Security at Supabase
Supabase is trusted by thousands of developers for building and deploying secure applications.
Data Encryption
All customer data is encrypted at REST with AES-256 and in transit via TLS.
Sensitive information like access tokens and keys are encrypted at the application level before they are stored in the database.
Github security integration
We have partnered with GitHub to scan for Supabase service role API keys. If any Supabase API keys are pushed to GitHub, they are automatically revoked.
Role-based access control
Members of organizations in Supabase can be granted access to specific resources.
Backups
All customer databases are backed up every day.
Enterprise customers have access to Point in Time Recovery which enables restoring the database to any point in time.
Payment processing
Supabase uses Stripe to process payments and does not store personal credit card information for any of our customers.
Stripe is a certified PCI Service Provider Level 1, which is the highest level of certification in the payments industry.
Request for our SOC2 documents
As a database company, being SOC2 compliant is important when handling sensitive customer data. Access more of Supabase’s security information by requesting for our latest SOC2 documents below.