最近融资 01
$200M Series D [CO019] 尽调报告
Supabase
驱动 AI 应用生成的开源 Firebase 替代品
Supabase 确实拿到平台牵引力,也有产品深度;但公开披露有限,削弱了在 $2B 估值下的投资置信度。
封面要素
公司概况
Supabase 是一家位于 San Francisco 的开源后端平台,2020 年由 Paul Copplestone 和 Ant Wilson 创立。公司把 Postgres、身份验证、实时订阅、存储、自动生成 API、边缘函数和向量能力打包进托管或自托管开发者平台,再靠用量计费的云方案和企业治理、支持功能变现。公开证据显示,Supabase 的开发者分发异常强,企业采用也有可信信号,但公司披露的财务细节仍然有限。
- 成立时间
- 2020-01-01
- 创始人
- Paul Copplestone, Ant Wilson
- 创立地点
- San Francisco, CA, USA
- 总部
- San Francisco, CA, USA
- 产品
- 开源后端平台,在托管和自托管部署中提供 Postgres 数据库、身份验证、实时订阅、文件存储、自动生成 API 和边缘函数。
- 客户
- 构建 Web 和移动应用的个人开发者、初创公司和企业。
- 商业模式
- 用量计费 SaaS,提供免费自助入口、付费 Pro 和 Team 方案、企业合同,以及自托管选项。
- 阶段
- Series D
- 融资情况
- 2025 年 4 月完成 $200M Series D,估值 $2B,由 Accel 领投。
执行摘要
主要优势
- 一体化开源 Postgres 平台把数据库、身份验证、存储、实时能力、API 和边缘函数打包进同一个开发者工作流。
- 开发者分发强:7M+ 注册开发者、16M+ 个已创建数据库、100k GitHub stars。
- 从免费 / 自助计划到企业治理和支持,商业化阶梯清晰;GitHub、PwC、Mozilla、Epsilon3 等具名客户进一步背书。
- $200M Series D 融资给了 Supabase 继续投入可靠性和企业化成熟工作的资本。
主要风险
- 收入、ARR、毛利率、NRR 和员工数仍未披露,或只能从彼此冲突的第三方估计中获取。
- 2026 年 2 月区域宕机之后,加上缺少自动跨区域故障转移,托管云可靠性仍是实时尽调问题。
- 商业化要把巨大的开源漏斗转成耐久的 Team 与 Enterprise 收入;同时 Firebase、超大规模云厂商和 Postgres 专业厂商还在持续压缩差异化。
未决问题
- 权威 ARR 或收入、毛利率、烧钱速度和 NRR 均未公开披露。
- 免费 / 开源使用向 Team 和 Enterprise 队列的转化,以及客户集中度,仍不透明。
- 当前员工数、法律实体与总部口径,以及后续轮融资历史,在公开来源之间仍相互冲突。
目录
01公司概况
1.1 身份、产品与运营版图
Supabase 眼下最清晰的身份,不是泛化的后端即服务(BaaS)厂商,而是一个 Postgres 开发平台:它试图用开源组件给开发者一套类似 Firebase 的体验。官网、文档和 GitHub 代码仓库都讲着同一套架构故事:每个项目都是一个独立 Postgres 集群,外面包上身份验证、自动生成 API、Edge Functions、Realtime、Storage 和向量工具。变现逻辑是托管云加企业增购,而不是闭源锁定。官方价格显示有免费层、$25 的 Pro 层和 $599 起的 Team 层;代码仓库和 YC 页面也强调自托管和可移植性。这个组合很关键,因为 Supabase 可以同时像开源基础设施、托管开发者 SaaS 产品,也像一个不改变技术重心就能扩进企业账户的平台。身份不够清楚的地方在地理位置。YC 和公司页面称 Supabase 完全远程,独立轮次报道说它位于 San Francisco,Tracxn 则把业务绑定到一个 Singapore 法律实体。做尽调时,最稳妥的工作判断是远程优先,但法律总部和运营总部仍有未解区别,而不是认定一个来源充分的单一总部。[CO003, CO004, CO005, CO006, CO007, CO008]
| 指标 | 数值 / 状态 | 日期 / 锚点 | 置信度 | 缺口 / 注意事项 |
|---|---|---|---|---|
| 成立 | 2020 | 历史 | 高 | 成立年份证据充分,但确切注册时间和司法管辖区细节需要公司登记记录 |
| 总部 / 业务足迹 | 远程优先;公开来源也指向旧金山和一家新加坡法律实体 | 当前 | 低 | 经营总部、法律住所和税务关联地无法在留存来源中清晰对齐 |
| 产品定位 | Postgres 开发平台和开源 Firebase 替代方案 | 当前 | 高 | 官方和独立表述在定位上趋同,尽管具体标语措辞不同 |
| 商业模式 | 托管云订阅和企业增购;Free、Pro($25)和 Team($599)锚点公开 | 当前 | 高 | Team 以上的企业价格需定制,按用量计费的超额费用仍然重要 |
| 最新融资 | $200M Series D,估值 $2B | 2025-04-22 | 高 | 后续私营公司数据库条目与这段历史冲突,暂按未解决处理 |
| 上一轮融资锚点 | 约 $80M,约早七个月 | 2024-09 | 中 | 准确轮次标签和完整条款清单尚未从留存一手来源中完全还原 |
| 累计融资 | Series D 后约 $396M-$398M | 2025-04 至 2026-05 | 中 | 区间取决于四舍五入,以及是否计入很小的早期资本;Tracxn 后续数据存在冲突 |
| 可支撑的当前规模计数 | 7M+ 注册开发者、98k+ GitHub 星标、16M+ 已创建数据库 | 2026 年当前官方页面 | 中 | 其他来源提到 1.7M、2M 或 8M 开发者,意味着定义和时间戳不同 |
| 员工数 | 留存公开证据无法支撑 | 当前 | 低 | TapTwice 估计约 124 名员工,Tracxn 则称截至 2026 年 4 月为 351 人 |
| 收入 / ARR | 未留存公司披露的权威数字 | 仅 2025 年估计 | 低 | TapTwice 收入估计与 Sacra ARR 估计不可直接比较 |
各行有意把权威事实和当前模糊项分开,方便后续章节复用正确锚点,并把未获支撑的指标保留为缺口,而不是制造虚假精确度。
[CO001, CO003, CO006, CO007, CO008, CO009]Supabase 的公司形态把开源 Postgres 根基、托管云商业化、开发者采用、企业扩张和运营风险连在一起。
[CO003, CO004, CO005, CO007, CO008, CO014]1.2 创始人、治理与资本基础
领导层和资本比正式治理更容易锚定。用户提供的框架、TechCrunch、Tech Funding News、TapTwice 和 Tracxn 都把 Paul Copplestone 与 Ant Wilson 列为创始人,Copplestone 明确担任 CEO,也是公司的公开面孔。公开材料还显示,Supabase 的文化仍深受创始人塑造:它强调开源维护者、前创始人和开发者优先的运营方式,这有利于产品速度,但也意味着一小撮创始团队存在关键人物依赖。治理披露明显更薄。保留来源中的官方公司页面没有发布当前董事会页面或控制权地图,Tracxn 的董事会清单也只是第三方的部分重建。因此,即便融资历史能互相印证,也不自动等于公开治理透明。相比之下,最新轮次的资本形成有充分覆盖。保留的 2025 年 4 月报道支持一轮 $200 million Series D,估值 $2 billion,约七个月前还有一轮约 $80 million 的前置融资。保留报道中最清晰的投资方组合是 Accel、Coatue、Y Combinator、Craft Ventures 和 Felicis,Y Combinator 也作为更早期机构支持者出现。Tracxn 另有后续 Series E 和 $5 billion 估值条目,但没有一手佐证,只应作为已标记冲突保留,而不是写进标准历史。[CO001, CO002, CO012, CO013, CO014, CO015]
| 人物 / 焦点 | 职务 / 状态 | 背景或证据 | 重要性 | 依赖 / 注意事项 |
|---|---|---|---|---|
| Paul Copplestone | 联合创始人兼 CEO | 留存融资报道均将其标识为 CEO 和公开负责人 | 他是公司战略和融资最清晰的外部经营面孔 | 创始人可见度意味着,如果执行仍然集中,就存在关键人物依赖 |
| Ant Wilson | 联合创始人 | 留存创始人与公司数据库来源中名称一致 | 支撑 Postgres 优先产品投资逻辑背后的技术创始人叙事 | 相较 Copplestone 的 CEO 角色,公开材料对其当前正式头衔不够明确 |
| Copplestone + Wilson | 创始二人组 | 留存公开记录持续围绕这两人,而非更宽的管理梯队 | 让创始人连续性成为产品和文化尽调的核心假设 | 公开证据对授权高管深度和接班规划披露较薄 |
| Thong Soo Kheon | 据 Tracxn,为曾任独立董事 | 唯一提到非创始人董事的留存来源 | 暗示董事会曾在某个时点扩展到创始人之外 | 需要直接确认,因为这是第三方数据库信息,不是官方董事会名单 |
| 当前董事会披露 | 留存官方页面未发布 | 留存公司页面没有出现官方董事名单或控制权图谱 | 治理尽调不能只依赖网站材料 | 线下确认董事、观察员和保护性条款 |
此表列出留存公开材料里可见的创始人和董事会信号,不是完整高管组织图或股权结构控制文件。
[CO002, CO012, CO013, CO014, CO016, CO017]| 利益相关方 | 角色 | 证据 | 重要性 | 尽调问题 |
|---|---|---|---|---|
| Accel | 2025 年 4 月 Series D 领投方 | 留存 TechCrunch、Yahoo 和 Tech Funding News 报道 | 锚定最新估值重定价,并可能影响治理 | 确认董事席位、持股比例和后续储备行为 |
| Coatue | Series D 参投方 | 最新轮次报道中提名 | 表明当前融资获得跨界基金风格资金支持 | 澄清持仓规模和任何特殊权利 |
| Y Combinator | 据轮次报道,为早期支持方且当前仍参与 | YC 资料页和最新融资报道中均可见 | 将早期创业来源与当前投资人结构串起来 | 确认后续轮次后当前持股相关性 |
| Craft Ventures | Series D 参投方,并在上一轮联合领投 | 在上一轮和最新轮次报道中均被提名 | 提供 2024 年和 2025 年融资之间的连续性 | 对齐当前持股和治理影响力 |
| Felicis | 长期投资人,仍在参投 | 最新轮次报道和更早官方引用中均被提名 | 暗示融资历史中投资人连续性较强 | 映射各轮按比例跟投情况 |
| Peak XV Partners | 上一轮约 $80M 融资的领投方 | 留存报道和后续数据库条目中被提名 | 重要性在于它锚定了进入 Series D 的估值跃升 | 确认轮次标签、日期和估值桥 |
| Kevin Weil | 部分轮次报道提到的天使投资人 | 出现在 Yahoo 和 Tech Funding News 报道中 | 释放 AI 和开发者工具周边战略运营者兴趣 | 判断这是象征性参与还是商业上活跃 |
这张图聚焦对最新融资故事重要的公开具名投资人;它不是完整股权结构表,也不应被解读为控制权百分比声明。
[CO020, CO021, CO022, CO036, CO046, CO047]1.3 规模、里程碑与运营注意事项
Supabase 的公开规模证据很多,但口径并不完全一致,后续章节应谨慎复用。官方页面目前显示注册开发者超过 7 million、GitHub 星标超过 98,000、关注者超过 190,000、SupaTroopers 超过 47,000,并且已创建超过 16 million 个数据库、每日启动超过 90,000 个。后一篇公司博客称项目已跨过 100,000 个 GitHub 星标和 8 million 开发者,而融资报道引用的是 1.7 million 至 2 million 开发者、3.5 million 个数据库环境。这些数字不一致,不能压成一个干净的可比指标,但方向上都指向大规模且仍在增长的采用。企业证明点也有意义,即便客户经济仍由公司筛选:官方页面点名 GitHub、PwC、Mozilla 和 Epsilon3,客户故事提到一个身份验证部署七个月触达 1 million 用户,另一项迁移降低 83% 成本。创立以来的里程碑包括企业动作、2024 年前次融资、2025 年 Series D、2025 年安全加固,以及 2026 年事故记录。保留来源中最重要的负面信号是 2026 年 2 月 us-east-2 故障、2026 年 5 月 Brazil 访问问题,以及 GitHub 上围绕速率限制、schema 缓存行为和自托管 URL 处理的公开投诉。准确员工数、准确收入和直接客户评价情绪仍证据不足或互相矛盾。[CO024, CO025, CO026, CO027, CO028, CO029]
| 日期 | 事件 | 类型 | 金额 / 估值 / 状态 | 参与方 | 含义 |
|---|---|---|---|---|---|
| 2020 | Supabase 成立 | 创立 | 公司组建并启动 | Paul Copplestone 和 Ant Wilson | 确立公司为 2020 年创立的开源后端创业公司 |
| 2022-03 | 后续市场研究提到企业版产品 | 规模 | 企业销售动作启动 | Supabase 企业团队 | 显示公司较早就走出了爱好者用例 |
| 2024-09 | 上一轮融资完成 | 融资 | 约 $80M | Peak XV Partners 和 Craft Ventures | 架起通往 2025 年估值跃升的桥 |
| 2025-04-22 | Series D 宣布 | 融资 | $200M,估值 $2B | Accel、Coatue、YC、Craft Ventures、Felicis 等投资方 | 将 Supabase 重新定价到后期私营公司区间 |
| 2025 | 安全加固潮 | 治理 | 可撤销密钥、RLS 默认设置、安全顾问 | Supabase 平台团队 | 表明托管平台和合规故事更成熟 |
| 2026 | 后续官方博客页面显示社区里程碑达到 100k GitHub 星标和 8M 开发者 | 规模 | 开源里程碑 | Supabase 社区 | 凸显社区快速增长,也暴露相较其他页面的指标漂移 |
| 2026 | 当前官方企业计数显示 16M+ 已创建数据库和每日 90k+ 启动量 | 规模 | 当前平台计数 | Supabase 客户和开发者基础 | 增加证据表明社区采用已转化为生产使用 |
| 2026-02-12 | us-east-2 区域故障 | 负面 | 3h42m 重大故障 | Supabase 平台和区域客户 | 让可靠性和事故响应成为董事会级尽调议题 |
| 2026-05-14 | 巴西运营商访问问题开始 | 负面 | ISP 特定降级 | Supabase 和受影响的巴西用户 | 表明核心平台故障之外仍可能出现区域连接风险 |
这条时间线是本章关于创立、融资、规模、安全和负面事件的日期记录;在留存来源没有披露精确到日的发布日期时,使用近似月份或年份锚点。
[CO001, CO019, CO021, CO026, CO027, CO038]所选里程碑覆盖创立、融资形成、社区规模、安全加固和 2026 年可靠性事件。
只有年份或月份的里程碑,在保留来源没有给出更清晰发布日期时,锚定到该年或该月第一天。
[CO001, CO002, CO019, CO020, CO021, CO026]公开可见的公司形态指标,并刻意区分可支撑的计数器和缺少支撑的私营运营数据。
该图混合硬计数器和一个披露质量项,方便后续章节快速判断哪些数字可复用、哪些仍是尽调缺口。
[CO019, CO024, CO025, CO026, CO027, CO028]1.4 图表
02市场分析
2.1 市场边界与替代品集合
Supabase 的市场边界比标题里的数据库或后端基础设施市场更窄,最容易从买家实际评估的产品包来定义。官方页面呈现的是一个 Postgres 项目,外面包上身份验证、即时 API、边缘函数、realtime、存储和向量工具。因此,纳入范围的支出,是一个开发团队想要一层托管数据层加核心后端原语、且通常还没配备专门平台或数据库团队时的预算。排除范围包括通用 IaaS、纯数据库管理工具、分析仓库,以及许多解决完全不同运营问题的企业 DBaaS 合同。最接近的全栈替代品仍是 Firebase,但 Bytebase 的 2026 年对比显示,选择已经不再是干净的 SQL 对 NoSQL 切分,因为 Firebase Data Connect 已经加入托管 PostgreSQL 路径。核心圈之外,替代品集合会碎片化:Neon 和 PlanetScale 是更强的数据库层替代品;Appwrite 是最接近的开源全栈同业;Amplify、Railway 和 Render 从更广的应用平台预算中分流;Hasura 更像数据 / API 邻接,而不是完整 Supabase 替代品。这个边界逻辑很重要,因为更宽的框架会让市场看起来大于 Supabase 直接争夺的预算池。[CM001, CM002, CM003, CM004, CM005, CM006]
| 细分 / 类别 | 纳入支出 | 排除支出 | 主要买方 / 付费方 | 与 Supabase 的相关性 |
|---|---|---|---|---|
| Postgres 开发平台 / 一体化开发者数据库平台 | 托管 Postgres,以及认证、API、实时、存储、边缘函数和向量工具 | 通用 IaaS、DBA 工具、分析型数据仓库、无关云服务 | 创始人、全栈开发者、工程负责人 | 核心直接市场边界 |
| 全栈 BaaS(Firebase、Appwrite) | 面向应用团队的托管后端服务,包括数据、认证、存储和运行时界面 | 独立数据库、缺少后端原语的通用计算 | 移动 / Web 产品团队 | 最接近的替代圈层,但架构不同 |
| 托管 Postgres / 无服务器数据库平台(Neon、PlanetScale) | 数据库计算、存储、分支、HA 和开发者数据库工作流 | 打包式认证、存储、实时,或完整应用后端栈 | 平台负责人、后端工程师、数据库负责人 | 当买方想要同类最佳数据库层时,是部分替代品 |
| 应用平台 / 部署云(Amplify、Railway、Render) | 构建、部署、托管、运行时及相邻托管数据服务 | 统一的 Postgres 优先认证授权和后端套件 | 全栈团队或平台负责人 | 相邻替代品,可能吸收同一钱包支出 |
| 数据 / API 层平台(Hasura、Firebase Data Connect) | API 抽象、联邦,以及数据之上的 GraphQL 类或 API 交付层 | 打包式全栈 BaaS 工作流 | 数据平台或后端架构师 | 这是重塑比较集的相邻领域,而不是替代整套栈 |
| 宽泛 BaaS / DBaaS 大类 | 分析师市场里对后端或数据库服务大盘的简写 | 许多企业托管或不可比服务 | 投资人或战略分析师 | 仅作外围参照,不是干净的直接 TAM |
此表刻意把直接可比平台、相邻领域和外围市场简写拆开,避免本章后续内容夸大可服务支出。
[CM001, CM002, CM003, CM004, CM005, CM006]2.2 受证据约束的规模测算视角
公开市场上没有被普遍接受的「Postgres 开发平台」报告,所以经典总可用市场(TAM)/ 可服务市场(SAM)/ 可获取市场(SOM)处理必须保持谨慎。保留基准中最宽的是 Sacra 引用的 $23.3 billion 后端即服务(BaaS)市场,但这个超级品类过于宽泛,不能作为 Supabase 的直接总可用市场(TAM),因为它扫入了许多不像 Postgres 优先开发栈的产品和工作负载。与此同时,Grand View 的公开 DBaaS 落地页在本次保留抓取中太像预告,无法提供可用的开放方法论基准。更强的规模测算方法,是自下而上的买方预算视角。保留的公开价格显示,可比平台大多聚在免费入口、低双位数或约 $25 的月度生产入口点,一旦团队控制、可审计性、支持或合规加入,价格会大幅上台阶。Supabase 自己可见的锚点仍是 Free、$25 Pro 和 $599 Team。对照这些预算,公司估计年经常性收入(ARR)约 $70 million、开发者 1.7-2.0 million,说明采用广度已经有意义,但相对广义品类支出的变现仍处早期。尽调的正确结论不是 Supabase 能拿下每一美元 BaaS 或 DBaaS 支出,而是它位于一条真实、扩张中的开发者预算走廊里;即便自上而下的市场分类并不清晰,公开价格和采用门槛仍可观察。[CM010, CM011, CM012, CM013, CM014, CM015]
| 视角 / 发布方 | 年份 | 地域 | 数值 | CAGR | 方法 | 置信度 | 局限 |
|---|---|---|---|---|---|---|---|
| Sacra 宽泛 BaaS 参照 | 2025 | 全球 | 引用更宽泛 BaaS 市场 $23.3B | 留存文本中为 n/a / 未公开 | 自上而下的大类引用,仅作外围上限 | 低 | 过宽,无法代表 Supabase 直接 TAM |
| Grand View DBaaS 预告页 | 2026 | 全球 | 未留存可用公开数字 | 留存文本中为 n/a / 未公开 | 商业报告落地页 / 预告 | 低 | 留存抓取中,方法论和可访问的数字细节不足 |
| 可比平台预算阶梯 | 2026 | 全球自助到团队 | 公开起步支出年化约 $60-$7,188,之后为定制企业价格 | n/a | 对留存月度公开套餐锚点做自下而上的年化 | 中 | 衡量买方预算门槛,不是总市场收入 |
| Supabase 已实现货币化 | 2025 | 公司整体 | ARR 估计约 $70M | n/a | Sacra 的二手公司估计 | 中 | 收入估计,不是类别规模 |
| Supabase 装机基础代理指标 | 2025 | 公司整体 | 约 1.7M-2.0M 开发者和约 3.5M 数据库环境 | n/a | 2025 年融资报道中的采用代理指标 | 中 | 采用计数不是收入,且定义不一 |
因为没有干净的第三方类别能单独框定 Postgres 开发平台,此表混合外围市场参照、自下而上的买方预算视角和已实现足迹视角,而不是强行搭出虚假精确的 TAM/SAM/SOM 栈。
[CM010, CM011, CM012, CM013, CM014, CM015]Supabase 的谨慎市场视角从可观察的公开预算门槛出发,而不是单一扩张型 TAM 叙事。
这是买方预算金字塔,不是总市场收入主张。数值将保留可比厂商的公开月度入门价或支持锚点年化,用来展示工作负载从实验走向受治理部署时,买方经济性如何上台阶。
[CM012, CM013, CM014, CM015, CM031, CM040]保留的公开定价显示,从免费或近乎免费入口到首个面向团队的价格台阶差异很大;这比泛泛 TAM 更适合直接测算市场规模。
低位 = 免费或最便宜的公开非定制入口;中位 = 可见的公开中档 / 自助套餐;高位 = 定制企业合同之前的公开高档自助或团队层级套餐。所有数值均由保留的月度定价文本年化。
[CM013, CM014, CM015, CM040, CM041]2.3 买方分层、预算归属与采用路径
Supabase 所在市场里,买家、用户和付款人常常一开始是同一个人,之后才分离。独立创始人、独立开发者和小型初创团队中,选择平台的用户通常也是预算所有者;关键决策是上线速度与成本可预测性之间的取舍。当工作负载变得更生产关键时,经济买家会转向 CTO、工程副总裁(VP Engineering)或平台负责人;一旦 SSO、审计日志、支持 SLA 或数据驻留成为要求,安全、IT 和财务也会开始影响短名单。分层匹配并不均匀。SQL 原生 Web 应用、内部工具、协作型 SaaS 和 AI 产品天然适合 Supabase,因为它们受益于一个 Postgres 记录系统、即时 API 和向量工具。大量依赖离线同步的移动优先产品匹配度较弱,因为 Firebase 的离线和移动同步叙事仍更强。这形成了一条可识别的采用路径:免费或低成本评估、单团队生产采用、治理审查,然后要么企业标准化,要么重平台化到同类最佳数据库和部署服务。因此,市场不是由一个单体买家塑造,而是随着复杂度和风险上升,由一连串买方角色变化塑造。[CM020, CM021, CM022, CM023, CM024, CM025]
| 细分 | 买方 | 用户 | 付费方 | 工作流 / 用例 | 预算负责人 | 采用触发因素 |
|---|---|---|---|---|---|---|
| 单人创始人 / 独立开发者 | 创始人开发者 | 创始人开发者 | 个人或公司卡 | 原型、MVP、内部工具、AI 副项目 | 合并到一人 | 用一个服务快速上线数据库、认证和 API |
| 创业公司产品小队 | 工程负责人或 CTO | 全栈团队 | 创业公司运营预算 | 平台人手有限时的生产级 SaaS 或 Web 应用 | CTO / 工程副总裁 | 从免费或按量评估平滑转向托管生产环境 |
| SQL 原生 Web / 协作应用团队 | 后端或平台负责人 | 产品与后端工程师 | 部门或产品预算 | 协作型 Web 应用、内部工具、B2B SaaS、AI 驱动产品 | 工程领导层 | 作为唯一事实源的 Postgres,加身份认证、实时与向量能力 |
| 移动优先的消费者应用团队 | 移动端负责人或工程经理 | 移动端开发者 | 产品 / 工程预算 | 对离线或同步要求很重的实时移动应用 | 产品工程经理 | 通常先评估 Firebase,因为离线持久化更成熟 |
