ShipAI.today infrastructure reference
Supabase pricing: Free, Pro ($25/mo), and Team ($599/mo) explained.
Supabase is free to start, with no pausing on paid plans. Pro is $25/month per project and covers most SaaS apps. The unexpected costs come from usage overages — Auth MAUs, database storage expansion, bandwidth, and Edge Functions. Here's exactly what you'll pay and when the meter starts.
Plans overview
Supabase pricing plans at a glance
Three tiers. Free is for dev/prototyping. Pro is the production default. Team is for compliance-conscious companies.
Free
$0forever
Pro
$25/project/month
Team
$599/org/month
Usage billing
Supabase usage-based costs beyond the plan
These meters kick in after you exceed your plan's included limits. Pro's included amounts cover most early-stage SaaS.
Database storage
| Free included | 500 MB total | |
| Pro included | 8 GB total | Covers most apps up to ~100K rows |
| Pro overage | $0.125 per GB-month above 8 GB | Rarely needed early-stage |
A typical SaaS user record (auth + profile + settings + subscription) uses ~5–20 KB. At 10,000 users that's 200 MB — comfortably inside the Pro 8 GB limit. Only apps with heavy media metadata or time-series logs fill the database quickly.
Auth MAUs (Monthly Active Users)
| Free included | 50,000 MAUs/month | More than enough for early traction |
| Pro included | 100,000 MAUs/month | |
| Pro overage | $0.00325 per MAU above 100K | $325 per 100K additional users |
An MAU is a unique user that signs in or is active in any given month. Anonymous users (sign-in with magic links for the first time) also count. At $0.00325/MAU, 500K MAUs beyond the included limit costs ~$1,300/month — at which point you're a meaningful business.
Bandwidth (egress)
| Free included | 5 GB/month | |
| Pro included | 250 GB/month | Generous for REST/realtime API traffic |
| Pro overage | $0.09 per GB above 250 GB |
Standard Supabase REST API responses are small (JSON). High-bandwidth usage comes from Supabase Storage serving large files (images, PDFs, videos) directly from the CDN. For media-heavy apps, consider serving files from the CDN URL rather than via the API.
Edge Functions
| Free included | 500,000 invocations/month | |
| Pro included | 2,000,000 invocations/month | |
| Pro overage | $2 per 1M invocations above included | |
| Duration | 2M GB-seconds/month included on Pro | $0.09 per 1M GB-seconds overage |
Supabase Edge Functions run on Deno Deploy at the edge. At $2/million invocations, even a moderately busy SaaS is unlikely to exceed the Pro included limit. Only apps using Edge Functions for every API request (instead of Next.js route handlers) need to watch this.
File Storage
| Free included | 1 GB | |
| Pro included | 100 GB | |
| Pro overage storage | $0.021 per GB-month above 100 GB | Similar to S3 pricing |
| Pro overage bandwidth | Counted in bandwidth overage above |
Supabase Storage is backed by S3-compatible object storage. It's priced competitively with AWS S3. For apps with user-uploaded content, implement size limits per user (quota enforcement) to prevent runaway storage costs.
Realtime
| Free included | 200 concurrent connections, 2M messages/month | |
| Pro included | 500 concurrent connections, 5M messages/month | |
| Pro overage (connections) | $10 per 1,000 concurrent connections | |
| Pro overage (messages) | $2.50 per 1M messages above included |
Supabase Realtime enables live database subscriptions, presence, and broadcast. Most SaaS apps using realtime for a dashboard or activity feed won't exceed 500 concurrent connections on Pro. High-concurrency chat apps may hit limits.
Free plan gotcha
Free projects pause after 7 days of inactivity
This is the biggest footgun for new Supabase users. Here's how it works and how to avoid it.
What "pausing" means
If no database activity occurs for 7 days on a free project, Supabase automatically pauses it. All API calls return 503 errors while paused. Your data is safe — nothing is deleted. You can unpause manually from the Supabase Dashboard (takes ~30 seconds). Once unpaused, the 7-day inactivity clock resets.
Workarounds (while on the free plan)
Ping cron: Set up a cron job (GitHub Actions, Upstash QStash, or Vercel Cron) that queries your database every 5 days to keep it active.
Upgrade to Pro: The only permanent fix. Pro projects never pause, for $25/month.
Multiple free projects: You get 2 free projects — useful for separate dev and staging environments.
API keys
Supabase API keys: anon key vs service role key
Every Supabase project has two keys. Understanding the difference is critical for security.
anon / publishable key (NEXT_PUBLIC_SUPABASE_ANON_KEY)
What it is: A public JWT token valid for anonymous/authenticated users. Safe to embed in frontend code.
What it can do: Execute database queries that pass your Row Level Security (RLS) policies. If a user is authenticated via Supabase Auth, their user_id is embedded in the JWT for RLS evaluation.
Security: RLS must be enabled on all tables accessed with this key. Without RLS, all rows are accessible anonymously.
Where to find it: Supabase Dashboard → Settings → API → Project API keys → anon public
service_role key (SUPABASE_SERVICE_ROLE_KEY)
What it is: A secret JWT with full database access — bypasses all RLS policies.
What it can do: Read and write any row in any table, manage users, execute admin operations.
Security: Never expose this in frontend code or commit it to git. Only use on the server (Next.js route handlers, server actions, cron jobs).
