Unit311 Central

Platform security

All data is stored in Supabase where applicable. Otherwise, data may be held temporarily in the browser (React.js) or on Vercel ($10bn valuation infrastructure).

Supabase runs its managed cloud service on AWS infrastructure across multiple AWS regions. When you create a hosted Supabase project, your database and associated services are typically deployed on AWS.

Value

Benefit

PostgreSQL databases on AWS

Hosted PostgreSQL on AWS provides infrastructure-level protection for your data. These measures protect the database from infrastructure-level threats:

  • Physical data center security with restricted access and 24/7 monitoring.
  • Network isolation to protect databases from unauthorized access.
  • Encrypted storage for database files.
  • Automatic backups and disaster recovery to protect against data loss.
  • High availability through redundant AWS infrastructure.

Data encryption

Supabase protects data in transit and at rest. This prevents attackers from reading intercepted communications or stored data:

  • TLS/SSL encryption for all client-to-database communications.
  • Encryption at rest for database storage on AWS-managed infrastructure.

Row Level Security (RLS)

One of Supabase's strongest security features is PostgreSQL Row Level Security (RLS). RLS enables security policies that determine which rows each user can view or modify.

Authentication integration

Supabase integrates database security with its authentication system. When users log in:

  • They receive a JSON Web Token (JWT).
  • PostgreSQL uses the JWT to determine the user's identity.
  • RLS policies automatically enforce permissions based on that identity.
  • This eliminates the need to write custom authorization code for every database query.

Role-based access control

PostgreSQL roles help control database permissions across teams and services.

API security

Supabase automatically generates REST and GraphQL APIs from PostgreSQL. Security is enforced through:

  • JWT authentication.
  • RLS policies.
  • Database roles and permissions.

Secret management

Supabase distinguishes between publishable (anon) keys — safe to include in frontend applications when RLS is properly configured — and service role keys, which are highly privileged and intended only for trusted backend environments. Keeping service role keys secret is essential because they bypass RLS protections.

Monitoring and compliance

Supabase provides tools and certifications that help organizations monitor security and meet regulatory requirements:

  • Database connection logging.
  • Security configuration guidance.
  • Security Advisor tools.
  • SOC 2 Type II compliance for its hosted platform.
  • Optional HIPAA support for eligible projects.

Questions about security or compliance? Contact us.