| 治理要求高的企业工作负载 | CTO、平台负责人、安全决策方 | 应用和平台团队 | 中央 IT / 工程预算 | 受监管部署、SSO、审计、支持、数据驻留 | 跨职能采购委员会 | 需要合规控制、支持 SLA 和治理 |
部署从自助实验转向受治理的生产环境后,预算归属会明显变化; 因此,采用路径和最初的开发者偏好同样重要。
[CM020, CM021, CM022, CM023, CM024, CM025]Supabase 的需求客群主要差异在于:买方、用户、付款方是合并到一个开发者,还是拆分到工程、安全和采购等角色。
[CM020, CM021, CM022, CM023, CM030, CM031]市场采用路径从自助开发者选择开始;随着合规、切换成本和工作负载关键性提高,漏斗逐步收窄。
数值是归一化阶段指数,不是客户数。该图概括了保留定价层级、功能包和可比平台买方角色变化所暗示的决策路径。
[CM020, CM021, CM031, CM032, CM033, CM034]2.4 增长驱动、采用约束与保留缺口
最强的需求驱动不是抽象总可用市场(TAM)叙事,而是软件团队构建产品方式的具体变化。Postman 2025 年数据显示 API 正变得收入关键且 AI 原生;Stack Overflow、DB-Engines 和 JetBrains 也支持 PostgreSQL 及其他开源数据库仍处在开发者工作栈中心的判断。这些条件有利于 Supabase 的 Postgres 优先平台叙事。开源控制和自托管对部分买家也重要,因为它们保留了完全 Google 托管替代品无法提供的退出选项和数据驻留。约束同样真实。治理要求高的客户只有在信任、合规和支持层级可信时才会扩张;一旦身份验证、策略、数据和边缘工作负载接入生产,切换成本会上升;Supabase 的数据库中心模型也假设用户有比更抽象移动 BaaS 更强的 SQL 素养。成本动态两面切:Firebase 式用量定价对小应用可能更便宜,而当实时流量扩张后,更平的平台定价更容易预测。仍未解决的尽调问题是品类清晰度本身。公开来源仍不同意应把 Supabase 按 BaaS、托管 Postgres 还是更广应用平台来测算;公开价格证据也仍不均匀,无法在没有更多直接供应商输入时支撑完全归一的竞品 TCO 曲线。[CM030, CM031, CM032, CM033, CM034, CM035]
| 驱动 / 约束 | 方向 | 时间 | 对 Supabase 的影响 | 尽调追问 |
|---|---|---|---|---|
| API 优先采用与承载收入的 API | 驱动 | 当前 | 支撑后端平台预算,因为这类平台让 API 更容易发布和管理 | 量化新客户需求中 API 驱动与数据库驱动各占多少 |
| AI 原生开发与智能体就绪基础设施 | 驱动 | 当前 | 利好把 API、向量工具和快速后端搭建放在一起的平台 | 验证 AI 原生工作负载是提高转化,还是只增加试用量 |
| 开发者信号中的 PostgreSQL 偏好 | 驱动 | 当前 | 强化 Supabase 作为 Postgres 优先标准的定位,而不是小众选择 | 验证 Postgres 偏好能否转化为付费平台选择 |
| 开源 / 自托管与数据驻留需求 | 驱动 | 中期 | 让 Supabase 能切入一部分反感封闭托管替代品的买家 | 衡量管线中有多少比例把控制权、可移植性或数据驻留列为决策因素 |
| 治理与合规要求 | 约束兼扩张驱动 | 当前 | 抬高客单价,但收窄买家池、拉长销售周期 | 检查 SSO、审计、支持、BYO cloud 和 HIPAA 附加项的绑定率 |
| 身份认证、策略、数据和边缘逻辑的切换成本 | 约束 | 当前 | 能保护留存账户,但会放慢竞争赢单和迁移 | 评估从 Firebase 或定制栈迁移的真实工作量 |
| SQL 能力要求 | 约束 | 当前 | 更适合工程能力强的团队,但对追求抽象层的买家吸引力变弱 | 追问成功部署中有多少依赖内部 SQL 专长 |
| Firebase 离线优先移动端优势 | 约束 | 当前 | 限制 Supabase 在部分消费者移动工作负载中的渗透 | 索取移动优先与 Web 优先用例的赢单 / 输单数据 |
| 按量计费对手在小规模时更便宜 | 约束 | 当前 | 当团队看重零固定成本入口时,会制造低端获客逆风 | 对比小应用经济性:Spark / Blaze 与 Amplify 式计量 |
| 规模化后,更扁平的定价更容易预测 | 驱动 | 当前 | 一旦读写或监听量让按操作计费变痛,Supabase 会受益 | 验证成本可预测性有多常成为决定性切换触发点 |
| 最佳单点数据库或应用平台替代品 | 约束 | 当前 | 市场会继续碎片化,因为买家可能选择 Neon、PlanetScale、Railway 或 Render, 而不是一体化套件 | 跟踪输单对象是一体化同行,还是部分栈组合 |
| 公开品类定义偏弱 | 约束 | 当前 | 让市场规模测算噪声更大,也迫使尽调依赖自下而上的证据 | 收集客户和供应商的一手数据,搭出标准化 TCO 和分层视图 |
多行会随着买家成熟度不同同时呈现驱动和约束, 因此本章强调采用路径和预算归属,而不是单一增长叙事。
[CM024, CM025, CM026, CM027, CM028, CM029]03竞争格局
3.1 格局与真正替代品所在位置
Supabase 已不再只竞争于一个干净品类。直接同业集合仍从 Firebase 和 Appwrite 开始,因为二者都能可信地推销一套面向开发者的后端,包含数据、身份、存储和应用加速原语。但竞争场很快扩宽。AWS Amplify 是既有全栈替代品,适合已经想要 AWS 服务和以 Git 为中心部署工作流的团队。Neon 和 PlanetScale 直接压迫数据库层,尤其面向主要想要托管 Postgres、分支和性能,而非完整捆绑后端的买家。Hasura 更偏邻接,因为它掌握数据 API 和联邦层,而不是整个应用平台。Railway 和 Render 是能把托管 Postgres 与部署、网络原语结合起来吸收后端支出的替代品。现状方案也仍然是基于云服务内部自建。实践中,买家往往是在一套集成 Postgres 包、超大规模云厂商栈、数据库优先切入点,或拼装成后端的通用平台之间选择,而不是简单地在 Supabase 和某个具名 BaaS 对手之间二选一。[CP002, CP014, CP017, CP019, CP023, CP025]
| 竞争对手 | 类别 | 背书 / 规模信号 | 目标买家 | 产品范围 | 战略方向 | 相对 Supabase 的短板 |
|---|---|---|---|---|---|---|
| Firebase | 直接在位 BaaS | Google 背书的托管平台 | 需要托管后端基础组件的移动和 Web 团队 | 数据同步、身份认证、托管、分析、安全、AI 工具 | 借 Data Connect 和更深的 Google 集成走出 NoSQL | 自有栈,可移植性较低 |
| AWS Amplify | 在位全栈平台 | AWS 背书的应用平台 | 已经标准化使用 AWS 的全栈团队 | 托管加身份认证、数据、实时,以及延伸到 AWS 服务的 CDK | 加深基于 Git 的部署,让 AWS 基础组件更容易使用 | 架构和定价分散在底层 AWS 服务中 |
| Neon | 数据库层直接相邻玩家 | Serverless Postgres 专家;Tracxn 档案中的头号竞争对手 | 主要需要 Postgres、分支和缩至零成本结构的团队 | 托管 Postgres、Data API、Auth、RLS、工作流工具 | 从数据库核心向更多开发者工作流界面上移 | 不是完整的身份认证 - 存储 - 实时套件 |
| Appwrite | 直接开源全栈同行 | 带自托管能力的开源云订阅 | 想要一个兼具控制权和可移植性的后端栈的开发者 | 身份认证、数据库、函数、站点、消息、存储、实时 | 用一个订阅和更强企业控制替代碎片化工具 | 生态分发弱于超大规模云厂商 |
| Hasura | 相邻 API 和数据层 | 联邦 API 平台 | 构建 supergraph 和跨源数据访问的团队 | DDN、连接器、GraphQL API、authz、私有部署 | 占住数据访问层,而不是整个应用后端 | 不是完整后端套件 |
| PlanetScale | 相邻托管数据库厂商 | 包含 Postgres 和 Vitess 的托管数据库平台 | 优化高可用数据库运维的团队 | Postgres 和 Vitess 集群、分支、HA、支持 | 从数据库核心扩展到更广的托管 Postgres 部署 | 缺少捆绑的身份认证、存储和实时能力 |
| Railway | 替代平台 | 通用基础设施和部署云 | 需要更快部署和基础设施的独立开发者与专业团队 | 应用托管、数据库、可观测性、企业控制 | 拓宽基础设施平台和合规姿态 | 没有强主张的身份认证或实时层 |
| Render | 替代平台 | 带托管 Postgres 的通用平台 | 需要应用托管和托管数据库的团队 | 托管 Postgres、私有网络、预览环境、自动扩缩容 | 围绕数据库和网络拓宽应用平台版图 | 不是完整一体化后端产品 |
背书或规模信号混合了母公司支持、平台定位和第三方竞争对手标记, 因为留存来源中私营同行披露不均。
[CP014, CP017, CP019, CP023, CP025, CP027]Supabase 因模块宽度和可移植性靠近右上角;超大规模云厂商赢在分发,数据库优先厂商赢在聚焦控制力。
评分是顺序型分析判断,锚定保留的产品范围、可移植性和部署控制证据,而不是市场份额数据。
[CP014, CP017, CP019, CP023, CP025, CP027]3.2 画像、能力宽度与价格形态
最接近的功能宽度比较对象,其实不是最便宜的产品,而是能在不迫使团队自己拼后端的情况下可信替代最多模块的产品。Firebase 仍是最宽的既有厂商,因为它把托管数据、身份验证、托管、分析和 AI 工具叠在 Google Cloud 之上,但它保持专有、多产品姿态,并且看起来仍最适合移动优先、重离线的用例。Amplify 的重要性来自另一点:它不像一个整齐的 BaaS,更像是为熟悉 Cognito、AppSync、Lambda、S3 和 CDK 的全栈团队提供的 AWS 前门。Appwrite 是最清晰的开源全栈同业,因为它在一份订阅中打包身份验证、数据库、函数、存储、实时和自托管。Neon 和 PlanetScale 更窄,但当购买标准是 serverless Postgres 经济性、分支或数据库运营时,它们很锋利。Supabase 自己的标价姿态相对同业有吸引力,因为它仍能被清楚读成 Free、Pro、Team 和 Enterprise;Firebase 和 Amplify 则越来越按服务计量整套栈,Neon 按用量计量数据库计算。[CP001, CP003, CP004, CP014, CP015, CP017]
| 购买标准 | Supabase | Firebase | AWS Amplify | Appwrite | Neon | Hasura |
|---|---|---|---|---|---|---|
| 以 Postgres 为中心的一体化后端 | 是;数据库加身份认证、存储、实时、边缘函数 | 部分;后端能力宽,但默认不是 Postgres 优先 | 部分;后端由 AWS 服务拼装 | 是;捆绑后端模块 | 主要由数据库牵引 | 否;是 API 层,不是完整后端 |
| 身份认证纳入核心主张 | 是 | 是 | 是,通过 AWS 服务 | 是 | 部分,通过 Neon Auth | 部分,通过授权控制,而不是终端用户身份认证套件 |
| 包含存储和文件处理 | 是 | 是 | 是,通过 AWS 服务 | 是 | 没有清晰捆绑的存储层 | 没有捆绑的对象存储层 |
| 实时或流式工作流 | 是 | 是 | 是 | 是 | 部分;偏数据库的工作流支持 | 部分;偏 API 和事件层,不是应用原生实时 |
| 自托管和可移植性 | 强 | 否 | 套件层面没有实际可移植性 | 强 | Postgres 可移植性中等,但整个平台不能对等迁移 | 数据 API 层可移植性中等,但全栈不能对等迁移 |
| Git、分支和开发者工作流相邻能力 | 强,靠平台和分支模块 | 中等 | 强 | 中等 | 强 | 中等 |
| 企业控制与私有部署路径 | Team、Enterprise、PrivateLink、BYO cloud 等企业控制项 | Google 托管控制 | AWS 托管控制 | Enterprise 支持 BYO cloud 和 SSO | 安全和合规控制 | Private DDN 和专用基础设施 |
单元格只反映留存官方文档或对比文本能支持的内容; 对等性不清楚时,措辞保留为「部分」或「中等」,不假定等同。
[CP001, CP002, CP011, CP014, CP017, CP019]| 玩家 | 入门定价信号 | 计费模型 | 信任 / 企业级信号 | 战略含义 |
|---|---|---|---|---|
| Supabase | Free;Pro 起价 $25;Team $599;Enterprise 定制 | 分层套件加超额用量 | Team 提供 SOC2 和 ISO 27001;HIPAA 附加项;PrivateLink;Enterprise 支持 BYO cloud | 清晰易读的包装有助于把 Supabase 定位成一体化默认选项,而不是自己拼栈 |
| Firebase | 各产品提供免费额度 | 按服务逐项用量计费 | Google Cloud 托管姿态 | 非常适合生态型买家,但定价和架构分散在多个服务里 |
| AWS Amplify | 免费层和按量付费托管 | 构建分钟数加底层 AWS 服务计量 | AWS 生态和企业采购优势 | 团队本来就想用 AWS 基础组件时,它是强在位替代品 |
| Neon | 免费,每个项目 100 CU-hours | 计算和存储纯按用量计费 | AWS 和 Azure 上的专用安全与合规姿态 | 对不需要完整 BaaS 的数据库优先买家,是锋利切入口 |
| Appwrite | 免费含 75000 MAUs;Pro 含 200000 MAUs | 单一订阅加附加项 | Enterprise 增加 SSO、SOC-2、HIPAA 和 BAA、BYO cloud | 最接近 Supabase 的打包式开源替代品 |
| Hasura | 免费,其后每个活跃模型每月 $5 起 | 基于模型的 API 定价 | Private DDN 和专用基础设施选项 | 更多争夺数据访问层,而不是完整应用后端 |
| Railway | Hobby 最低 $5;Pro 最低 $20 | 抵扣额度后,基础设施用量按秒计费 | Enterprise 增加 SSO、RBAC、长期审计日志、HIPAA BAA、BYO cloud | 作为基础设施和部署替代品不错,但作为单一后端控制平面较弱 |
| PlanetScale | Postgres 每月 $5 起;Metal $50 起 | 按资源计费的数据库定价 | Enterprise BYO cloud 和 PCI DSS 认证提供商选项 | 数据库运维价值强,但捆绑的应用能力有限 |
本表比较公开标价信号和公开企业控制表述, 不比较谈判折扣或完整生产账单。
[CP003, CP004, CP005, CP011, CP015, CP018]Supabase 和 Appwrite 在一体化宽度上最接近,Firebase 和 Amplify 主导超大规模云邻近性,Neon 与 Hasura 更专精。
[CP001, CP005, CP011, CP014, CP017, CP019]3.3 切换成本、多栖、分发与信任姿态
Supabase 受益于有意义但并非绝对的切换成本。一旦团队围绕 Supabase 写了 schema、行级安全策略、身份验证流程、存储规则和部署习惯,迁移就是实打实的工作。但这个品类没有极端的合同或文件格式锁定。Supabase 自己的文档强调从 Firebase、Neon、Render 和遗留数据库迁移,Appwrite 也公开宣传可从 Supabase 迁移。这就是市场的本质:可移植性帮助从封闭既有厂商手中赢得用户,也让邻接供应商更容易挑战这个品类。多栖在结构上也可行。团队可以保留 Supabase 做身份验证和 API,同时把数据库工作负载、预览环境或运营服务转向 Neon、Render 或 Railway。分发上,Google 和 AWS 保留最强优势,因为 Firebase 和 Amplify 连接着更广的云身份、伙伴生态和采购动作。信任上,Supabase 借 Team 和 Enterprise 控制、安全默认值以及 PrivateLink 已有实质改善,但公开状态记录提醒我们,可靠性和企业保证仍是竞争筛选器。[CP005, CP007, CP008, CP009, CP010, CP011]
| 压力点 | 重要性 | 证据 | 严重程度 | 尽调问题 |
|---|---|---|---|---|
| 超大规模云厂商生态锁定 | Google 和 AWS 能把后端选择绑定到更广的云身份、存储、计算和采购关系上 | Firebase 和 Amplify 直接坐在 Google Cloud 与 AWS 服务生态上 | 高 | 如果不能匹配在位者的分发和合作伙伴触达,Supabase 还能赢下企业账户吗? |
| 数据库层拆捆绑 | 部分买家只需要托管 Postgres 加分支或性能,不需要完整后端套件 | Neon 和 PlanetScale 都在强化数据库优先替代方案 | 高 | Supabase 赢单中有多少真正需要一体化套件,而不只是更好的 Postgres 运维? |
| 开源仿品 | 可移植性有助于获客,也降低了 Appwrite 等开源同行的结构性门槛 | Appwrite 捆绑了类似模块组合,并主推从 Supabase 迁移 | 中高 | 社区规模会转化为持久产品偏好,还是只降低获客摩擦? |
| 多栈并用与基础设施替代品 | 团队可以把部分栈留在 Supabase,同时把托管或数据库转到别处 | Supabase 支持迁移路径,Railway、Render 等替代品也能在基础设施层共存 | 中 | 有多少客户把 Supabase 当成更大栈里的一个模块,而不是整个控制平面? |
| 企业信任缺口 | 安全和合规改进很重要,但可见事故和较弱采购能力仍可能拖慢大单 | Supabase 已增加 Team 和 Enterprise 控制,但公开状态页仍显示实时运营事件 | 中高 | 企业管线更多卡在保证姿态,还是缺少功能? |
| 品类商品化 | 在位者和相邻玩家持续增加 PostgreSQL 和后端功能,削弱独特性 | Firebase 增加了 Data Connect,PlanetScale 现在提供 Postgres,数据库优先玩家也在拓宽工作流界面 | 高 | Supabase 能让一体化套件明显优于市场默认方案吗? |
严重程度是基于留存官方和对比证据的分析判断, 不是披露的管理层排名。
[CP012, CP016, CP023, CP024, CP030, CP037]3.4 护城河耐久度与反向证据
核心战略结论是,Supabase 的护城河更像包装、可移植性和社区亲和力,而不是排他的底层技术。这仍然有价值。Supabase 已经做出一个以 Postgres 为中心的连贯体验,比把云原语缝在一起更简单;围绕企业控制和运营规模的官方信号也显示,平台不再只是爱好者工具。但反向证据真实存在。Firebase 已经通过 Data Connect 转向 PostgreSQL,Appwrite 如今把自己营销成另一个开源全栈后端,并提供从 Supabase 迁移的路径;PlanetScale 和 Neon 也在持续强化数据库层,面向不需要完整 Supabase 包的买家。即便 Railway 和 Render 这类通用替代品,也让团队更容易在不选择专门 BaaS 的情况下拼出足够的后端基础设施。结果是一个最大风险来自商品化、而非某个单一对手突然替代的品类。尽调的关键问题,是当其他玩家把更多捆绑能力做成准入门槛时,Supabase 能否继续成为默认的集成式开源 Postgres 平台。[CP013, CP016, CP023, CP024, CP030, CP034]
Supabase 在一体化 Postgres 封装和可迁移性上得分最高,但当分发、企业级保障和品类商品化最关键时, 竞争风险会上升。
[CP012, CP016, CP023, CP030, CP041, CP043]04财务情况
4.1 定价模型与收入架构
Supabase 的收入模型最容易理解为一条围绕 Postgres 基础设施的托管云订阅阶梯,上面再叠企业增购和用量扩张。官方价格支撑一个宽漏斗:免费入口、每月 $25 的 Pro 方案、每月 $599 起的 Team 方案,以及更高的定制企业销售。重要的是,标价叙事不只是按席位计费的 SaaS。公开页面还显示,数据库磁盘、出站流量、时间点恢复保留、电话 MFA 和 SSO 相关活跃用户收费都会带来可变变现。因此,实际收入应是基础订阅、用量超额和谈判型企业包的组合,而不是一笔扁平平台费。架构也影响定价权。Supabase 仍依托开源和可自托管姿态,这有助于获客和信任,但相对完全专有后端可能限制锁定。企业和客户证明页面确实显示,客户愿意为合规、支持和规模付费;但公开材料仍只揭示标价,而不是实际折扣、ACV 或续约质量。[CI001, CI002, CI003, CI004, CI005, CI006]
| 收入流 | 机制 | 公开价格 / 单位 | 证据 / 状态 | 收入质量判断 | 尽调追问 |
|---|---|---|---|---|---|
| 免费与自托管漏斗 | 免费云层和开源 / 自托管入口先拉动采用,再转付费 | $0 标价或自托管 | 明确是产品策略的一部分 | 获客漏斗强,但不是直接变现 | 按项目年龄、工作负载和客户分层拆免费转付费 |
| Pro 订阅 | 自助式托管云订阅 | $25 / 月起 | 公开且当前有效 | 有经常性基础收入,但实际成交价和流失未披露 | 付费项目数、混合 ARPU 和月度 logo 流失 |
| 用量超额费 | 按容量和活动计的可变收费 | 磁盘、出站流量、PITR 保留、MFA 和 SSO 相关用户收费 | 公开且当前有效 | 增加扩张潜力,也让实际定价对用量更敏感 | 按产品面拆超额费收入占比 |
| Team 套餐 | 治理要求更高的云套餐 | $599 / 月起 | 公开且当前有效 | 显示从自助式到大客户的过渡桥 | Team 套餐客户数及升级到企业版的比例 |
| 企业合约 | 围绕支持、合规和规模要求的定制销售动作 | 定制 | 公开披露为联系销售定价 | 可能是 ACV 最高的收入流,但公开来源没有显示合约期限、最低消费或折扣 | 企业客户 ACV 中位数、期限、折扣政策和续约队列 |
| 企业相关信任投入 | 合规和可靠性功能有助于打开监管行业或更大客户 | 间接变现,公开价格不单列 | 有 ISO 和企业版信息支撑 | 有助于企业版转化,但不足以推断毛利质量 | 合规成本预算、实施负担以及企业合约附加率 |
本表把公开标价和变现机制同实际开票或确认收入分开;后两者仍未披露。
[CI001, CI002, CI003, CI004, CI005, CI006]| 套餐 / 计量项 | 公开标价 | 计费单位 | 内含容量 / 信号 | 仍未知事项 | 来源 |
|---|---|---|---|---|---|
| 免费 | $0 | 按项目 | 含 50,000 MAU 和 500 MB 数据库 | 转向付费云用量的转化率 | Supabase 定价 |
| Pro | $25 | 按项目 / 月 | 超额前含 100,000 MAU 和 8 GB 磁盘 | 计入超额费和折扣后的混合实际成交价 | Supabase 定价与 Sacra |
| Team | $599 | 按组织 / 月起 | 自助式与企业版之间的治理升级档 | 有多少客户停在 Team,多少转向定制企业版 | Supabase 定价与 Sacra |
| 额外磁盘 | $0.125 per GB | 用量 | 内含磁盘阈值后适用 | 付费项目平均存储强度 | Supabase 定价 |
| 出站流量 | $0.09 per GB | 用量 | 内含传输阈值后适用 | 读密集流量中有多少变成可计费超额量 | Supabase 定价 |
| 时间点恢复保留 | 每 7 天保留期 $100 / 月 | 附加项 | 明确把更高数据保护需求变现 | 按付费队列拆采用率 | Supabase 定价 |
| 高级电话 MFA | 首个项目 $75 / 月,之后每增加一个项目 $10 | 附加项 | 显示 Auth 可在核心套餐之上变现 | 附加率和增量支持负担 | Supabase 定价 |
| SSO MAU | 含 50 个,之后 $0.015 / MAU | 用量 | 企业身份变现按用户挂钩,不只按套餐挂钩 | 典型 MAU 量和企业实际封顶 | Supabase 定价 |
| 企业版 | 定制 | 合约 | 面向更大、受监管或复杂部署的联系销售动作 | ACV、最低消费、爬坡条款和服务内容 | Supabase 企业版 |
官方定价只是当前标价,不披露实际企业折扣、承诺消费或回款条款。
[CI002, CI003, CI004, CI005]Supabase 先靠宽口径免费 / 开源漏斗、自助订阅和用量挂钩扩张变现,再进入定制企业合同。
[CI001, CI002, CI003, CI004, CI005, CI039]4.2 公开牵引、收入线索与员工数缺口
