Your data security is our priority
Supaview is built with enterprise-grade security from the ground up. We protect your Supabase analytics data with the same rigor we expect for our own.
Infrastructure & Data Protection
- Hosted on Vercel with enterprise-grade infrastructure, automatic scaling, and DDoS protection
- TLS 1.3 encryption for all data in transit and AES-256 for data at rest
- OAuth 2.0 authentication via Google & GitHub with two-factor authentication (2FA) support
- Role-based access control and comprehensive audit logging for all access events
- Regular security audits, automated vulnerability scanning, and dependency monitoring
AI SQL Guardrails
Our AI-powered SQL generation is designed with multiple layers of protection to ensure safe, read-only queries that won't modify or compromise your data.
- Read-only enforcement — INSERT, UPDATE, DELETE, DROP, and other modifying statements are automatically blocked
- SQL validation layer — every query is analyzed for dangerous patterns before execution
- Schema-aware generation — queries are generated only from your actual database schema
- Execution limits — strict timeouts, row limits, and resource constraints prevent runaway queries
- User approval required — AI-generated queries are never executed automatically; you always review and approve first
Token Storage & Credentials
Your Supabase access tokens and API credentials are stored with enterprise-grade security measures to prevent unauthorized access.
- AES-256 encryption for all tokens at rest, with keys managed through Supabase Vault
- Pgsodium encryptionleveraging Supabase's built-in cryptographic extension with libsodium's verified algorithms
- Minimal scope access — we request only the permissions needed for analytics and monitoring
- Instant revocation — revoke access anytime to immediately invalidate stored tokens
- Your data stays in Supabase — we never copy or store your actual database data; queries run in real-time against your instance
Supabase OAuth Integration
We connect to your Supabase projects using the official Supabase OAuth integration. This provides a secure, standardized way to access your projects without ever handling your database credentials directly.
- Official Supabase OAuth flow— you authorize Supaview directly through Supabase's secure authentication portal
- No service role keys — we never ask for or store your service role keys; OAuth provides scoped access tokens instead
- Scoped permissions — we request only the minimum permissions needed to run analytics queries and read schema metadata
- Revoke anytime — disconnect Supaview from your Supabase dashboard at any time to immediately revoke all access
- Transparent authorization— you see exactly which projects you're granting access to before connecting
Report a Vulnerability
We welcome security researchers and appreciate responsible disclosure. If you discover a security vulnerability in Supaview, please report it to us.
We aim to respond within 48 hours