Where to find it: Supabase Dashboard → Settings → API → Project API keys → service_role
Cost comparison
Supabase pricing vs Firebase, PlanetScale, and Neon
How Supabase's costs stack up against popular alternatives for early-stage SaaS.
| Platform | Free tier | Paid entry point | Best for |
|---|---|---|---|
| Supabase | 500 MB DB, 50K MAUs, no sleep on any tier actually pauses on free | $25/project/month (Pro) | Full-stack Postgres with Auth + Storage + Edge Functions |
| Firebase (Google) | 1 GB Firestore, 10K auth users/month | Pay-as-you-go (no flat fee) | Mobile apps, real-time, Google ecosystem |
| PlanetScale | 5 GB storage, 1 billion row reads/month | $39/month (Scaler) | High-scale relational, horizontal sharding |
| Neon | 512 MB storage, 1 project, compute pauses on inactivity | $19/month (Launch) | Serverless Postgres, branching, low base cost |
| Railway | $5 trial credit | $5/seat + usage | Postgres + Redis + deployments in one |
For Next.js SaaS, Supabase at $25/month is the most complete single-service: you get Postgres + Auth + Storage + Edge Functions + Realtime in one dashboard. Firebase requires vendor lock-in to Firestore's NoSQL model. Neon is cheaper at the low end but you need separate auth (better-auth or Clerk) and storage (S3).
Auth features
Supabase magic links and authentication
Supabase Auth is included in all plans. Here's what's available and how it's priced.
Magic links (passwordless email)
Send a one-time login link to an email address. Users click the link and are authenticated instantly — no password required. Configured under Authentication → Email → Enable Magic Link in the Supabase Dashboard.
const { error } = await supabase.auth.signInWithOtp({
email: "user@example.com",
options: {
emailRedirectTo: "https://yourapp.com/auth/callback",
},
});OAuth (social login)
Supabase supports GitHub, Google, Twitter/X, LinkedIn, Discord, Spotify, and more OAuth providers out of the box. Enable in Dashboard → Authentication → Providers. Each OAuth sign-in counts as an Auth MAU.
const { error } = await supabase.auth.signInWithOAuth({
provider: "github",
options: {
redirectTo: "https://yourapp.com/auth/callback",
},
});Server-side auth (Next.js App Router)
Use @supabase/ssr for Next.js. Create a server client via createServerClient() in route handlers and Server Components. Reads session from cookies — no client-side token passing needed.
import { createServerClient } from "@supabase/ssr";
import { cookies } from "next/headers";
const supabase = createServerClient(
process.env.NEXT_PUBLIC_SUPABASE_URL!,
process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
{ cookies: { getAll: () => cookieStore.getAll() } }
);
const { data: { user } } = await supabase.auth.getUser();Row Level Security (RLS)
RLS policies run inside Postgres and restrict data access based on the authenticated user's JWT. Enable RLS on every table, then write policies like: allow users to only see their own rows.
-- Allow users to read only their own rows
CREATE POLICY "Users can view own data"
ON profiles
FOR SELECT
USING (auth.uid() = user_id);
-- Allow insert for the authenticated user
CREATE POLICY "Users can insert own data"
ON profiles
FOR INSERT
WITH CHECK (auth.uid() = user_id);FAQ
Supabase pricing FAQ
How much does Supabase cost?
Free: $0. Pro: $25/month per project (includes 8 GB database, 100K MAUs, 250 GB bandwidth). Team: $599/month per organization (SOC2, HIPAA, SSO). Usage above included limits is billed at overage rates.
Is Supabase free?
Yes. The free tier has 2 projects, 500 MB database, 50K Auth MAUs, and 5 GB bandwidth. The main limitation: free projects pause after 7 days of inactivity. For production, upgrade to Pro ($25/month) to prevent pausing.
What is the Supabase publishable key?
The anon/publishable key (NEXT_PUBLIC_SUPABASE_ANON_KEY) is a public JWT for use in browser code. It's safe to expose. It respects Row Level Security. Find it: Supabase Dashboard → Settings → API → anon public.
How do Supabase magic links work?
Magic links are passwordless email logins. Call supabase.auth.signInWithOtp({ email }) — Supabase emails the user a one-time link. Clicking it creates a session. You can customise the email template under Auth → Email Templates. Magic link sign-ins count as Auth MAUs.
Do free Supabase projects get deleted?
No — free projects are not deleted, only paused (after 7 days of inactivity). Your data is fully preserved. Unpause manually from the dashboard in ~30 seconds. Note: Supabase has said they may change free tier limits in future, but won't delete data without notice.
Is Supabase cheaper than Firebase?
For most SaaS use cases, yes. Supabase Pro at $25/month is a flat fee covering database + auth + storage + realtime. Firebase uses pure pay-as-you-go with no flat fee — costs are lower at very small scale but less predictable. Supabase uses standard Postgres (SQL), which many developers prefer over Firestore's NoSQL model.
Related guides
More infrastructure pricing guides
Ready to ship
Supabase pre-configured in ShipAI.today
ShipAI.today ships with Supabase fully wired — server client, browser client, RLS-ready schema, magic links, GitHub OAuth, and Next.js App Router middleware. Start with Postgres-backed auth on day one.