Supabase 有足够公开采用证据,说明商业规模真实存在,但还不足以搭出可靠收入模型。最尖锐的问题是,保留的官方来源没有披露公司收入或年经常性收入(ARR)。外部只能在 Sacra 对 2025 年年经常性收入(ARR)约 $70 million 的估计、以及 TapTwice 对 2024 年约 $16 million 收入和 2025 年 $27 million 收入的估计之间三角测量。这些数字在方向上有用,但不是同一口径,所以应视为粗略公开区间,而非可用于估值的数字。员工数同样未解:公开第三方估计从 TapTwice 的约 124 人到 Tracxn 2026 年的 351 人不等。客户故事显示了为什么规模化变现有合理可能。Shotgun、Good Tape、Chatbase、Maergo、Voypost、Markprompt 和 Mobbin 都描述了在 Supabase 之上的显著成本、生产力或增长结果。这些故事支持产品价值和买方支付意愿,但它们仍是经过筛选的案例研究,不是 Supabase 自身留存、利润率或回款质量的经审计队列数据。[CI008, CI009, CI010, CI011, CI012, CI013]
| 指标 / 代理 | 公开数值 / 状态 | 置信度 | 为什么重要 | 尽调追问 |
|---|---|---|---|---|
| 公司官方收入 / ARR | 未公开披露 | 中 | 没有披露收入顶线,估值和效率无法干净对标 | 可提交董事会的 ARR、GAAP 收入、开票额和递延收入桥 |
| 公开收入顶线估计区间 | TapTwice 估计 2025 年收入约 $27M,Sacra 估计 2025 年 ARR 约 $70M | 低 | 公开市场只有粗略区间,不是一个可比数字 | 管理层对 ARR 的定义和经审计的收入历史 |
| 员工数信号 | TapTwice 估计 124 人,Tracxn 估计 351 人 | 低 | 人员成本可能是最大运营费用项,但公开员工数据相互矛盾 | 按职能拆当前员工数和全成本薪酬支出 |
| 客户节省成本证明 | Shotgun 报告成本降低 83%;Good Tape 报告降低 60% | 中 | 支撑买方 ROI,以及为迁移、支持和托管基础设施付费的意愿 | 这些节省在付费客户群中重复出现的频率 |
| 商业规模代理 | Chatbase 称其在 Supabase 上有 >8,000 个付费客户、>$10M ARR;Markprompt 和 Mobbin 描述了有意义的工作负载规模 | 中 | 表明 Supabase 能支撑付费生产用例,但不证明其自身收入转化 | 顶级客户队列及向企业合约扩张 |
| 基础设施强度代理 | Chatbase 称分析场景中每周触及 3,000 IOPS 上限、125 MB/s 吞吐饱和 | 中 | 成功客户可能显著推高平台成本 | 按工作负载类型拆毛利率,以及大客户支持负担 |
| 扩容成本阶梯 | 计算档位从 $10 到 $3,730 / 月;某些情况下,读副本比把主计算翻倍更便宜 | 中 | 毛利取决于容量规划,不只是软件席位 | 云单位成本、读副本组合和按套餐拆贡献毛利 |
| 付费用户支持摩擦 | GitHub issue 显示生产用例存在速率限制和 schema 缓存投诉 | 低 | 即便是软件模式,支持和工程负担也会挤压毛利 | 工单量、补偿额度以及平台 bug 消耗的工程时间 |
这些只是代理指标和客户案例,不是已披露的单位经济模型。等同空值的行表示公开记录没有提供该指标。
[CI008, CI009, CI010, CI011, CI012, CI013]公开证据给出了收入估算和员工数的区间,但标准估值和累计融资只有点状锚点。
收入区间混合了不同第三方的收入和 ARR 估算,不应被当作标准化公司收入序列。
[CI009, CI010, CI011, CI012, CI013, CI015]公开单位经济性证据在客户价值上较强,在 Supabase 实际毛利上较弱;因此分析只能止于代理信号, 不能落到经审计结果。
[CI022, CI023, CI025, CI026, CI027, CI028]4.3 资本基础、弹药库与成本结构线索
资本故事比经营报表更清楚。本章的正确锚点仍是 2025 年 4 月 $200 million Series D、估值 $2 billion,由 Accel 领投,Coatue、Y Combinator、Craft Ventures 和 Felicis 参与。这个框架意味着该轮后累计资本约 $396 million 至 $398 million;对一家软件基础设施公司来说,这是有意义的弹药库,尽管没有公开来源披露实际现金余额。复杂之处在于,Tracxn 后来记录了 2025 年 3 月 $202 million Series D,以及 2025 年 10 月 $143 million Series E、估值 $5 billion。没有一手佐证时,这些数据库条目应继续标记为冲突,而不是替换标准融资历史。成本结构上,公开证据指向类似软件的经济性,但对基础设施成本有真实敏感度。Supabase 自己的扩展指南显示,计算层从每月 $10 到每月 $3,730,并把只读副本、更大计算规格、索引和分析隔离定义为明确的成本—性能选择。来自 Chatbase 的客户证据显示,成功工作负载可能撞上 IOPS 和吞吐上限,这意味着毛利率取决于云效率、支持强度和企业级可靠性投入,而不只是固定的软件交付。[CI015, CI016, CI017, CI018, CI019, CI020]
| 项目 | 公开数值 / 状态 | 证据基础 | 投资判断含义 | 尽调追问 |
|---|---|---|---|---|
| 最新规范口径新股轮 | 2025 年 4 月以 $2B 估值完成 $200M Series D | TechCrunch、Yahoo Finance 和 Tech Funding News | 新近大额股权缓冲支持继续投入平台和 GTM | 融资文件、股数和清算优先权堆叠 |
| 最新规范口径投资方组合 | Accel、Coatue、Y Combinator、Craft Ventures 与 Felicis;部分报道还提到 Kevin Weil | 保留下来的 2025 年融资报道 | 若需要再融资,知名投资方会改善融资可得性 | 完整股权结构表和投资者权利包 |
| 上一轮主要融资 | 约七个月前约 $80M | TechCrunch、Tech Funding News 和 Sacra | 支撑 Supabase 进入 Series D 时已经资本充足的判断 | 从上一轮到 Series D 的月度 KPI 桥 |
| 规范口径下累计融资 | 约 $396.1M-$398M | TechCrunch、Tech Funding News 和 TapTwice | 对软件基础设施公司而言,累计股权基础可观 | 当前现金余额和累计资金用途明细 |
| 后续融资数据库条目存在冲突 | Tracxn 列出 2025 年 10 月 $5B 估值 Series E、累计融资 $544M | 仅 Tracxn | 在一手佐证出现前,应标记而非采用 | 可证明或否定后续融资的董事会材料或签署融资文件 |
| 手头现金 | 未公开披露 | 保留下来的公开来源没有提供现金余额 | 外部无法建模现金跑道 | 月度现金余额和最低流动性政策 |
| 烧钱速度 / 现金跑道 | 未公开披露 | 保留下来的公开来源没有提供净烧钱或现金跑道月数 | 无法测试悲观情景下的融资依赖 | 月度烧钱桥和悲观情景现金跑道敏感性 |
| 主体层面申报线索 | Tracxn 显示,截至 2023-12-31,SUPABASE PTE. LTD. 收入为 $2.86M | Tracxn 法律主体行 | 有参考价值,但不能替代合并财务报表 | 经审计主体账目以及与集团收入的调节 |
| 债务 / 项目融资 | 保留下来的来源未发现公开债务或项目融资义务 | 公开记录以股权为主 | 业务看起来仍偏资本轻,但没有证据不等于不存在 | 债务明细、租赁承诺,以及任何风险债或应收账款融资 |
| 直接申报验证 | 本次检索中,注册登记页因 challenge 被拦截 | OpenCorporates 访问障碍 | 连基本主体验证也比融资头条更不透明 | 线下调取本地注册登记摘录或认证主体记录 |
资本形成比流动性清晰得多。等同空值的条目表示,截至 2026-05-25 当天或之前,公开记录未披露该指标。
[CI015, CI016, CI017, CI018, CI019, CI020]相对硬件公司,Supabase 看起来资本较轻,但客户规模、可靠性和合规仍会把现金拉向基础设施和支持。
[CI015, CI018, CI026, CI031, CI032, CI034]4.4 承销阻断点与反向证据
关键财务风险不是可见困境,而是披露不足叠加运营义务。Supabase 公开的信息足以理解定价架构、产品宽度、客户热情和融资历史,但仍扣住严肃投资者承销收入质量所需的指标:现金、烧钱速度、毛利率、实际定价、留存、集中度和净收入扩张。反向证据之所以重要,是因为它暗示隐藏成本基。2026 年 2 月故障持续 3 小时 42 分钟,源自 Supabase 自己的部署控制,而不是外部攻击或 AWS 大范围故障。事后复盘还承认,客户 Postgres 数据库的自动跨区域故障转移尚不可用。另有 GitHub issues 显示,速率限制行为和 schema 缓存 bug 仍会给付费用户制造摩擦,意味着真实的支持和产品加固开支。即便备案可见度也有限:Tracxn 只暴露实体层面的 Singapore 收入数据点,而本次运行中直接检索 OpenCorporates 被验证挑战阻断。结果是一个建设性但不完整的判断:经常性基础设施软件经济性有合理可能,资产负债表缓冲看起来也有意义,但严谨承销远未达到可辩护模型。[CI008, CI011, CI014, CI019, CI020, CI021]
| 缺失指标 / 文件 | 公开状态 | 为什么重要 | 当前代理 | 具体尽调路径 |
|---|---|---|---|---|
| ARR 和 GAAP 收入 | 无官方披露 | 需要用来对标估值、增长质量和收入耐久性 | 仅有 Sacra 和 TapTwice 估计 | 管理层收入历史、ARR 定义备忘录和月度收入桥 |
| 毛利率和 COGS | 无官方披露 | 需要确认基础设施软件的毛利结构和支持成本负担 | 计算和副本定价博客,加上客户工作负载案例 | 按产品面拆毛利率,并拆出云 / 支持成本 |
| 现金余额、烧钱速度和现金跑道 | 无官方披露 | 需要测试融资依赖和悲观情景韧性 | 仅有 Series D 规模和累计融资 | 月度现金桥、烧钱预测和悲观情景规划模型 |
| 实际成交价和折扣 | 无官方披露 | 标价不能揭示 ACV、爬坡、回款质量或让利水平 | 公开的 Free / Pro / Team / 定制企业版架构 | 顶级合约样本,含 ACV、期限、折扣和续约 |
| NRR、流失和集中度 | 未找到公开证据 | 对判断经常性收入质量和企业客户耐久性至关重要 | 只有客户 logo 和筛选过的案例研究 | 队列留存、logo 流失和前 10 大客户敞口 |
| 支持负担、补偿和可靠性成本 | 无量化披露 | 宕机和产品 bug 暗示隐藏的支持与补救开支 | 事故帖和 GitHub issue 线索 | 支持工单量、事故补偿和 SRE 人员成本 |
| 直接申报可见度 | 注册登记页被 challenge 拦截,保留下来的申报证据不完整 | 限制基本法律主体和收入验证 | Tracxn 主体行,加上被拦截的 OpenCorporates 检索 | 获取本地注册登记摘录、经审计主体报表和所有权结构图 |
本表直接记录投资判断中的卡点,而不是用低置信度猜测填补。
[CI008, CI011, CI020, CI021, CI034, CI036]05产品与技术
5.1 集成产品表面与开发者工作流
Supabase 卖的与其说是单个数据库功能,不如说是一套围绕 Postgres 紧密捆绑的后端运营表面。官方首页、文档、YC 资料和价格页面都描述了同一个核心模式:每个项目从一个 Postgres 数据库开始,再往上叠身份验证、自动生成 API、边缘计算、实时同步、存储和向量工具。这很重要,因为买方工作流异常短。小团队无需缝合多个控制平面,就能立起身份验证、关系型数据、文件处理和服务端逻辑。客户证据显示这套打包能力在实践中的用法。Xendit 用完整 Postgres 加扩展,不到一周就上线制裁筛查工作流;Maergo 用 PostgREST 替换笨重中间件;Chatbase、Markprompt 和 Quivr 用同一套集成栈承载 AI 和检索工作负载。产品包装也映射了工作流:免费和低端方案暴露平台完整形态,用量和治理功能向上扩展,而不是迫使早期架构重写。[CE001, CE002, CE003, CE004, CE005, CE007]
| 模块 / 资产 | 核心用户任务 | 当前状态 / 成熟度 | 差异化 | 主要尽调缺口 |
|---|---|---|---|---|
| 专用 Postgres 数据库 | 核心应用数据、SQL、触发器、扩展和可移植性 | 核心底座;每个项目都有 | 以单个 Postgres 集群托住其余产品,而不是把数据库当作附加项 | 没有公开的独立基准测试包覆盖 OLTP 与分析混合的生产负载 |
| Auth、Data API 与 RLS | 用户身份、会话处理、受策略控制的 CRUD 访问 | 成熟核心模块,托管版已有定价,并可通过审计日志增购 | 授权落在 JWT 和 Postgres RLS 上,让应用与 API 访问共用一套策略模型 | 写出稳健 RLS 策略仍有复杂度,部分负担会压到客户身上 |
| Storage | 文件、媒体、分析数据和向量相关对象管理 | 已成熟,正从简单 blob 扩到更多场景 | 支持 S3/REST/TUS、CDN、图片转换,并与 Postgres 策略集成 | 公开文档尚未按负载类型完整量化大规模耐久性 / 性能层级 |
| Realtime | 协作更新、在线状态、广播和数据库变更流 | 功能面成熟,用例清晰 | 基于 Postgres 变更、广播和在线状态搭出来,而不是另起一套同步数据模型 | 离线 / 移动端语义的公开成熟度仍不如 Firebase 式默认能力 |
| Edge Functions | 自定义后端逻辑、钩子、webhook 和低延迟 API | 已成熟,但部分工作流仍对运维细节敏感 | Deno 兼容的 TypeScript 运行时,带网关鉴权处理,并与本地 CLI 保持一致 | 冷启动、连接池和自托管 URL 假设仍需小心处理 |
| Vector / AI 工具包 | 向量嵌入、语义搜索、RAG 和 AI 原生应用存储 | 增长很快,已有客户证据支撑 | 向量、元数据、Auth 和业务数据留在同一个 Postgres 系统里 | 官方公开证据更能证明设计赢单,较少证明经过审计的检索质量或成本曲线 |
| 自托管部署 | 在隔离或合规受限环境中运行整套栈 | 能落地且有文档,但与托管云不具备功能齐平 | 开源姿态真实,降低锁定风险 | 仅托管版功能以及由运营方承担的 HA/DR,限制了自托管开箱即用的企业就绪度 |
各行区分今天已经明确产品化的能力,以及托管云成熟度或自托管齐平仍要继续尽调的地方。
[CE001, CE003, CE004, CE005, CE006, CE007]| 用户任务 | 当前工作流 | Supabase 方案 | 可量化收益 / 证据 | 主要限制 |
|---|---|---|---|---|
| 快速上线全栈 SaaS MVP | 小团队需要 Auth、数据库、API 和存储,但不想编排后端 | 从一个项目起步,围绕同一个 Postgres 集群打开 Auth、API、Storage 和 Functions | Resend 和 Xendit 称,不必先搭后端管线就能快速发货 | 公开证据多是筛选过的客户叙事,不是中立实施研究 |
| 替换中间件很重的 CRUD 后端 | 团队想要关系型数据,也想要受策略控制的 API,但不想写太多自定义胶水代码 | 用 PostgREST、Auth token 和 RLS 安全暴露应用数据 | Maergo 大幅压缩代码库,并把部署时间降到秒级 | RLS 和 schema 设计仍需要数据库素养,才不至于误配置 |
| 在同一套数据系统上构建 AI / RAG 产品 | 开发者希望向量、元数据、文件和 auth 放在一起 | 在同一平台上使用 pgvector,并配合 Storage / Auth / Functions | Chatbase、Markprompt、Quivr、Firecrawl 和 Humata 都描述了整合收益 | 最好的公开证据来自客户侧;独立的生产基准仍然不足 |
| 支持受监管或需安全审查的买方 | 团队需要私有网络、可审计性、SSO 和合规材料 | 升级到 Team 或 Enterprise,获得 PrivateLink、审计日志、角色和证书访问 | Enterprise 页面和 ISO 文章明显改善采购姿态 | PrivateLink 目前只覆盖数据库连接,不覆盖 Supabase 全部表面 |
| 扩展读密集或分析密集应用 | 工作负载超出单实例的简单边界 | 先使用更大计算资源,或增加读副本来隔离分析和区域读取 | Chatbase 和 Resend 的公开材料都贴合读副本和扩展叙事 | 写密集或跨区域故障转移需求,单靠副本解决不了 |
本表把具体的构建者任务映射到产品组合;它刻意区分快速构建的证据,和企业级成熟度这一证据较弱的主张。
[CE001, CE004, CE005, CE007, CE008, CE009]常见开发者路径是先启动一个 Postgres 项目,再打开相邻模块;只有当工作负载复杂度上升时, 才增加运营复杂度。
[CE001, CE004, CE005, CE007, CE008, CE009]5.2 以 Postgres 为中心的架构、可扩展性与自托管
架构差异点在于连贯性。Supabase 自己的代码仓库和文档显示,它是一套有明确主张的技术栈:PostgREST、GoTrue、Realtime、Storage、pg_graphql、postgres-meta 和 Kong 围绕独立 Postgres 集群组装,而不是作为彼此断开的托管服务暴露。Auth 把状态存进 Postgres,并把授权推入 JWT 加行级安全;Storage 也继承数据库的策略语义;Realtime 跑在 Postgres change streams 上;Edge Functions 则经由网关路由,在代码进入 Deno-compatible edge runtime 之前应用身份验证和流量规则。这比泛泛的「后端即服务」营销更强,因为它解释了团队为何能在多个模块之间共享数据模型、策略和运营上下文。自托管延伸了这一姿态,但有真实限制。Supabase 官方支持基于 Docker 的自托管,面向需要控制、合规或隔离的团队;但同一份文档也明确说明,branching、advanced metrics、managed backups/PITR、analytics/vector buckets、ETL 和 management API 等仅托管能力不会免费随行。实践中,Supabase 的开放性真实存在,但企业级自托管仍需要相当的运维能力。[CE004, CE008, CE010, CE011, CE012, CE013]
| 层级 / 流程 / 组件 | 角色 | 依赖 | 薄弱时的风险 |
|---|---|---|---|
| 每个项目一个隔离的 Postgres 集群 | 承载关系型数据、扩展和核心策略状态的记录系统 | 托管 Postgres 运维和扩展兼容性 | Postgres 运维一旦滞后,几乎所有上层模块都会一起降级 |
| Auth + JWT + RLS 路径 | 创建身份,并通过策略限定数据库 / API 访问范围 | GoTrue、JWT 签名、Postgres schema,以及客户编写的 RLS 策略 | 默认设置薄弱或策略体验差,可能带来安全暴露或开发者流失 |
| 经 PostgREST / 网关的 API 层 | 把数据库对象变成面向应用的 API,并集中处理流量 | PostgREST、Kong、auth header 和 schema 状态 | schema 缓存或网关故障可能打断大范围应用功能 |
| Realtime 变更和在线状态管线 | 把数据库变更和临时事件转成 websocket 推送更新 | 逻辑复制、Realtime 服务,以及已授权的客户端订阅 | 一旦延迟高或脆弱,协作和实时 UX 主张会迅速变弱 |
| Edge 运行时和自动化路径 | 在用户附近运行低延迟 TypeScript 函数和 hook | Edge gateway、Deno 兼容运行时、密钥,以及安全的 Postgres 连接模式 | URL 生成、连接池或冷启动等运维坑,可能在生产中暴露 |
| 托管与自托管控制平面分割 | 决定客户实际能获得哪些治理、备份、指标和平台 API | Docker / 自托管支持、文档和企业支持动作 | 客户可能高估二者平价,并低估自托管环境所需的运维工作 |
架构之所以自洽,是因为大多数模块最终都回到 Postgres;尽调的主问题不是这些部件是否存在,而是运营耦合会在哪里变成共同故障模式。
[CE002, CE004, CE008, CE010, CE011, CE012]Supabase 以单一 Postgres 中心控制平面为底座,向外叠加认证、存储、实时能力和边缘计算。
[CE001, CE004, CE005, CE007, CE008, CE009]Supabase 最强的优势来自一体化,但同样的一体化也集中了运维和基础设施依赖。
[CE002, CE010, CE011, CE013, CE017, CE026]5.3 企业包装、平台速度与扩展信号
Supabase 现在呈现的已不只是独立开发者捷径。价格和企业页面显示,从自助用量到重治理账户的迁移路径很清楚:更高层级绑定 SSO、审计日志、自定义角色、PrivateLink、更长日志保留、指定支持、SLA 和合规帮助。过去一年的公开技术证据也显示,平台在真实推进,而不是静态功能营销。官方材料覆盖 ISO 27001 认证、带有具体 2026 年路线图事项的 2025 年安全加固周期、面向私有数据库连接的 PrivateLink beta,以及更明确的只读副本指南,用于分析隔离和区域延迟。客户故事强化了这些模块并非纯理论。Chatbase 计划基于副本做分析隔离,Humata 围绕大型向量工作负载使用企业支持,Resend 提到分区和副本支撑规模,Markprompt 加 Firecrawl 则显示向量栈可以支持生产 AI 用例,而不必强制引入独立向量数据库。主要限制是,这些性能证明多数仍是经过筛选的客户叙事,而非独立审计的运营基准。[CE014, CE015, CE016, CE017, CE019, CE020]
| 日期 / 阶段 | 功能 / 里程碑 | 状态 | 产品含义 | 来源 |
|---|---|---|---|---|
| 2025-04 至 2026 | 更广的 AI 原生 / vibe-coding 定位 | 已营销,并得到独立报道强化 | 推动 Supabase 成为 AI 优先构建者的默认后端,而不只是数据库买方的选择 | TechCrunch 加 TechFundingNews |
| 2025-2026 | 读副本指导和扩展手册 | 公开文档,并以商业方式定位 | 说明 Supabase 正从简单托管 Postgres 走向更明确的生产级运维 | Supabase 读副本文章加 Bytebase 2026 对比 |
| 2026 | 用于私有数据库连接的 PrivateLink | Beta / 向高阶层级开放,但有约束 | 不离开托管云,也能改善企业安全姿态 | Supabase PrivateLink 公告 |
| 2026 | ISO 27001 加更广的安全加固 | 已上线,并发布更多 2026 路线图项目 | 说明信任 / 合规工作在推进,不只是销售话术 | ISO 文章加安全复盘 |
| 2026 年计划 | 授权开关、默认禁用 GraphQL、推送保护、加固配置、测试框架、更广的 Assistant 集成 | 路线图,并非全部已交付 | 暗示 Supabase 会继续投入默认安全的开发者工作流 | Supabase 2025 安全复盘 |
| 未来 / 尚不可用 | 通过 Multigres 实现自动跨区域 Postgres 故障转移 | 明确尚未可用 | 关键工作负载下最重要的剩余平台韧性缺口 | 2026 年 2 月事故复盘 |
各行刻意区分已交付控制、路线图表述,以及管理层明确表示尚不可用的韧性能力。
[CE015, CE017, CE019, CE021, CE022, CE025]Supabase 在 Postgres 支撑的核心模块上最强;私有网络、自托管一致性和韧性仍暴露范围限制。
[CE015, CE016, CE021, CE023, CE028, CE030]5.4 信任控制、故障与技术风险
信任图景在改善,但并不无摩擦。积极一面是,Supabase 现在公开记录了覆盖整个平台的 ISO 27001 范围、新 dashboard 表默认 RLS 保护、密钥轮换和泄露撤销改动、安全顾问、私有网络,以及常设外部测试和披露计划。这些信号对采购和生产采用都有意义。限制因素在于,可靠性和运营成熟度仍能看到缝隙。2026 年 2 月 us-east-2 故障是真正的平台级事件,由 Supabase 自己的部署控制触发;公司也承认,客户 Postgres 的自动跨区域故障转移尚不可用。公开状态页还记录了网络 / 提供商访问问题和持续的 pooler 维护。与此同时,GitHub issues 显示,生产信任关键领域反复出现开发者摩擦:不透明的身份验证邮件速率限制、RPC 路径上持续的 PostgREST schema 缓存故障,以及会破坏自托管 cron 流程的云形态 Edge Function URL 生成。由此得到的判断是建设性但谨慎:Supabase 在控制和透明度上明显强于许多开发者平台,但最弱环节仍是运营毛刺,且这些毛刺恰好出现在客户最希望基础设施隐入后台的时刻。[CE021, CE022, CE023, CE024, CE026, CE027]
| 控制 / 信号 | 状态 | 范围 | 支撑什么 | 剩余缺口 |
|---|---|---|---|---|
