(I'm on the supabase team)

I'd also like to offer some corrections to the linked post:

- Supabase is SOC2 type 2 and HIPAA compliant (https://supabase.com/security)

- Supabase works with all the same Postgres tooling that neon does (dbeaver, PgHero, PgAdmin, etc.)

- Supabase also offers integrations with Auth0, Clerk, and Okta etc.

- Supabase does offer verify-full SSL mode

- Supabase encrypts data in transit and at rest

- Supabase does offer pg_stat_statements and additionally the newer pg_stat_monitor

And I just want to call out that this author works for neon (self-proclaimed: https://www.reddit.com/r/SideProject/comments/1dy2r8b/commen...)

(I work for Neon.) The author does not work for Neon. He did some one-time consulting work for us earlier this year. We didn't review or have input on this article. I'm sure he'll be happy to update it with the Supabase corrections he is a great guy who is trying to be genuinely helpful.

thanks for the feedback... I'll update the post but check with your founder (Paul).

I messaged Paul on Twitter on Sunday before even sharing the post to get feedback if any as I don't want any confusion like you had last time on Reddit.

and I genuinely like both databases and other awesome developer tools.

pls show some fighting spirit.

PS- I'm no longer working with Neon.

happy to show the bank statement :)

This is true! Supabase db after all is "just" Postgres. In fact it's one of our product principles to adopt existing open source projects before writing our own.

You're also correct on the second bit, everything in the stack is MIT, apache2, postgres licensed so it would have been ok to run a closed fork if we'd have been that way inclined.

Maybe I should have addressed this one more directly in the post.

>Your users can just host their own version instead of paying you.

The main value in Supabase (the hosted service) is we do the hosting, maintenance, monitoring, compliance, security etc. which otherwise requires (expensive) in-house expertise.

This should be enough without needing to resort to deliberately leaving out features, and I think this generalizes to other products as well (sentry, plausible, the-open-source-strava-alternative, etc.)

Great point! I should probably add that to the article. In our case (Supabase) we have indeed spent the last few years working on compliance (SOC2, HIPAA, GDPR etc.) in order to meet these requirements so your comment here is on point.

Business value only matters if you can capture it.

Probably poor word choice from me but when I reference superior distribution I'm assuming 'value-capture'.

I thought you were saying you'd have greater distribution if you give stuff away free, but in that case it's much more difficult to capture value from it. Everyone wants free stuff.

I wrote a bit about why we’ll stay remote at Supabase (https://supabase.com/blog/why-supabase-remote), there’s plenty of drivers both on the company side and on the employee side.

we integrated Gotrue with PostgREST at Supabase and it works beautifully together https://github.com/supabase/gotrue (forked from Netlify)

Broken how? Feel free to open an issue on http://GitHub.com/supabase/gotrue/issues

> That's why PG has been adopted by Heroku early on, to the new Heroku-like render, and Supabase. They can offer a low or even free database plan because they can serve many users with a single PG instance.

Just a note to say every Supabase free tier deployment is a dedicated instance

Imo the hardest part is timing - meeting like minded people who are ready and available to start building now.

The best solution I’ve seen so far is https://joinef.com , they run programs in a bunch of major cities.