Security at Supabase
Supabase is trusted by thousands of developers for building and deploying secure applications.
Supabase is SOC2 Type 2 compliant. Enterprise and Teams customers can request a copy of our SOC2 report here.
Supabase is HIPAA compliant. Enterprise and Teams customers can request to sign our BAA here.
All customer data is encrypted at REST with AES-256 and in transit via TLS.
Sensitive information like access tokens and keys are encrypted at the application level before they are stored in the database.
Github security integration
We have partnered with GitHub to scan for Supabase service role API keys. If any Supabase API keys are pushed to GitHub, they are automatically revoked.
Role-based access control
Members of organizations in Supabase can be granted access to specific resources.
All customer databases are backed up every day.
Point in Time Recovery allows restoring the database to any point in time. Customers from the Pro plan have access to this feature as an add-on.
Supabase uses Stripe to process payments and does not store personal credit card information for any of our customers.
Stripe is a certified PCI Service Provider Level 1, which is the highest level of certification in the payments industry.
As a database company, being SOC2 compliant is important when handling sensitive customer data. Access Supabase’s security policies by requesting for our latest SOC2 report.
You can build healthcare apps on our hosted platform once you enter into a Business Associate Agreement (BAA) with us and fulfill your HIPAA obligations under our shared responsibility model.