| ISO/IEC 27001:2022 认证 | 官方宣布 | 覆盖 Database、Auth、Storage、Realtime、Edge Functions 和 Data API 的 ISMS | 帮助国际买方完成安全审查和采购 | 认证是必要条件,但还不足以证明运行时可靠性 |
| 安全默认值和修复工具 | 公开文档 | 仪表盘表默认 RLS、事件触发器模式、Security Advisors、Assistant 工作流 | 把安全前移到开发者工作流,降低意外暴露 | 公开证据没有量化客户在实践中仍会多频繁误配置策略 |
| 现代密钥管理 | 公开文档 | 可发布密钥、可吊销密钥、非对称 JWT 支持、GitHub 泄露撤销 | 改善轮换、可审计性和爆炸半径控制 | 旧密钥迁移仍会持续到 2026 年底 |
| 私有网络 | Beta / 有限发布 | Team 或 Enterprise 上面向 Postgres 和 PgBouncer、仅限 AWS 的 PrivateLink | 降低公网攻击面,支撑受监管工作负载 | 尚未覆盖 API、Storage、Auth 或 Realtime 端点 |
| 企业控制和支持 | 商业可用 | 审计日志、访问角色、网络限制、指定专家、支持覆盖 | 提升企业采用准备度和迁移信心 | 公开证据停留在描述层面,不是经 SLA 级运营审计的证据 |
| 事故透明度和韧性姿态 | 可见但信号参差 | 详细的 2026 年 2 月事后复盘、公开状态页、明确承认故障转移缺口 | 透明度和根因披露较好 | 真实的平台级宕机,加上没有自动跨区域故障转移,使韧性仍是活跃风险 |
企业买方越来越看得懂这些控制,但本表把治理姿态和多区域故障场景下硬运行时韧性这个仍未解决的问题分开。
[CE015, CE016, CE017, CE018, CE021, CE022]06客户情况
6.1 客户分层、原型与可能预算
Supabase 的客户基础最好理解为分层漏斗,而不是一个同质买方群体。低端层面,它显然服务独立开发者、爱好者和早期创始人;这些人可以从免费或低成本托管方案起步,并在一处获得数据库、身份验证、存储和函数。具名故事展示了第二层:把 Supabase 用作生产基础设施的初创公司和 SMB 买家,包括 Chatbase、Markprompt、Firecrawl、Quivr、Humata 等 AI 原生产品;Resend 等开发者基础设施公司;以及 Good Tape、Mobbin、Voypost、Shotgun、Maergo 等数字产品团队。第三层采购更重,也更偏企业:GitHub Next、Mozilla、PwC 和 Epsilon3 都出现在官方企业页面上,合规、自托管、安全审查和支持功能被定位给更大账户。唯一可支撑的预算锚点是官方标价——Free、每月 $25 的 Pro、每月 $599 起的 Team,以及定制 Enterprise。这意味着可能的年客户支出,从几乎自助实验一路到 Team 和 Enterprise 合同;但 Supabase 没有公开披露 ACV、按方案划分的客户数,或收入中来自大型受监管买家的比例。 [CU001, CU002, CU003, CU004, CU005, CU006]
| 分群 / 原型 | 买方 / 付款方 | 典型用例 | 具名证据 | 可能的预算锚点 | 主要尽调缺口 |
|---|---|---|---|---|---|
| 自助开发者和单人创始人 | 个人构建者或极小产品团队 | MVP 后端、原型、黑客松应用、个人项目 | 官网和定价姿态;Quivr 与早期 Chatbase 故事 | 免费层级到 Pro($25/month)的标价锚点 | 没有公开披露免费项目转付费账户的转化率 |
| 初创公司和 SMB 产品团队 | 创始人、工程负责人或产品团队 | 需要快速获得数据库、Auth、Storage 和 API 的生产 SaaS 应用 | Good Tape、Mobbin、Voypost、Shotgun、Maergo 等生产客户 | Pro 到 Team($599/month)加用量;实际支出未披露 | 未披露 ACV 或收入按套餐的构成 |
| AI 原生软件供应商 | 工程驱动的初创团队 | 向量搜索、RAG、AI 支持智能体、知识检索、内部工具 | Chatbase、Markprompt、Firecrawl、Quivr、Humata 等 AI 原生客户 | 一旦用量、支持或合规要求上升,Team 和 Enterprise 最可能匹配 | 公开证据在功能适配上较强,在长期留存上较弱 |
| 交易型或运营型平台 | 运营或平台工程团队 | 支付筛查、物流、邮件基础设施、文档工作流 | Xendit、Maergo、Resend | 一旦可用性和安全审查变重要,Team 或定制 Enterprise 最可能匹配 | 没有客户层面的宕机抵扣或 SLA 绑定披露 |
| 企业创新和受监管团队 | 安全、平台或创新负责人 | 面向内部知识的 RAG、原型、自托管或合规敏感后端 | GitHub Next、Mozilla、PwC、Epsilon3、Humata 等企业客户 | Team 从 $599/month 起;Enterprise 定制,包含 SSO、审计日志、PrivateLink 和支持 | 没有具名企业合同金额、赢单率或续约数据 |
| 自托管 / 对控制敏感的买方 | 有隔离或合规需求的团队 | 开源可迁移性、数据控制、定制网络或内部托管 | Epsilon3 关于自托管的引述;Quivr 偏好本地运行;Markprompt 的开源定位 | 定制运维预算可能超过标价,因为自托管把工作转移给买方 | 公开证据没有显示这类用户有多少转为托管 Enterprise |
预算规模只能锚定公开标价和客户故事暗示的要求;Supabase 不披露实际 ACV 或套餐结构。
[CU001, CU002, CU003, CU004, CU005, CU006]6.2 具名客户、案例研究与生产使用证明
本章最强的证据不是 logo 陈列,而是一组数量可观、带有具体工作负载细节的具名生产故事。Maergo、Shotgun、Good Tape、Markprompt、Mobbin、Chatbase、Firecrawl、Quivr、Xendit、Resend、Voypost 和 Humata 都描述了真实部署,许多还补充了比普通初创客户页更具体的量化结果。Maergo 提到 100x 压测流量和快得多的部署;Shotgun 提到基础设施成本降低 83%、数据库响应时间下降;Good Tape 报告每周 75,000 次转写、客户分布 130 个国家,并在一个月内迁移数据库和身份验证工作负载;Chatbase 称平台支持数千个生产 AI 智能体和超过 8,000 名付费客户;Resend 报告超过 5,000 名付费客户、超过 300,000 名注册用户和每日数百万封邮件。Xendit 的制裁筛查工作流不到一周就上线生产,据称九个月无问题运行。这些都是有意义的证明,说明 Supabase 被有收入的软件企业用于生产;但大多数来源材料仍来自 Supabase 撰写的案例研究,而不是客户撰写的复盘或中立审计。 [CU004, CU005, CU006, CU010, CU011, CU012]
| 信号 | 客户 / 队列 | 数值 | 日期 / 阶段 | 证明什么 | 限制 |
|---|---|---|---|---|---|
| 平台漏斗顶部 | Supabase 官方计数器 | 已创建 16M+ 个数据库;每日启动 90k+ | 当前官方页面 | 大型自助开发者漏斗确实存在 | 看不出付费客户质量或留存 |
| AI 支持平台规模 | Chatbase | 8,000+ 付费客户;ARR 超过 $10M;数千个生产 AI 智能体 | 2026 年初 | Supabase 能支撑超过原型阶段的商业 AI 工作负载 | 公司自撰案例,不是经审计财务披露 |
| 邮件基础设施规模 | Resend | 5,000+ 付费客户;300,000+ 注册用户;每日数百万封邮件 | 上线平台两年后 | 买方可以在 Supabase 上从初创扩展到有意义的生产体量 | 没有提供独立可用性或流失数据 |
| 媒体 / 转录规模 | Good Tape | 每周 75,000 次转录;98 种语言;130 个国家;>€1M ARR | 迁移时的增长阶段 | 全球生产使用和真实收入生成 | 指标来自 Supabase 自撰故事的引用 |
| 开源到托管转化 | Quivr | Supabase 上 5,100 个数据库;略多于 2 个月内 17,000 次注册;500 日活用户 | 病毒式开源发布后 | 社区采用可以转化为 Supabase 上的托管使用 | 这是客户案例,不是 Supabase 自身的转化披露 |
| 产品受众规模 | Mobbin | 服务 200,000+ 创作者;400,000+ 注册用户 | 迁移后状态 | 消费级规模的产品团队在生产中使用 Supabase | 未披露收入或套餐层级 |
| 运营部署速度 | Xendit | 生产制裁筛查方案不到一周上线 | 初始部署 | 快速进入生产是反复出现的客户价值主题 | 范围是特定工作流,不是整个 Xendit 平台 |
| 机构 / 企业支持案例 | Humata | 数百万用户;提到企业套餐和专家支持 | 当前故事框架 | 企业支持动作真实存在,不只是营销文案 | 公开证据仍停留在客户故事层面,不是采购文件 |
本表混合了 Supabase 全平台漏斗计数和客户特定部署信号,因为公司没有发布可直接入章的客户队列材料。
[CU017, CU019, CU021, CU023, CU024, CU025]| 客户 | 分群 | 部署 / 用例 | 生产还是试点 | 结果 / 证据 | 限制 |
|---|---|---|---|---|---|
| Maergo | 物流 / 交付平台 | 基于 Supabase 的交付运营后端和业务逻辑 | 生产环境 | 730k LOC 降到 95k LOC;部署从 12-15 分钟降到秒级;承受 100x 负载测试流量 | 故事由 Supabase 撰写,不是 Maergo 自述 |
| Shotgun | 活动平台 / 数字产品团队 | 从 DigitalOcean 及 Fivetran 占比较重的技术栈迁移数据库 | 生产环境 | 数据库相关支出从 >$12k/month 降到 $2,155/month;响应时间降低 40% | 没有独立成本审计或合同条款披露 |
| Good Tape | AI 转录 SaaS | 为快速增长的转录产品迁移托管 Postgres 和 Auth | 生产环境 | 每周 75k 次转录;130 个国家;后端成本降低 60%;一个月完成数据库和 auth 迁移 | 客户引述很强,但仍是公司策划的案例研究 |
| Markprompt | AI 支持 / 文档平台 | 面向企业级支持智能体的向量数据库和 auth | 生产环境 | 索引 500k+ 个内容片段,每日新增 10k-50k 个内容片段;强调 GDPR 定位 | 结果集中在规模 / 合规,不涉及续约或 NPS |
| Mobbin | 设计研究 / 创作者平台 | 从 Firebase 迁移认证和关系型后端 | 生产环境 | 200k+ 创作者和 400k+ 注册用户;auth 痛点解决,支出下降 | 没有明确支出数字或留存数据 |
| Chatbase | AI 客服平台 | AI 智能体和内部工具的全栈生产后端 | 生产环境 | 8,000+ 付费客户;ARR 超过 $10M;数千个生产智能体;上探高端市场的动作有记录 | 业务指标是客户故事中的说法,不是经审计文件 |
| Firecrawl | AI 网络数据 / 开发者工具 | 用于文档搜索的向量搜索和元数据存储 | 生产环境 | 自 3 月以来周活用户增长近 300%;客户认为 Supabase 比替代方案更简单、更便宜 | 性能主张是 Supabase 故事中的客户比较说法 |
| Quivr | 开源 / 托管 AI 知识产品 | 向量数据库、auth、storage 和 Edge Functions | 生产环境 | 1.6M 个向量嵌入;5,100 个数据库;略多于 2 个月内 17k 次注册;托管应用 500 DAU | 托管收入和留存仍未披露 |
| Xendit | 金融科技 / 支付 | 制裁名单筛查和搜索工作流 | 生产环境 | 不到一周构建并上线;生产运行九个月没有问题 | 证明的是窄工作流,不是全账户依赖 |
| Resend | 开发者邮件基础设施 | 快速增长邮件 API 的数据库和 auth 基座 | 生产环境 | 5,000+ 付费客户;300,000+ 注册用户;每日数百万封邮件;提到读副本和备份 | 能支撑规模的信号,但没有独立 SLA 数据 |
| Voypost | B2B 软件开发 / 合同工作流 | 面向合同谈判平台的 Firebase 迁移 | 生产环境 | 核心迁移不到六个月完成;代码库减少 25%;开发速度快 20% | 改善是运营层面、基于故事,不是外部基准 |
| Humata | 企业 / 政府知识 AI | 面向文档分析的向量、auth、Realtime 和企业支持 | 生产环境 | 向量成本降低 4x;数百万用户;提到大型企业和政府机构 | 没有公开采购或续约记录连接到具名机构 |
各行列出截至 2026-05-25 本章本地来源集中保留的每一项具名客户证明,不代表 Supabase 曾公开提及的全部客户。
[CU004, CU005, CU006, CU010, CU011, CU012]6.3 价值证明与企业就绪度
Supabase 帮买家把多个后端工具压缩成一个以 Postgres 为中心的系统时,价值案例最有说服力。保留故事中,买家反复提到同一组经济收益:更快首发、更少供应商、更低基础设施成本、更少自定义中间件、更容易支持,以及小型工程团队更少的运营负担。指标很具体:Shotgun 把数据库相关支出从每月超过 $12,000 降到每月 $2,155;Good Tape 将后端费用降低 60%;Humata 报告迁移向量工作负载后成本降低 4x;Voypost 称开发速度提升 20%;Maergo 降低了代码和部署复杂度;Chatbase 强调,随着它走向上市场,一个平台和一条支持关系很重要。官方包装——ISO 27001、SOC 2、HIPAA 和 GDPR 定位、审计日志、基于角色的控制、更长日志保留和 PrivateLink——再加上围绕迁移和指定专家的支持承诺,都有助于企业就绪度。关键尽调限制是,大部分证明仍由公司筛选。Supabase 有许多客户引语和指标,但客户域名案例研究、采购记录或独立基准包少得多,投资者难以把好故事与可重复的企业级耐久度分开。 [CU001, CU002, CU012, CU014, CU015, CU017]
6.4 先落地再扩张动作、社区到企业转化与集中度未知
Supabase 的扩张动作看起来可信,但主要证据来自客户故事和产品包装,而不是直接队列披露。常见模式是一条窄切入点——托管 Postgres、身份验证或向量搜索——之后更广泛采用相邻模块,如存储、边缘函数、只读副本、备份、安全控制或企业支持。Good Tape 在数据库迁移后加入身份验证和更广后端服务。Resend 从 YC 阶段的快速概念验证(PoC)起步,之后依赖分区、只读副本和安全帮助。Quivr 展示了最明显的社区到托管路径:一个开源项目变成托管产品,获得 17,000 次注册和超过 5,000 个 Supabase 数据库。Chatbase 展示了一条平行路径:从 MVP 速度走向上市场可靠性工作。仍然缺失的是 Supabase 自己的转化数学。公司没有披露免费到付费转化、Team 到 Enterprise 转化、社区到企业转化、净留存率(NRR)、总留存率(GRR)或头部账户集中度。具名证明集按垂直领域看是分散的——物流、fintech、email、设计研究、AI 支持、文档和知识工作——但这不等于收入多元化。尽调的正确结论是,先落地再扩张故事在案例层面可见且合理,而集中度风险很大程度上仍未知,因为公司扣住了能证明耐久度的指标。 [CU021, CU029, CU030, CU031, CU032, CU033]
| 扩张驱动 / 风险 | 证据 | 可能影响 | 当前判断 | 尽调路径 |
|---|---|---|---|---|
| 数据库 / auth 切入口扩展到更宽技术栈 | Good Tape、Quivr、Resend 与 Chatbase 都提到,随着时间推移使用了多个 Supabase 模块 | 成功账户的收入更高 | 案例里能看到正向推进 | 询问按套餐划分的产品附加率数据 |
| 免费 / 社区用户扩展到托管或付费 | Quivr 和 Chatbase 展示了开发者社区牵引转化为付费托管使用的客户案例 | 让原型之外也能变现 | 放到 Supabase 自身也说得通,但仍只是轶事 | 要求提供免费到付费、社区到 Team / Enterprise 的转化队列 |
| 从 startup 走向高端企业客户 | Chatbase、Resend、Humata 和企业包装都显示,治理需求随时间变强 | 支撑更高 ACV 和更黏的账户 | 可信,但缺少转化或续约数据量化 | 要求提供 Team 到 Enterprise 的赢单率和平均扩张周期 |
| 行业多元化降低单一垂直证明偏差 | 案例覆盖物流、活动、AI 支持、邮件、金融科技、设计研究和知识软件 | 让产品论点看起来更宽,而不是小众 | 证明集层面是正面信号 | 要求按垂直行业和套餐层级拆分收入 |
| 客户集中度仍未知 | 未披露公开的头部账户收入数据、套餐组合或续约集中度 | 可能显著改变下行风险 | 负面信息缺口 | 要求提供头部客户集中度、最大账户流失风险和依赖图 |
| 信任冲击可能打断扩张 | 宕机、访问问题和 auth 摩擦可能拖慢企业转化,或触发账户复盘 | 影响新销售和续约 | 真实存在,但公开资料尚未显示造成重大流失 | 要求做事故后流失、事故抵扣和管线损失分析 |
模块附着层面的扩张故事成立,但集中度风险大多仍不透明,因为 Supabase 不发布客户收入集中度或留存指标。
[CU029, CU030, CU031, CU032, CU033, CU034]典型路径从开发者发现开始,进入生产部署、治理审查,再扩展到更大的账户。
[CU007, CU008, CU026, CU029, CU030, CU031]Supabase 的客户动作从开发者发现和自助激活,走向模块附着和企业控制项。
[CU001, CU002, CU029, CU030, CU031, CU032]6.5 客户风险、流失盲点与反向证据
最大的客户风险不是缺少客户标识,而是筛选过的成功故事之外,缺少干净的耐久数据。本章公开材料没有提供客户留存、logo 流失、续约率、头部客户暴露,或可辩护的独立满意度语料。本次运行中,G2 和 TrustRadius 评价 URL 都被验证挑战阻断或限速,这本身提醒我们,独立评价可见度很薄。更重要的是,真实反向运营证据存在。2026 年 2 月 us-east-2 故障源于 Supabase 内部配置错误,导致客户数据库、身份验证、存储、函数和相关服务离线 3 小时 42 分钟。状态记录还显示 Brazil 网络提供商访问问题,以及持续的 shared-pooler 维护活动。另一个 GitHub issue 显示,使用身份验证邮件 hooks 的客户仍可能碰到不透明的邮件速率限制,并被阻断超过 30 分钟。这些问题不会抹掉正面客户故事——Good Tape、Resend、Humata 等在迁移后明确称赞支持和可靠性——但它们说明客户信任承销不能止步于证言。Supabase 在证明广度上很强,价值兑现还不错,但外部验证的耐久度只能算中等。 [CU027, CU028, CU033, CU035, CU036, CU037]
| 指标 / 视角 | 公开状态 | 受影响客群 | 置信度 | 尽调问题 |
|---|---|---|---|---|
| NRR / GRR | 未公开披露 | 全部付费客户,尤其是企业客户 | 低 | 要求按套餐和队列年份提供 NRR、GRR 与总 logo 留存 |
| 头部客户集中度 | 未公开披露 | Enterprise 及规模更大的 Team 账户 | 低 | 要求提供前 10 大客户收入占比和流失历史 |
| 独立评价语料 | 本轮抓取中,G2 和 TrustRadius URL 遭遇限速 / 挑战拦截 | 外部满意度尽调 | 中 | 用获批访问权限重新抓取评价,或直接取得评价导出 / 客户推荐 |
| 正面支持 / 信任轶事 | Good Tape、Resend、Humata 与 Chatbase 都把支持或安心感列为有意义的价值 | 生产环境初创公司和企业买家 | 中 | 询问支持 SLA、响应时间分布和推荐电话名单 |
| 运营信任记录 | 2026 年 2 月宕机,以及后续巴西访问问题和连接池维护均已公开 | 任务关键型及地域敏感买家 | 高 | 要求提供事故率历史、已支付抵扣,以及按地区和套餐划分的正常运行时间 |
| 产品摩擦信号 | GitHub issue 显示,auth email hook 流程可能遇到不透明限速,持续 30 多分钟 | 把 auth 嵌入生产注册流程的开发者 | 中 | 要求说明当前限速架构、异常处理和企业覆盖机制 |
公开资料没有留存和满意度字段时,正确做法不是猜,而是直接提出尽调问题。
[CU026, CU028, CU033, CU035, CU036, CU037]| 信号 | 客户影响 | 证据 | 重要性 | 局限 |
|---|---|---|---|---|
| 2026 年 2 月 us-east-2 宕机 | 受影响客户无法使用数据库、Auth、Storage、Realtime、Functions 及相关服务 | 官方事故复盘称,内部配置错误造成 3 小时 42 分钟影响 | 直接检验企业和生产买家是否应信任 Supabase 承载任务关键型负载 | 单次严重事故本身不能证明大范围流失或系统性不可靠 |
| 巴西网络提供商访问问题 | 据称部分客户无法从某个 ISP 访问 Supabase IP,Supabase 建议他们改用 VPN 或备用网络作为临时方案 | 公开状态更新记录了访问问题和向 ISP 升级处理的努力 | 说明客户体验仍可能受核心数据库层之外的外部网络提供商条件影响 | 公开记录显示,范围似乎局限在特定地域 |
| 共享连接池维护波次 | 使用旧版 shared-pooler 连接字符串的部分客户,被告知在计划维护窗口内可能遇到错误 | 状态历史详列了各地区 V1 到 V2 pooler 升级 | 说明多租户运营变更仍会影响客户体验,尽调需要看清 | 计划维护不等同于非计划宕机 |
| Auth email hook 限速摩擦 | 一个公开 issue 报告称,即使设置了 auth email hook,注册尝试仍被阻断超过 30 分钟 | GitHub issue | 凸显这类尖锐边角在生产 onboarding 流程中可能被放大 | 单个 issue 证据不能证明其在安装基数中的普遍性 |
本表捕捉保留来源集中最显眼的信任风险事件;它不是完整事故台账,也不是直接的流失分析。
[CU035, CU036, CU037, CU038, CU039, CU040]公开客户证明在生产使用轶事上最强,在可独立审计的留存和满意度上最弱。
[CU024, CU025, CU026, CU027, CU028, CU033]07风险
7.1 可靠性和运营风险已有证据,不再是假设
当前记录中最大的下行,是托管平台的运营脆弱性。Supabase 2026 年 2 月 us-east-2 事故不是窄幅降级:内部部署在区域层面启用 AWS VPC Block Public Access,导致数据库、身份验证、存储、函数、实时和相关服务离线 3 小时 42 分钟。事故重要,不只是因为故障会发生,更因为公司同时披露,客户 Postgres 的自动跨区域故障转移仍不存在。状态材料随后显示第二类风险:Supabase 无法直接控制的网络路径依赖,包括 Brazil 访问问题,客户在公司追查 ISP 时只能依赖 VPN 临时方案。GitHub issues 加上第三层证据。负面案例并非同一个 bug;它们横跨不透明身份验证邮件限速、持续 RPC schema 缓存损坏,以及自托管边缘函数 URL 假设。只读副本和更大计算规格指南是有用缓释,但无法抹掉一个事实:运营毛刺仍坐在客户默认认为应该直接可用的核心路径上。[CR001, CR002, CR003, CR004, CR005, CR006]
| 失效模式 | 公开证据 | 可能性 | 严重性 | 缓释成熟度 | 剩余敞口 | 未解决缺口 |
|---|---|---|---|---|---|---|
| 内部控制平面变更引发区域级托管云宕机 | 2026 年 2 月 us-east-2 宕机持续 3 小时 42 分钟,波及主要服务 | 中 | 严重 | 中 | 高 | 需要证明新护栏和 runbook 已防止复发 |
| 客户 Postgres 没有自动跨区域故障转移 | Supabase 称 Multigres 是未来状态,不是当前默认能力 | 中 | 严重 | 低-中 | 高 | 需要当前故障转移流程、客户资格,以及经测试的 RTO/RPO 区间 |
| 外部 ISP 或网络路径可达性问题 | 巴西访问问题中,Supabase 联系提供商期间,客户需要 VPN / 备用网络临时方案 | 中 | 高 | 低-中 | 中-高 | 需要更清楚看到区域路由冗余和客户沟通 playbook |
| Auth 工作流限流与不透明限速行为 | 公开 GitHub issue 显示,即使启用 Auth Email Hook,邮件发送仍被阻塞超过 30 分钟 | 中 | 中-高 | 中 | 中 | 需要文档化 hook 专属限额和运营者可观测性 |
| RPC 工作流中的核心 API / schema-cache 损坏 | 公开 issue 报告,重载和重启后仍持续出现函数歧义错误 | 低-中 | 高 | 中 | 中 | 需要确认修复,以及受影响项目的复发历史 |
