to operate the workspace.

Sensitive project credentials and configuration

Depending on which features you use, unbubble.dev may process and store:

  • Bubble API keys.
  • Postgres connection strings.
  • Supabase project refs.
  • Supabase secret keys.

Those stored credentials are intended to be stored encrypted and not returned back to the frontend after they are saved. Access is meant to be limited to what is necessary to operate the service, troubleshoot issues, and maintain security.

How migration-related processing works

unbubble.dev may read schema, files, records, user-account information, and related app data that you make available through your Bubble app, APIs, storage, and destination systems in order to perform export, migration, sync, troubleshooting, and validation tasks.

The service is intended to move or map that information into your chosen Postgres, Supabase, storage, and auth environment. The app mainly stores configuration, schema-related information, migration status, run history, and operational logs rather than persistently storing full migrated customer datasets inside unbubble.dev itself.

Public preview data

If you submit a public Bubble app URL to the preview feature, unbubble.dev may fetch and store already-public metadata from that app, including page names, visible data types, option sets, favicon metadata, app name information, and similar public-facing details.

Because this preview data comes from a public Bubble app URL and reflects information already accessible on the public internet, preview results are not private in the same way as authenticated project data.

Why we process data

  • To create and manage user accounts and project workspaces.
  • To validate credentials, connections, and setup requirements.
  • To perform Bubble export, sync, file migration, and user-account migration tasks.
  • To provide operational logs, run history, previews, troubleshooting, and security safeguards.
  • To communicate about support, abuse prevention, and legal or compliance matters where needed.

Legal bases

  • Contract or pre-contract steps when we create accounts, set up projects, and deliver the requested service.
  • Legitimate interests in keeping the service secure, preventing abuse, maintaining logs, and debugging issues.
  • Legal obligations where disclosure, retention, or compliance steps are required by law.

Recipients and processors

unbubble.dev relies on third-party services that may receive or process information as part of delivering the product, including:

  • Supabase.
  • Bubble.
  • Google OAuth.
  • GitHub OAuth.
  • Hosting, infrastructure, and support providers that may be added as the service evolves.

International transfers

Because unbubble.dev uses third-party infrastructure and authentication services, personal data and project information may be processed outside your country, including outside the EEA. Where relevant, those transfers depend on the safeguards offered by the providers involved.

Retention and deletion

We keep account, project, preview, and operational data for as long as it is reasonably needed to operate the service, provide support, maintain security, comply with legal obligations, and resolve disputes.

You can delete stored credentials and project configuration through the service where those controls are available, and you can also revoke access by rotating or regenerating the underlying Bubble, Supabase, or database credentials. If you need additional project-linked cleanup, contact us at ricardo.lncarvalho@gmail.com.

Your rights

Subject to applicable law, you may have rights to:

  • Access your personal data.
  • Correct inaccurate data.
  • Request deletion of personal data.
  • Object to certain processing.
  • Request restriction of processing.
  • Request portability where applicable.
  • Complain to a supervisory authority, including the CNPD in Portugal if appropriate.

Contact

For privacy requests or questions about this Policy, contact ricardo.lncarvalho@gmail.com.