Supabase has changed what's possible for solo builders. A full Postgres database, authentication, file storage, and edge functions — all for free, up to the generous limits of their free tier.
We run several production products on Supabase. Here's what we've learned.
What the free tier actually includes
- Database: 500MB Postgres database
- Auth: Unlimited users, email/password, magic links, OAuth
- Storage: 1GB file storage
- Edge Functions: 500K invocations/month
- Realtime: 200 concurrent connections
For a small product, this is plenty.
Row Level Security is non-negotiable
Supabase exposes your database via an API that runs from the browser. Without Row Level Security (RLS), any user could read any row.
Always enable RLS. Always write policies before going live.
-- Example: users can only see their own records
ALTER TABLE links ENABLE ROW LEVEL SECURITY;
CREATE POLICY "Users see own links"
ON links FOR SELECT
USING (auth.uid() = user_id);
Use the generated types
Supabase can generate TypeScript types from your database schema. Run this and commit the output:
npx supabase gen types typescript --project-id your-project-id > types/supabase.ts
This catches schema mismatches at compile time rather than runtime.
Free tier limits to watch
The free tier pauses projects after 7 days of inactivity. For production apps, either upgrade to Pro or implement a simple ping to keep it active.
Database connections are limited — use connection pooling via the pooler URL, not the direct connection string.
The verdict
For early-stage products, Supabase free is genuinely excellent. We've shipped and iterated multiple products without ever needing to upgrade. When you do outgrow it, the upgrade path is straightforward.