| 自托管 edge-function 路由假设 | 公开 issue 显示,在 Docker 自托管部署中,云端风格的 DNS 生成会失败 | 中 | 中 | 低-中 | 中 | 需要更清晰的自托管功能等价边界和测试覆盖 |
运营风险来自官方事故报告和公开 bug 渠道的混合证据;本表把事件证据与剩余承销判断分开。
[CR001, CR002, CR003, CR004, CR005, CR006]风险最高的单元格由托管平台可靠性、竞争压力下的货币化不透明,以及治理 / 披露不确定性占据, 而不是某个单一的生死攸关法律事件。
可能性和影响是作者基于截至 2026-05-25 的公开证据综合评估。每个单元格列出该组合下最主要的具名风险, 而不是所有可能子风险。
[CR003, CR018, CR022, CR024, CR033, CR047]7.2 商业模式风险来自转化数学、定价压力和集中依赖
Supabase 的商业吸引力很明显:开源分发、强开发者好感和简单价格阶梯让初始采用变得容易。风险在于,同一结构把大部分耐久变现推向更窄的一组 Team 和 Enterprise 升级,而公开转化数学缺失。价格栈仍清晰分层,但公开语料里,投资者看不到方案组合、扩张、集中度或留存细节。即便市场安静,这个缺口也重要;竞争压力在两端上升后,它更重要。Bytebase 的 2026 年对比认为,Firebase 借 Data Connect 缩小了旧有关系型与 NoSQL 分野,同时仍保留更强的移动 / 离线工具;Tracxn 统计更广应用后端栈周围有数百个活跃竞争者。与此同时,Supabase 一些最佳企业缓释措施高度依赖外部,而非普遍适用。PrivateLink 有意义,但初始发布仅支持 AWS 且限同区域,条款也明确设想关键供应商或第三方产品故障时可能暂停服务。结果是,当开发者动能强时,这个模型看起来很有力量;但放到企业转化纪律和超大规模云厂商竞争面前,它更脆弱。[CR013, CR018, CR022, CR023, CR024, CR025]
| 依赖 | 交易对手 / 层级 | 角色 | 集中度 | 失效场景 | 严重性 | 缓释 | 剩余敞口 |
|---|---|---|---|---|---|---|---|
| 云和区域网络栈 | AWS 加 Supabase 管理的 VPC / 路由控制 | 运行托管数据库、网络和 PrivateLink 连接 | 高 | 配置错误或区域问题沿核心服务级联 | 严重 | PrivateLink、只读副本、未来 Multigres、新护栏 | 高 |
| 外部供应商 / 第三方产品 | 条款提到的未具名供应商,以及支付和安全工具 | 支撑部分服务交付和后台运营 | 中-高 | 供应商暂停或法律阻断迫使 Supabase 暂停客户访问 | 高 | 合同管理和客户通知义务 | 中-高 |
| 客户侧运营能力 | 自托管或合规敏感客户的工程团队 | 正确落地备份、安全配置、自托管和本地网络 | 中 | 即使责任共担,运营错误也会归咎于 Supabase | 中-高 | 文档、企业支持、托管云默认路径 | 中 |
| 竞争性平台替代品 | Firebase / hyperscaler 生态和其他后端平台 | 提供应用后端、auth、实时和 AI 开发者工作流的替代方案 | 高 | 功能差距收窄和价格压力降低升级或留存意愿 | 高 | 开源可迁移性、SQL/Postgres 定位、企业包装 | 中-高 |
本登记表同时纳入硬依赖和平台替代压力,因为二者都可能打断向大客户扩张。
[CR003, CR013, CR018, CR023, CR024, CR032]图中可见,Supabase 最有效的企业级缓释手段和最显眼的运营风险,都集中在少数云、供应商和客户实施依赖上。
[CR003, CR013, CR018, CR023, CR038, CR041]7.3 安全、合规和法律姿态在改善,但剩余负担仍落在客户身上
Supabase 值得肯定,因为它搭出了比许多开发者平台强得多的公开安全与合规叙事。公司现在指向覆盖主要服务的 ISO 27001、用于私有数据库连接的 PrivateLink、围绕密钥轮换和 RLS 默认值的 2025 年安全加固周期,以及让 HIPAA 和备份姿态更具体的安全页面。这些缓释措施有意义。它们并不会消除一个风险:合规要求高的买家仍面临有意义的尽调和合同不对称。Supabase 隐私通知称,公司对自身服务数据担任 controller、对客户数据担任 processor,传输可能涉及 United States 和 Singapore。European Commission 和 HHS 材料明确说明,GDPR 式传输保障和 HIPAA 式行政、技术、违规响应义务,不能只靠基础设施营销解决。Supabase 自己的条款也强化了这一点:PHI 需要 BAA,服务可因安全或供应商原因暂停,担保被广泛免责声明,责任设上限,争议进入仲裁。净效果是采购姿态比以前更好,但对受监管或高责任部署来说,合规姿态并不低摩擦。[CR009, CR010, CR011, CR012, CR013, CR014]
| 规则 / 法律风险面 | 司法辖区 / 受众 | 当前公开口径 | 可能性(12-24 个月) | 严重性 | 缓释成熟度 | 剩余敞口 | 尽调路径 |
|---|---|---|---|---|---|---|---|
| GDPR 式传输和处理者义务 | EU / UK 个人数据工作负载 | Supabase 披露了处理者 / 控制者划分和跨境传输;EU 规则要求 SCC 或充分性决定等保障措施 | 中 | 高 | 中 | 高 | 要求提供当前 DPA、子处理者名单、数据驻留控制和传输影响文档 |
| HIPAA / PHI 处理 | 美国医疗及医疗相邻买家 | 安全页面和条款仅在签署 BAA 且责任共担时允许 PHI | 低-中 | 高 | 中 | 中-高 | 审查当前 BAA 文本、日志范围、事故责任划分和客户义务 |
| 合同暂停、责任上限和仲裁 | 全部付费客户 | 条款允许因安全、供应商或法律原因暂停服务,排除广泛保证,设置责任上限,并强制仲裁 | 高 | 高 | 低-中 | 高 | 谈判企业 MSA/SLA 例外、抵扣、管辖地和安全责任条款 |
| 客户侧合规负担 | 受监管 / 采购流程重的账户 | 官方材料让合规态势更好,但配置、备份、凭证和法律合规步骤仍由客户承担 | 高 | 中-高 | 中 | 中-高 | 评估受监管管线质量前,先画清责任共担边界 |
各行按公开材料证明的主要法律 / 合规风险面排序;严重性和剩余敞口是作者截至 2026-05-25 的判断。
[CR009, CR014, CR015, CR016, CR017, CR018]7.4 治理和披露风险更多是承销输入不足,而非丑闻
Supabase 在公开尽调中的治理问题是不透明,而不是明显不当行为。公司是私营企业,投资者只能把公司营销页面与互相对不上的第三方数据库混在一起,三角测量业务健康。官方公司页面仍称 Supabase 已融资超过 $116 million,而 TechCrunch、TechFundingNews 和 Fortune/Yahoo 对 2025 年 Series D 的报道指向约 $398 million 累计融资、估值 $2 billion。Tracxn 更进一步,报告了 2025 年后续 Series E、$544 million 累计融资和 $5 billion 估值。用户指标也随来源移动:一篇融资文章称 2 million 开发者,公司页面称 7M+ 注册开发者,100k 星标文章称 8 million 开发者。这些数字不一定证明欺骗,但合在一起说明市场缺少一个权威、当前的运营基线。同样模式也适用于收入和集中度:第三方估计存在,但没有公开审计收入、没有留存披露,也没有干净方案组合数据。再叠加创始人和社区主导的叙事,关键人物和披露风险明显高于品牌光泽所暗示的水平。[CR025, CR026, CR027, CR028, CR029, CR033]
| 角色 / 职能 | 依赖或缺口 | 可能性 | 严重性 | 当前缓释 | 尽调路径 |
|---|---|---|---|---|---|
| 创始人 / CEO 叙事 | 公开故事和融资报道仍与 Paul Copplestone 及创始团队紧密绑定 | 中 | 高 | 品牌和社区亲和力强 | 审查接班深度、高管梯队和决策权 |
| 财务 / 披露纪律 | 公司页面和第三方追踪器之间的公开指标相互冲突 | 高 | 高 | 公司为私营,因此公开备案中看不到缓释 | 要求提供带定义和日期的标准 KPI 包 |
| 平台工程与 QA | 数据库、auth、storage、functions、AI 和自托管横跨面很宽,故障点很多 | 中 | 高 | 可见路线图、支持层级和安全复盘 | 询问事故数量、复盘关闭指标和发布 gating 流程 |
| 企业 GTM / 合规运营 | 走向高端市场需要合同谈判、审计答复、网络协助和支持成熟度 | 中 | 中-高 | 已有企业包装和指定支持 | 要求提供企业赢 / 输原因和安全审查周期 |
| 变现分析 | 没有公开的套餐组合、转化、留存或集中度数据 | 高 | 高 | 开发者规模和定价层级只提供间接线索 | 要求提供队列转化和头部账户敞口表 |
这里的执行风险聚焦于管理层深度和披露质量如何直接影响承销信心,而不是泛泛的 startup 招聘风险。
[CR025, CR026, CR027, CR029, CR033, CR034]7.5 缓释真实存在,但只有运营和披露证据变得更清晰,风险视图才会改善
这不是一条会被一张糟糕状态页或一条法律条款击穿的投资逻辑。Supabase 手里有清晰的缓释资产:庞大的开发者社区、近期融资能力、企业级包装、更好的安全默认值、ISO 认证、私有网络、读扩展指引,以及公开承认仍待补齐缺口的路线图。问题在于,最强的缓释项要么只向更大客户开放,要么依赖 AWS 或客户自己的实施纪律,要么仍有一部分停留在前瞻承诺。因此,观察项很直接。若 Supabase 能证明 2026 年 2 月之后运营记录干净,并发布更清晰的故障切换和多区域指引,可靠性风险会下降。若管理层披露套餐结构、企业转化、客户集中度,以及权威的融资和收入基线,商业模式风险会下降。若公司页面和第三方页面上的公开事实不再漂移,治理风险会下降。在那之前,审慎立场是把公司视为高潜力但剩余风险仍高:强到值得继续尽调,但透明度还不足以只靠叙事下判断。[CR010, CR011, CR013, CR036, CR045, CR046]
| 风险 | 可监测触发器 | 阈值 / 事件 | 行动含义 |
|---|---|---|---|
| 托管平台可靠性 | 又一次多服务事故 | 任何重复的区域级宕机,或缺乏更强故障转移证据的超过 1 小时跨产品事故 | 维持高风险评级;立即重审客户信任假设 |
| 灾难恢复成熟度 | 跨区域就绪度 | 到下次刷新时,仍没有更清晰的故障转移流程、已发布 runbook,或客户可用的多区域选项 | 继续抬高剩余基础设施风险 |
| 变现透明度 | 套餐组合和转化披露 | 仍无公开或尽调包数据说明免费到付费、Team 到 Enterprise 或集中度 | 将增长叙事视为商业上未证实,而不只是未披露 |
| 竞争压缩 | Firebase / hyperscaler 差距收窄 | 更多客户赢单偏向移动 / 离线或更低入门价替代品,而 Supabase 缺少企业转化证明 | 下调对利润率扩张和防御性的信心 |
| 合规与合同姿态 | 企业法律包质量 | 无法为受监管交易提供当前 BAA/DPA/SLA 例外,或清晰的责任共担材料 | 假设受监管垂直行业的企业销售周期更慢、流失风险更高 |
| 披露和治理可信度 | 规范经营基线 | 融资、用户或收入的公开指标在不同渠道仍然相互冲突 | 即使头部增长势头仍强,也要约束置信度 |
触发项选择可监控性而非精确性;每项都指向最能快速改变承销判断的事件,无论正面还是负面。
[CR036, CR045, CR046, CR047, CR049, CR050]主要下行路径有两条:可靠性和合规事件会侵蚀信任、推高支持成本;定价和竞争会削弱高阶套餐转化。两条路径最终都会压缩估值信心。
[CR022, CR030, CR045, CR046, CR047, CR049]7.6 证据图表
08估值
8.1 最新可支撑锚点与融资轮经济性
最干净的估值起点仍是 2025 年 4 月的 Series D:Supabase 融资 $200M,投后估值 $2B。TechCrunch 和 Yahoo Finance 都重复了这一锚点,也与公司仅七个月前刚完成约 $80M 融资后继续上行相符。同一组报道把本轮后累计融资额放在约 $398M,这一点重要,因为它给 Supabase 留出了用增长消化估值的时间,而不是立刻拿出按市价重估的证明。公开运营信号也解释了投资人为什么愿意给高价。本轮融资时,Supabase 已在谈约 2M 开发者和 3.5M 托管数据库;当前官方页面则显示 7M 注册开发者、98k+ GitHub 星标,以及超过 16M 个已创建数据库。这个规模故事支撑高溢价野心,但本身不能重置估值锚点。后续数据库条目和市场数据页面提到的 $5B 甚至 $10B,应保留为低置信度信号,而不是作为本章核心标记,因为它们还没有获得与已披露 Series D 同等质量的佐证。[CV001, CV002, CV003, CV004, CV005, CV006]
| 维度 | 评估 | 置信度 | 决策含义 |
|---|---|---|---|
| 建议 | 继续研究 | 中 | 保持跟进,但别把公开证据当作足以低成本验证 $2B Series D 轮的依据。 |
| 风险评级 | 高 | 中 | 收入透明度不足、企业转化不确定、可靠性风险,都可能迅速压缩价值。 |
| 估值立场 | $2B 偏高;只有 ARR 已接近 ~$100M 才算合理 | 中 | 要基于 2025 年 4 月估值承销上行空间,先要求当前 ARR 和利润率证据。 |
| 主要锚点 | 2025 年 4 月 Series D 轮:$200M 融资,投后估值 $2B | 高 | 除非后续融资出现更强佐证,否则本章采用该估值作为标尺。 |
| 最可能的下一个验证点 | 另一轮私募融资或老股价格发现 | 低 | 保留来源没有显示近期 IPO 准备度,因此下一个定价大概率来自私募市场,而不是公开市场。 |
本表对价格高度敏感:Supabase 可以是一家强公司,但报道中的 Series D 估值仍可能只有在特定条件下才站得住。
[CV001, CV003, CV016, CV036, CV045, CV046]| 维度 | 投资逻辑 | 反向逻辑 | 什么会改变判断 |
|---|---|---|---|
| 规模和分发 | 数百万开发者、持续增加的数据库创建量和强开源采用,给商业化带来真实漏斗。 | 规模指标大多停留在漏斗顶部,未披露付费转化和收入质量。 | 证明注册开发者和免费项目能转化为付费团队与企业合同。 |
| 企业路径 | 合规、支持、PrivateLink 和具名企业案例显示 Supabase 有机会向上打企业客户。 | 公开来源没有给出企业 ACV、客户集中度、续约质量或 NRR。 | 披露企业 ARR 占比、队列留存和头部客户敞口。 |
| 定价架构 | 工作负载放大后,用量超额费和附加模块可能撬动非线性扩张。 | 如果定价太慷慨或支持成本过高,基础设施重用量也会压低毛利率。 | 公布用量超额、SSO、日志和网络附加项的毛利率与附加购买率数据。 |
| 轮次经济性 | $398M 累计融资给公司留下跑进 2025 年估值的现金跑道。 | 后续 $5B 和 $10B 信号佐证较弱,可能是乐观预期跑在基本面前面。 | 确认 Series D 之后是否真的完成融资,以及条款如何。 |
| 可靠性和信任 | 事故透明度和修复动作是正面信号。 | 2026 年 2 月宕机说明,基础设施失误仍可能造成平台级中断。 | 拿出无重大事故的运营记录,并更清楚地证明多区域韧性。 |
反向逻辑集中在商业化和耐久性证据,而不是 Supabase 是否具备产品市场契合。
[CV003, CV005, CV006, CV007, CV024, CV025]尽管分发和融资信号很强,收入不透明和可靠性证据缺口抵消了这部分优势,因此投资建议仍保持谨慎。
该流程是定性图示,呈现本章推理链,而不是加权评分模型。
[CV005, CV006, CV016, CV021, CV028, CV043]8.2 收入三角测算与隐含倍数
投资判断的难点不是 Supabase 有没有收入,而是投资人按 $2B 定价时,真实收入运行率到底在哪里。公开第三方估计分歧很大。TapTwice 指向 2024 年约 $16M 收入、2025 年约 $27M 收入;GetLatka 则称 Supabase 到 2025 年 4 月已达到 $31M 收入,9 月达到 $70M。Sacra 另行估计 2025 年 ARR 约 $70M,高于 2024 年底约 $30M。这些数字在一个意义上方向一致,因为都意味着高速增长;但彼此并不接近,不能支撑精确判断。在 $2B 锚点下,隐含倍数按 $27M 约为 74x,按 $31M 约为 65x,按 $70M 约为 29x。对同一个融资标记来说,这个区间很大。Supabase 的货币化模型让差距更容易理解:官方定价显示 Free、$25 Pro、$599 Team 三个入口,以及存储、出站流量、时间点恢复、SSO、日志和自定义域名的用量收费;项目成熟为企业工作负载后,实际收入可能非线性扩张。即便如此,公开证据仍表明,本轮定价押注的是未来转化,而不仅是当前已披露收入。[CV008, CV009, CV010, CV011, CV012, CV024]
要支撑 $2B 估值,需要多少收入,很大程度取决于投资者采用哪一个公开倍数作为参照。
数值由 $2B 估值锚除以各选定倍数得出;它们是支撑门槛,不是预测。
[CV017, CV018, CV019, CV020, CV021, CV030]8.3 上市可比公司参照
Supabase 有用的上市可比组,不应抽象地叫「后端即服务」,而应是收入完全披露、已具规模的数据与开发者基础设施公司:MongoDB、Datadog、Snowflake 和 Cloudflare。它们不是完美同业,但合在一起能框定公开市场当前愿意为持久软件基础设施资产支付的价格。截至 2026 年 5 月 22 日,MongoDB 约按 9.7x EV/revenue 交易,Snowflake 约 12.5x,Datadog 约 20.6x,Cloudflare 约 32.5x。倒推 $2B 估值,这一区间意味着所需收入支撑分别约为:MongoDB 倍数下 $206M,Snowflake 倍数下 $160M,Datadog 倍数下 $97M,Cloudflare 倍数下约 $62M。这就是本章保持谨慎的核心原因。只有当投资人押注的是一条类似 Cloudflare 的溢价路径时,Supabase 第三方 2025 年高端估计 $70M 才开始更可信;而 $27M 至 $31M 的较低估计,明显低于大多数可比公司倍数所需的收入基数。官方 IR 页面和 SEC 文件页面也提醒读者,这些可比公司规模更大、业务更多元、披露更充分,因此其倍数更像情境上限,而不是私营公司直接出清价格。[CV017, CV018, CV019, CV020, CV021, CV022]
| 可比公司 | 市值 / 企业价值背景 | 收入背景 | 企业价值 / 收入 | 与 Supabase 的相关性 | 局限 |
|---|---|---|---|---|---|
| MongoDB | ~$26.3B 市值 / ~$23.9B EV | ~$2.46B TTM 收入 | ~9.7x | 数据基础设施里最接近的大型上市数据库平台可比公司。 | 业务披露规模大得多,拥有 50,000+ 客户和上市公司成熟度。 |
| Snowflake | ~$59.7B 市值 / ~$58.4B EV | ~$4.68B TTM 收入 | ~12.5x | 云规模基础设施经济性的有用数据平台可比公司。 | 工作负载组合和企业客户集中度画像很不同。 |
| Datadog | ~$79.1B 市值 / ~$75.7B EV | ~$3.67B TTM 收入 | ~20.6x | 增长质量在公开市场获得溢价待遇的基础设施软件可比公司。 | 可观测性不是数据库基础设施,类比较间接。 |
| Cloudflare | ~$76.4B 市值 / ~$75.8B EV | ~$2.33B TTM 收入 | ~32.5x | 展示优质开发者 / 基础设施倍数在公开市场可能是什么水平。 | 毛利率、客户规模和披露质量都强于 Supabase 的公开记录。 |
所选样本是部分公开可比公司,聚焦数据与开发者基础设施公司;这些公司有可直接观察的 2026 年 5 月市场指标,并非所有可能软件可比公司的完整集合。
[CV017, CV018, CV019, CV020, CV021, CV023]8.4 情景区间与倍数变化因素
实用的估值看法,是用情景框住 Supabase,而不是假装公开记录能支撑一个精确数字。悲观情景下,货币化更接近 $40M 至 $60M 收入,市场把 Supabase 视为扎实但仍在成熟的基础设施资产,给予约 10x-12x,价值约 $0.4B 至 $0.7B。基准情景下,Supabase 已更接近 $80M 至 $100M 收入,保持溢价增长,可支撑约 14x-18x 倍数,对应约 $1.1B 至 $1.8B。乐观情景下,企业转化加速,ARR 推进到约 $120M 至 $150M,市场继续奖励开发者基础设施的稀缺性,约 17x-20x 可支撑 $2.0B 至 $3.0B。推动倍数上行的不是更多注册量本身,而是证据:免费开发者规模正在转成大额企业合同,留存强、基础设施经济性可接受,并且可靠性足以承载关键任务工作负载。压低倍数的则相反:又一轮不披露经济性的拉伸融资、企业货币化弱,或反复运营事故让平台耐久度低于估值假设。[CV028, CV029, CV030, CV033, CV034, CV035]
| 情景 | 收入 / ARR 假设 | 倍数假设 | 估值区间 | 必须成立的条件 | 主要失败模式 |
|---|---|---|---|---|---|
| 悲观 | ~$40M-$60M | 10x-12x | ~$0.4B-$0.7B | 免费使用没有转化为实质性的企业经济性。 | 投资者认定平台有战略价值,但相对于已披露商业化水平估值过高。 |
| 基准 | ~$80M-$100M | 14x-18x | ~$1.1B-$1.8B | Supabase 展现稳健的企业转化和可信的基础设施软件经济性。 | 增长仍然不错,但从公开证据看还不足以完全支撑 $2B 轮次。 |
| 乐观 | ~$120M-$150M | 17x-20x | ~$2.0B-$3.0B | ARR 快速放大,企业占比改善,优质开发者基础设施的稀缺性延续。 | 执行落空或可比公司估值重置,把公司拉回基准情景。 |
| 当前锚点 | 未披露 | 由市场价格隐含 | $2.0B | 投资者当时押注未来转化和品类领导地位。 | 如果真实 ARR 明显低于 ~$100M,该估值可能跑在基本面前面。 |
这些区间是情景包络,不是 DCF 输出,因为公开证据没有披露经审计 ARR、利润率或优先权条款。
[CV030, CV033, CV034, CV035, CV036, CV038]公开证据支持围绕 $2B 锚点的宽区间,重心仍低于后来关于 $5B 的传闻。
最后一项作为区间外的冲突信号纳入,并非认可其作为估值锚。
[CV016, CV031, CV033, CV034, CV035, CV036]8.5 建议、估值下行风险与缺失证据
本章建议为继续研究,置信度中、风险高;$2B Series D 标记处在偏高到合理的边界,取决于真实 ARR 当时到底在哪里。换句话说,这个锚点可以支撑,但基于公开证据还谈不上便宜。主要的估值下行风险,是后续私募市场信号已经跑在已披露货币化前面。假设 $5B 标记成立,在 $70M 收入基数上意味着约 71x,在 $27M 基数上约 185x,以当前公开信息看很难支撑。可靠性风险同样重要,因为基础设施买家只有在信任平台能跑生产工作负载时,才愿意支付高倍数;2026 年 2 月故障,以及客户 Postgres 数据库缺少自动跨区域故障切换,说明一部分韧性工作仍在推进。最大的缺失证据很直接:当前经审计 ARR、净留存率、毛利率、企业 ACV 结构、客户集中度、完全稀释股本,以及任何清算优先权或老股交易条款。没有这些项目,本章可以理性框定估值,但不能用风险投资轮次的精度钉住它。公开证据也没有显示可见 IPO 准备信号,因此下一次估值验证点更可能是另一轮私募融资或老股交易,而不是近期上市。[CV016, CV031, CV038, CV043, CV044, CV045]
| 触发项 | 阈值 / 信号 | 为什么重要 | 行动含义 |
|---|---|---|---|
| 商业化证据偏弱 | 证据显示 ARR 或收入持续低于大约 $60M。 | 除非采用异常激进的倍数假设,这一水平很难支撑 $2B。 | 将 2025 年估值视为偏高;若没有价格重置,不承销上行空间。 |
| 平轮或下轮融资 | 下一轮价格等于或低于 $2B,或高度依赖结构化条款。 | 估值持平或优先权堆叠,说明市场并未干净利落地验证增长故事。 | 下调估值判断,重新聚焦下行保护。 |
| 可靠性恶化 | 再次出现持续数小时的区域性宕机,或韧性承诺推进缓慢。 | 基础设施要拿溢价倍数,必须让市场相信生产环境耐久性。 | 即使头部增长仍强,也要施加质量折扣。 |
| 缺乏披露的 $5B 估值 | 新的私募估值大幅上升,却没有匹配的 ARR、利润率或客户质量披露。 | 没有证据支撑的倍数扩张,会抬高下轮下调风险。 | 将后续估值视为投机信号,而不是可支撑的锚点。 |
| 企业转化停滞 | 公开或尽调证据显示高端市场采用偏弱,或扩张行为不佳。 | Supabase 的溢价情景要靠庞大开发者漏斗商业化。 | 把公司重估为强产品、弱商业化,公允价值随之下调。 |
这些触发项强调可监控且与估值相关,而不是泛泛的运营问题。
[CV028, CV029, CV031, CV037, CV038, CV043]| 主题 | 缺失证据 | 为什么重要 | 尽调路径 |
|---|---|---|---|
| 当前 ARR / 收入节奏 | 自 2025 年 4 月轮次以来,月度或季度经常性收入桥接表。 | 这是判断 $2B 公允还是偏高的最大单一变量。 | 索取管理层报告或董事会材料,对 2025 和 2026 年收入运行率进展做勾稽。 |
| 毛利率和基础设施成本画像 | 按产品面拆分的服务成本、支持负担和超额用量贡献。 | 基础设施溢价倍数取决于耐久的软件式单位经济性。 | 要求按数据库、Auth、Storage 和网络功能拆分毛利率趋势与工作负载成本。 |
| 企业占比和留存 | NRR、企业 ARR 占比、ACV 分布和客户集中度。 | 开发者采用只有转化为高粘性、可扩张支出才有价值。 | 审查队列分析、头部客户敞口和套餐层级迁移数据。 |
| 股权结构表和优先股堆叠 | 完全摊薄股数、清算优先权、老股交易和任何结构化条款。 | 如果条款激进,账面估值可能显著夸大普通股上行空间。 | 接受按市值重估回报前,先检查融资文件或股权结构摘要。 |
| 后续轮次佐证 | 对 Series D 后任何实际 $5B 融资或可信 2026 年进程的一手确认。 | 如果后续轮次确实以干净条款完成,估值叙事会改变。 | 通过公司材料、投资人信或原始融资文件确认。 |
尽调问题优先指向最可能改变估值的缺失输入,而不是重复已经可见的产品或采用事实。
[CV016, CV043, CV044, CV045, CV046]Supabase 在分发和产品拉力上得分最高,但在变现透明度和估值支撑上低得多。
分数是方向性的 IC 式判断,只基于截至基准运行日期留存的公开证据。
[CV016, CV032, CV036, CV043, CV044]免责声明
本报告是基于公开证据的尽调快照,不构成投资建议。重要的财务、法律、技术和合同事实仍未公开;任何投资决策前,都应直接向管理层并通过原始文件核验。
证据索引
| 编号 | 陈述 | 可信度 | 来源 |
|---|---|---|---|
| CO001 | Supabase was founded in 2020. | 高 | SO014, SO017, SO019, SO020 |
| CO002 | The retained public record consistently identifies Paul Copplestone and Ant Wilson as Supabase’s founders. | 高 | SO014, SO017, SO019, SO020 |
| CO003 | Supabase currently describes itself as the Postgres development platform. | 高 | SO001, SO002 |
| CO004 | Supabase positions itself as an open-source alternative to Firebase built with enterprise-grade open-source tools. | 高 | SO002, SO014, SO018 |
| CO005 | The core Supabase platform bundles Postgres, authentication, auto-generated APIs, Edge Functions, Realtime, Storage, and vector capabilities. | 高 | SO001, SO005 |
| CO006 | Supabase’s public free tier includes 50,000 monthly active users and 500 MB of database capacity per project. | 中 | SO004 |
| CO007 | Supabase’s Pro plan publicly starts at $25 per month and includes 100,000 monthly active users and 8 GB of disk per project before overages. | 高 | SO004, SO018 |
| CO008 | Supabase’s Team tier is publicly anchored at $599 per month, with higher enterprise needs handled through custom sales motions. | 高 | SO004, SO018 |
| CO009 | Retained first-party and YC-linked sources describe Supabase as fully remote or 100% remote. | 高 | SO003, SO016 |
| CO010 | Independent 2025 coverage describes Supabase as San Francisco-based or a San Francisco unicorn. | 中 | SO017, SO014 |
| CO011 | Tracxn ties Supabase to a Singapore legal entity and labels the company Singapore-based. | 低 | SO019 |
| CO012 | Paul Copplestone is the publicly visible CEO and co-founder in retained funding coverage. | 高 | SO014, SO017 |
| CO013 | Ant Wilson remains a named co-founder in retained founder and company-database sources. | 中 | SO014, SO019, SO020 |
| CO014 | Supabase’s public leadership narrative remains strongly founder-centric, implying meaningful key-person dependence on a small founding group. | 中 | SO003, SO014, SO017 |
| CO015 | Supabase’s company page emphasizes open-source maintainers, ex-founders, and engineers from major tech firms as part of the team’s identity. | 中 | SO003 |
| CO016 | Retained official company surfaces do not publish a current board roster or control map. | 中 | SO001, SO003 |
| CO017 | Tracxn lists Paul Copplestone and Anthony Wilson as current board team members and Thong Soo Kheon as a past independent board member. | 低 | SO019 |
| CO018 | No material leadership change surfaced in the retained public set, but the absence of a complete org chart makes that conclusion low-confidence. | 低 | SO003, SO019 |
| CO019 | Retained April 2025 coverage supports a $200 million Series D at a $2 billion valuation. | 高 | SO014, SO015, SO017 |
| CO020 | The latest round is most consistently associated with Accel, Coatue, Y Combinator, Craft Ventures, and Felicis, with some coverage also naming Kevin Weil. | 中 | SO014, SO015, SO017 |
| CO021 | The Series D followed an approximately $80 million prior round about seven months earlier that retained sources associate with Peak XV Partners and Craft Ventures. | 中 | SO014, SO017, SO018 |
| CO022 | The most defensible total funding figure after the Series D is approximately $396 million to $398 million, depending on rounding and inclusion conventions. | 中 | SO014, SO017, SO020 |
| CO023 | Supabase should be treated as a late-stage private company in a post-Series D phase. | 中 | SO014, SO017 |
| CO024 | Supabase’s current company page says the platform has more than 7,000,000 registered developers. | 中 | SO003 |
| CO025 | Supabase’s current company page says it has more than 98,000 GitHub stars, more than 190,000 followers, and more than 47,000 SupaTroopers. | 中 | SO003 |
| CO026 | A later official Supabase blog post says the project reached 100,000 GitHub stars and eight million developers building with Supabase. | 中 | SO008 |
| CO027 | Supabase’s enterprise page says the platform has created more than 16 million databases and launches more than 90,000 databases daily. | 中 | SO006 |
| CO028 | Official enterprise and customer pages name GitHub, PwC, Mozilla, and Epsilon3 as Supabase users and highlight customer-case metrics such as one million users in seven months and 83% cost reduction. | 中 | SO006, SO007 |
| CO029 | Retained third-party coverage cites materially different adoption counters, including 1.7 million developers with 81,000 GitHub stars and 2 million developers with 3.5 million database environments. | 中 | SO014, SO017 |
| CO030 | The retained public record does not support a precise current headcount for Supabase. | 中 | SO019, SO020 |
| CO031 | TapTwice estimates that Supabase employs about 124 people worldwide. | 低 | SO020 |
| CO032 | Tracxn says Supabase had 351 employees as of April 2026. | 低 | SO019 |
| CO033 | Supabase does not disclose a canonical revenue or ARR figure in the retained official source set, so public numbers are third-party estimates rather than company guidance. | 中 | SO018, SO020 |
| CO034 | TapTwice estimates Supabase generated about $16 million of revenue in 2024 and could reach about $27 million in 2025. | 低 | SO020 |
| CO035 | Sacra estimates Supabase reached roughly $70 million of ARR in 2025, a metric that is not directly comparable to TapTwice’s revenue estimate. | 低 | SO018 |
| CO036 | Supabase’s current company page still says the company has raised over $116 million, implying that some first-party profile surfaces lag the latest financing history. | 中 | SO003 |
| CO037 | Supabase’s repo and docs show a model that combines hosted cloud usage with self-hosting and open-source components rather than a purely proprietary backend product. | 高 | SO002, SO005, SO016 |
| CO038 | Supabase’s security retro says 2025 platform changes emphasized secure defaults such as revocable API keys, RLS-by-default, security advisors, and automated leaked-key revocation. | 中 | SO009 |
| CO039 | On February 12, 2026, Supabase experienced a 3 hour and 42 minute us-east-2 outage that affected databases, auth, APIs, edge functions, storage, realtime, and dashboard access in that region. | 高 | SO010, SO011 |
| CO040 | Supabase’s postmortem attributes the February 2026 outage to an internal AWS VPC Block Public Access misconfiguration rather than an external attack or AWS-wide disruption. | 中 | SO010 |
| CO041 | Status updates in May 2026 show access issues tied to a specific ISP in Brazil and suggest VPN or alternate network workarounds for affected customers. | 中 | SO013 |
| CO042 | Supabase’s current status page still shows sub-100% 90-day uptime across major services, including 99.8% for Database and 99.84% for Auth. | 中 | SO011 |
| CO043 | A May 2026 GitHub issue reports long-lived email rate limiting despite use of an auth email hook, producing over_email_send_rate_limit errors for a low-volume signup flow. | 低 | SO021 |
| CO044 | A 2026 GitHub issue reports persistent PostgREST schema-cache ambiguity after dropping and recreating functions, even after reload commands and restart attempts. | 低 | SO022 |
| CO045 | A 2026 GitHub issue reports that self-hosted cron and hook flows can generate cloud-format edge-function URLs that fail inside localhost Docker environments. | 低 | SO023 |
| CO046 | Tracxn reports a later October 2025 $143 million Series E at a $5 billion valuation and $544 million total raised, which conflicts with the retained April 2025 financing story and the user-provided frame. | 低 | SO019 |
| CO047 | Because no retained official source corroborates the later Tracxn round, this chapter treats the April 2025 Series D at $2 billion as canonical and preserves the Series E and $5 billion data as unresolved conflict rather than ground truth. | 中 | SO014, SO015, SO017, SO019 |
| CO048 | Sacra’s company profile says Supabase launched an enterprise offering in March 2022 and monetizes through subscription SaaS layered on PostgreSQL infrastructure. | 中 | SO018 |
| CO049 | Automated fetches of G2 and TrustRadius review pages were blocked by anti-bot controls, so customer-review sentiment was not directly reviewable in this retained source set. | 中 | SO024, SO025 |
| CM001 | Supabase directly presents itself as a Postgres development platform with Postgres, authentication, instant APIs, edge functions, realtime, storage, and vector tooling in one product surface. | 高 | SM023, SM024, SM027 |
| CM002 | That bundle means the spend Supabase directly competes for is managed database plus backend primitives rather than generic cloud infrastructure or standalone DBA tooling. | 中 | SM023, SM024, SM022 |
| CM003 | Firebase remains the closest historical full-stack substitute, but its product surface is still split across Firestore, Realtime Database, Auth, Functions, Hosting, and Data Connect instead of one Postgres project. | 中 | SM006, SM022 |
| CM004 | By 2026 the Supabase-versus-Firebase comparison is no longer a clean SQL-versus-NoSQL story because Firebase Data Connect added a managed PostgreSQL path in 2024. | 中 | SM022 |
| CM005 | Neon is a serverless Postgres substitute with branching-style workflows, but Bytebase still treats it as lacking Supabase's built-in auth, storage, and edge-function BaaS layer. | 中 | SM010, SM011, SM022 |
| CM006 | PlanetScale is database-led rather than fully BaaS-led because its docs emphasize PostgreSQL and Vitess clusters, high availability, and database operations instead of a bundled auth-storage-runtime stack. | 中 | SM012, SM013, SM022 |
| CM007 | Appwrite is the closest open-source full-stack substitute because its docs describe auth, databases, storage, functions, realtime, messaging, and hosting across cloud and self-hosted deployments. | 中 | SM018, SM019 |
| CM008 | Hasura is better treated as a data and API adjacency than a full Supabase replacement because its current product centers on federated data APIs rather than a bundled database-auth-storage stack. | 中 | SM020, SM021 |
| CM009 | Amplify, Railway, and Render expand the substitute set into broader app-platform budgets, so some dollars that could fund Supabase sit in deployment-platform rather than pure BaaS line items. | 中 | SM008, SM009, SM014, SM015, SM016, SM017 |
| CM010 | Sacra cites a broader $23.3 billion BaaS market that can serve as an outer reference but not a clean direct TAM for Supabase. | 低 | SM025 |
| CM011 | The retained Grand View DBaaS fetch does not expose usable public numeric detail or methodology, which limits confidence in commercial top-down DBaaS sizing. | 低 | SM028 |
| CM012 | A more decision-useful sizing method is a buyer-budget lens because comparable platforms cluster around free entry, low double-digit or roughly $25 production entry points, and a far higher team or compliance step-up. | 中 | SM007, SM009, SM011, SM013, SM015, SM019, SM021, SM024, SM022 |
| CM013 | Supabase's retained public pricing anchors remain Free, Pro at $25 per month, and Team at $599 per month. | 高 | SM024, SM025, SM022 |
| CM014 | Comparable retained price anchors include PlanetScale single-node Postgres from $5 per month, Railway Hobby at $5 minimum usage and Pro at $20, and Hasura at $5 and $30 per active model-month. | 中 | SM013, SM015, SM021 |
| CM015 | Firebase and Amplify lean harder on usage-based metering, which lowers initial commitment but makes forecasting harder than flatter platform pricing. | 中 | SM007, SM009, SM022 |
| CM016 | Sacra estimates Supabase reached about $70 million ARR in 2025, which keeps realized monetization small versus any broad BaaS category proxy. | 中 | SM025 |
| CM017 | Public 2025 round coverage says Supabase serves roughly 1.7 to 2.0 million developers and around 3.5 million database environments, indicating wider adoption than revenue alone implies. | 中 | SM026, SM027 |
| CM018 | A broad-category framing places Supabase inside a multi-tens-of-billions backend-as-a-service or database-as-a-service supercategory. | 低 | SM025 |
| CM019 | That broad-category framing overstates direct addressability because the directly comparable market is the subset of teams paying for a Postgres-first platform that bundles backend primitives and developer workflow. | 中 | SM022, SM023, SM024 |
| CM020 | In the earliest adoption stage the buyer, user, and payer frequently collapse into one founder-developer or small engineering lead. | 中 | SM023, SM024, SM015 |
| CM021 | As deployments become governed, budget ownership shifts toward CTO, platform, security, IT, and finance stakeholders because enterprise controls and support features enter the decision. | 中 | SM024, SM013, SM015, SM021, SM025 |
| CM022 | SQL-native web applications, internal tools, collaborative SaaS, and AI products are better-fit segments for Supabase because they benefit from one Postgres system of record with auth, APIs, and vector features. | 中 | SM022, SM023, SM027 |
| CM023 | Mobile-first products with heavy offline-sync requirements remain a weaker fit because Firebase still leads on mature offline persistence and mobile-first synchronization. | 中 | SM022, SM006 |
| CM024 | Postman reports that 82% of organizations have adopted some API-first approach and 65% generate revenue from their API programs. | 中 | SM004 |
| CM025 | Postman also reports that 89% of developers use AI in daily work while only 24% actively design APIs with AI agents in mind. | 中 | SM004 |
| CM026 | GitHub Octoverse 2025 says a new developer joins GitHub every second, supporting continued expansion in the global developer funnel. | 中 | SM003 |
| CM027 | Stack Overflow says PostgreSQL has ranked highest for both desired and admired database technology since 2023. | 中 | SM001 |
| CM028 | DB-Engines ranked PostgreSQL fourth overall in May 2026 with positive month and year score movement. | 中 | SM002 |
| CM029 | JetBrains says open-source databases such as MySQL, PostgreSQL, MongoDB, SQLite, and Redis dominate developer usage and that few organizations are switching databases they already adopted. | 中 | SM005 |
| CM030 | Open-source control and self-hosting are adoption drivers for some buyers because Supabase and Appwrite allow infrastructure control while Firebase does not provide a self-hosting path. | 中 | SM022, SM018, SM006 |
| CM031 | Trust, compliance, and support needs shape expansion because higher-value tiers emphasize SOC2, SSO, audit logs, HIPAA add-ons, BYO cloud, and support SLAs. | 中 | SM024, SM013, SM015, SM021, SM025 |
| CM032 | Switching costs rise once a team has production schema, auth rules, storage, edge logic, and data flows in place even if raw Postgres export keeps data more portable than a closed stack. | 中 | SM022, SM023 |
| CM033 | Supabase's database-centric model is attractive to SQL-skilled teams because policy and data can live around one Postgres system, but it assumes more database literacy than a highly abstracted mobile BaaS. | 中 | SM022, SM023, SM005 |
| CM034 | Firebase-like economics can be cheaper for very small apps because Spark plus Blaze starts near zero while Supabase's production entry point is a fixed $25 Pro plan. | 中 | SM007, SM022, SM024 |
| CM035 | The cost trade-off can reverse at scale because Firestore-style operation charges compound for heavy real-time fan-out while flatter platform pricing becomes easier to forecast. | 中 | SM022, SM024 |
| CM036 | Best-of-breed alternatives remain credible because some buyers want only a database or deployment layer rather than an all-in-one BaaS bundle. | 中 | SM010, SM011, SM012, SM013, SM014, SM015, SM016, SM017 |
| CM037 | The market boundary is shifting toward composable data layers rather than one fixed BaaS template because Firebase added Data Connect and Hasura focuses on federated APIs atop existing data. | 中 | SM020, SM022 |
| CM038 | Public sources do not expose a clean third-party category for Postgres development platforms or open-source Firebase alternatives, so top-down TAM claims remain assumption-heavy. | 低 | SM025, SM028 |
| CM039 | Public comparison sets are genuinely contradictory because some sources frame Supabase against Firebase and BaaS, others against managed Postgres, and others against broader app-platform or cloud alternatives. | 中 | SM022, SM025, SM027 |
| CM040 | Because direct category definitions are weak, adoption counts, price bands, and realized ARR are more reliable diligence anchors than any single TAM citation. | 中 | SM013, SM015, SM024, SM025, SM026, SM027 |
| CM041 | Retained public pricing evidence is too uneven to support a fully normalized like-for-like TCO curve because some rivals are well structured in public pricing text while others, including Render, are not. | 低 | SM017, SM013, SM015, SM021 |
| CM042 | Supabase's own positioning around building in a weekend and scaling to millions reinforces a market story centered on developer speed-to-production rather than traditional enterprise database administration. | 高 | SM023, SM027 |
| CP001 | Supabase presents itself as a Postgres development platform that bundles database, authentication, instant APIs, edge functions, realtime, storage, and vector support. | 中 | SP001 |
| CP002 | Supabase Docs includes modules and migration paths for Firebase Auth, Firebase Storage, Firestore Data, Neon, Render, Amazon RDS, MySQL, and other adjacent systems. | 中 | SP003 |
| CP003 | Supabase prices its managed cloud as Free at $0, Pro from $25 per month, Team at $599, and Enterprise as custom. | 中 | SP002 |
| CP004 | Supabase Pro includes 100000 monthly active users, 8 GB of disk, 250 GB of egress, and email support before overages. | 中 | SP002 |
| CP005 | Supabase Team adds SOC2 and ISO 27001, SSO, priority support, and HIPAA as a paid add-on. | 中 | SP002, SP004 |
| CP006 | Supabase's enterprise page says the platform has created more than 16000000 databases and launches more than 90000 databases daily. | 中 | SP004 |
| CP007 | Supabase enterprise marketing emphasizes SOC 2, HIPAA, GDPR, DDoS protection, multi-factor authentication, role-based access control, audit logs, encrypted storage, and network restrictions. | 中 | SP004 |
| CP008 | Supabase's security retro says new projects can disable the Data API entirely and change the default exposed schema away from public. | 中 | SP005 |
| CP009 | Supabase's new API key model uses publishable and revocable secret keys with rotation and auditing. | 中 | SP005 |
| CP010 | Supabase says RLS is enabled by default for dashboard-created tables and that Security Advisors scan projects for misconfigurations. | 中 | SP005 |
| CP011 | Supabase PrivateLink provides private AWS database connectivity, is limited to database connections, and is available on Team and Enterprise plans. | 中 | SP006, SP002 |
| CP012 | Supabase's public status page recorded May 2026 degraded performance and scheduled maintenance, showing that uptime and incident communication remain live diligence topics. | 中 | SP007 |
| CP013 | Supabase's main GitHub repository describes the company as building Firebase features with enterprise-grade open-source tools and displayed 36463 commits at fetch time. | 中 | SP008 |
| CP014 | Firebase docs market a fully managed Google Cloud-backed suite spanning data sync, hosting, security, analytics, and Gemini-linked AI tooling. | 中 | SP009 |
| CP015 | Firebase pricing is product-level usage pricing with free quotas and separate metering across App Hosting, Firestore, and Authentication instead of one bundled backend subscription. | 中 | SP010 |
| CP016 | Bytebase says Firebase Data Connect added a managed PostgreSQL path in 2024, narrowing the historical SQL-versus-NoSQL gap with Supabase. | 中 | SP026 |
| CP017 | Amplify docs market fullstack TypeScript development, Git-based frontend-and-backend deployments, per-developer sandboxes, real-time data, and extension into more than 200 AWS services via CDK. | 中 | SP011 |
| CP018 | Amplify pricing says hosting is metered on build minutes, storage, data transfer, and SSR requests while backend resources are separately billed AWS services. | 中 | SP012 |
| CP019 | Neon docs position Neon as serverless Postgres with a Data API, Neon Auth, Postgres RLS, AI-for-agents tooling, local development, and workflow integrations. | 中 | SP013 |
| CP020 | Neon pricing gives each free-plan project 100 CU-hours per month and automatically scales compute to zero when idle. | 中 | SP014 |
| CP021 | Neon's paid compute prices are $0.106 per CU-hour on Launch and $0.222 per CU-hour on Scale. | 中 | SP014 |
| CP022 | Neon's security page says the service runs on AWS and Azure with encryption, daily backups, incident response, and access to compliance documentation. | 中 | SP015 |
| CP023 | PlanetScale docs now advertise both Vitess and PostgreSQL clusters with high availability across three availability zones, automated failover, branching, connection pooling, and non-blocking schema changes. | 中 | SP016 |
| CP024 | PlanetScale pricing starts Postgres single-node at $5 per month and Metal at $50 per month, while enterprise offers bring-your-own-cloud and PCI DSS certified service-provider support. | 中 | SP017 |
| CP025 | Railway docs describe Railway as an all-in-one infrastructure and deployment cloud rather than a bundled backend-as-a-service. | 中 | SP018 |
| CP026 | Railway pricing is usage-based with $5 Hobby and $20 Pro minimums, and its enterprise tier adds SSO, long audit-log retention, role-based access control, HIPAA BAAs, and bring-your-own-cloud. | 中 | SP019 |
| CP027 | Render Postgres offers managed PostgreSQL with backups, read replicas, high availability, and pgvector extensions. | 中 | SP020 |
| CP028 | Render's pricing page highlights a broader app-platform scope including autoscaling, private networking, preview environments, Postgres, and key-value services. | 中 | SP021 |
| CP029 | Appwrite docs bundle auth, databases, functions, sites, messaging, storage, realtime, multiple API surfaces, and self-hosting. | 中 | SP022 |
| CP030 | Appwrite docs explicitly advertise migration paths from both Firebase and Supabase. | 中 | SP022 |
| CP031 | Appwrite pricing includes 75000 monthly active users on free and 200000 monthly active users on Pro, while enterprise adds uptime SLAs, bring-your-own-cloud, SOC-2, HIPAA and BAA, and SSO. | 中 | SP023 |
| CP032 | Hasura docs position DDN as a federated data API and supergraph product rather than a complete backend bundle. | 中 | SP024 |
| CP033 | Hasura pricing is model-based from $5 per active model per month and offers Private DDN with dedicated infrastructure or VPC peering plus DDoS protection and connectors. | 中 | SP025 |
| CP034 | Tracxn reports that Supabase has raised $544 million, is valued at $5 billion, and counts Neon among its top competitors. | 中 | SP027 |
| CP035 | Bytebase says Supabase remains open-source, Postgres-first, and self-hostable while Firebase remains proprietary and non-self-hosted. | 中 | SP026, SP008 |
| CP036 | Bytebase says Firebase retains stronger offline persistence while Supabase emphasizes SQL, branching, and AI-on-Postgres workflows. | 中 | SP026 |
| CP037 | Firebase and Amplify have distribution and partner access advantages because they sit inside Google Cloud and AWS ecosystems already used for identity, storage, compute, and app deployment. | 中 | SP009, SP011, SP012 |
| CP038 | Generic platform substitutes such as Railway and Render can replace database hosting and deployment layers but do not natively bundle Supabase-style auth, realtime, and storage governance into one opinionated backend. | 中 | SP018, SP019, SP020, SP021 |
| CP039 | Open-source and self-hosting lower switching costs for Supabase buyers relative to proprietary incumbents, but the same portability also makes the category easier to copy by Appwrite and Hasura. | 中 | SP008, SP022, SP024, SP026 |
| CP040 | Appwrite is the closest open-source full-stack alternative because it combines auth, database, functions, storage, and realtime with self-hosting and explicit migration tooling. | 中 | SP022, SP023 |
| CP041 | Neon and PlanetScale are the sharpest database-layer wedges for teams that mainly want managed Postgres performance or branching without adopting a bundled backend platform. | 中 | SP013, SP014, SP016, SP017 |
| CP042 | Firebase and Amplify are strongest when the buyer already wants Google or AWS primitives and is comfortable consuming multiple managed services around the application. | 中 | SP009, SP010, SP011, SP012 |
| CP043 | Supabase's strongest differentiation is integrated Postgres-centric packaging across database, auth, storage, realtime, and edge functions combined with open-source portability. | 中 | SP001, SP003, SP008, SP026 |
| CP044 | Supabase's weakest flank versus hyperscalers is procurement, compliance, and distribution depth rather than developer-facing feature coverage. | 中 | SP004, SP005, SP009, SP011, SP012, SP015 |
| CP045 | The sharpest competitive threat is commoditization because Firebase has added PostgreSQL, PlanetScale has added PostgreSQL, and database-first platforms keep absorbing more developer workflow surface. | 中 | SP026, SP016, SP017, SP013 |
| CP046 | The highest real switching costs in this category tend to sit in data models, auth policies, cloud adjacency, and security controls rather than in client SDKs alone. | 中 | SP003, SP005, SP011, SP022 |
| CP047 | Multi-homing is plausible because Supabase itself supports migration from systems like Firebase, Neon, Render, and RDS, and generic platforms can coexist at the infrastructure layer. | 中 | SP003, SP018, SP020 |
| CP048 | The status-quo alternative remains internal build on cloud primitives because Amplify itself fronts Cognito, AppSync, DynamoDB, Lambda, and S3 rather than hiding them behind one permanently bundled backend. | 中 | SP011, SP012 |
| CP049 | Supabase's trust posture has improved materially with secure defaults, key rotation, Security Advisors, PrivateLink, and enterprise compliance packaging, but operational incidents remain visible and matter in diligence. | 中 | SP002, SP005, SP006, SP007 |
| CP050 | The key competitor diligence question is whether Supabase can stay the default integrated open-source Postgres platform before hyperscalers and adjacent database vendors make its bundle feel standard rather than differentiated. | 中 | SP026, SP009, SP011, SP013, SP016, SP017 |
| CI001 | Supabase sells managed cloud on top of isolated Postgres clusters with auth, APIs, edge functions, realtime, storage, and vector features while still preserving open-source and self-hosted portability. | 高 | SI003, SI007, SI022 |
| CI002 | Supabase's public free tier includes 50,000 monthly active users and 500 MB of database capacity per project. | 中 | SI001 |
| CI003 | Supabase's Pro plan publicly starts at $25 per month and includes 100,000 monthly active users and 8 GB of disk before overages. | 高 | SI001, SI006 |
| CI004 | Supabase's Team tier is publicly anchored at $599 per month, with larger enterprise needs handled through custom sales motions. | 高 | SI001, SI006 |
| CI005 | Official pricing exposes variable monetization levers beyond base subscriptions, including extra disk, egress, point-in-time recovery retention, phone MFA, and SSO-related user charges. | 中 | SI001 |
| CI006 | Supabase's enterprise surface names GitHub, PwC, Mozilla, and Epsilon3 as customers. | 中 | SI002 |
| CI007 | Supabase's enterprise page says the platform has created more than 16 million databases and launches more than 90,000 databases daily. | 中 | SI002 |
| CI008 | Retained official Supabase surfaces do not disclose a canonical company revenue or ARR figure. | 中 | SI001, SI002, SI003, SI008 |
| CI009 | Sacra estimates that Supabase reached roughly $70 million of ARR in 2025, up from $30 million at the end of 2024. | 低 | SI006 |
| CI010 | TapTwice estimates that Supabase generated about $16 million of revenue in 2024 and could reach about $27 million in 2025. | 低 | SI011 |
| CI011 | Sacra's ARR estimate and TapTwice's revenue estimate are not directly comparable and only bound a rough public topline range rather than a normalized company revenue figure. | 中 | SI006, SI011 |
| CI012 | TapTwice estimates that Supabase employs about 124 people worldwide. | 低 | SI011 |
| CI013 | Public third-party headcount estimates range from about 124 employees on TapTwice to 351 employees on Tracxn in 2026. | 低 | SI009, SI011 |
| CI014 | The retained public record cannot support a precise current headcount for Supabase because third-party estimates diverge materially. | 中 | SI009, SI011 |
| CI015 | Retained April 2025 coverage supports a $200 million Series D at a $2 billion valuation, and that is the latest canonical financing frame for this chapter. | 高 | SI004, SI005, SI010 |
| CI016 | The latest canonical round is most consistently associated with Accel, Coatue, Y Combinator, Craft Ventures, and Felicis, with some coverage also naming Kevin Weil. | 中 | SI004, SI005, SI010 |
| CI017 | The Series D followed an approximately $80 million prior round about seven months earlier that retained sources associate with Peak XV Partners and Craft Ventures. | 中 | SI004, SI006, SI010 |
| CI018 | The most defensible total capital raised after the Series D is about $396.1 million to $398 million, depending on rounding and inclusion conventions. | 中 | SI004, SI010, SI011 |
| CI019 | Tracxn conflicts with the canonical frame by listing a March 2025 Series D of $202 million and an October 2025 Series E of $143 million at a $5 billion valuation, implying $544 million total funding. | 低 | SI009 |
| CI020 | Tracxn's legal-entity table lists SUPABASE PTE. LTD. revenue of $2.86 million as of 2023-12-31, but that appears to be one entity-level datapoint rather than consolidated company revenue. | 低 | SI009 |
| CI021 | Direct OpenCorporates retrieval for the Singapore entity was challenge-blocked during this run, limiting direct registry verification. | 低 | SI023 |
| CI022 | Shotgun says its data infrastructure bill fell from more than $12,000 per month to $2,155 per month after migrating to Supabase, an 83% reduction. | 中 | SI015 |
| CI023 | Good Tape says it cut backend costs to $1,600 per month from nearly $1,500 of auth spend plus more than $2,600 of database spend, a 60% reduction. | 中 | SI016 |
| CI024 | Good Tape says it had crossed the EUR1 million ARR threshold and was growing 25% month over month when the case study was published. | 中 | SI016 |
| CI025 | Chatbase says it has more than 8,000 paying customers and more than $10 million of ARR while remaining bootstrapped on Supabase. | 中 | SI017 |
| CI026 | Chatbase says analytical workloads were hitting a 3,000 IOPS ceiling at least once a week and saturating 125 megabytes per second of throughput during scheduled reporting, prompting tuning and read-replica plans. | 中 | SI017 |
| CI027 | Maergo says its codebase fell from 730,000 lines to 95,000 lines and that it handled 100x its highest sustained traffic after moving to Supabase. | 中 | SI018 |
| CI028 | Voypost says Supabase reduced its codebase by 25% and produced a 20% faster development process than its prior approach. | 中 | SI019 |
| CI029 | Markprompt says it indexed more than 500,000 sections with 10,000 to 50,000 new sections arriving daily and chose Supabase partly to stay GDPR compliant from day one. | 中 | SI020 |
| CI030 | Mobbin says it had more than 400,000 registered users and roughly 5 million API requests per month, and rising Firebase bills helped push it toward Supabase. | 中 | SI025 |
| CI031 | Supabase's scaling guide says compute tiers span from Micro at $10 per month to 16XL at $3,730 per month. | 中 | SI021 |
| CI032 | The same scaling guide says a $0 index can beat a $200 per month compute upgrade and that a 4XL primary plus 2XL replica at $1,370 per month can cost less than an 8XL primary at $1,870 per month. | 中 | SI021 |
| CI033 | Supabase's own scaling guidance frames read replicas as a cost-effective tool for read-heavy scaling and analytics isolation rather than a universal default. | 中 | SI021 |
| CI034 | The February 2026 outage lasted 3 hours and 42 minutes in us-east-2 and was caused by Supabase enabling AWS VPC Block Public Access through its own deployment pipeline, not by an external attack or AWS-wide service disruption. | 高 | SI008, SI014 |
| CI035 | The incident post says Supabase did not yet offer automatic cross-region failover for customer Postgres databases, with Multigres described as a future workflow. | 中 | SI008 |
| CI036 | A GitHub issue reports Auth Email Hook testing still triggering over_email_send_rate_limit for more than 30 minutes despite editable signup and signin limits. | 低 | SI012 |
| CI037 | Another GitHub issue reports dropped-and-recreated RPC functions continuing to return PostgREST schema-cache ambiguity errors even after reloads and full project restarts on a Pro plan. | 低 | SI013 |
| CI038 | Supabase's ISO 27001 certification now covers Database, Auth, Storage, Realtime, Edge Functions, and the Data API, indicating compliance investment across the full platform. | 中 | SI024 |
| CI039 | Official enterprise and customer-proof materials show Supabase can support regulated, analytics-heavy, and commercially meaningful workloads, but most economic proof is still company-curated rather than audited cohort disclosure. | 中 | SI002, SI015, SI016, SI017, SI020 |
| CI040 | Under public evidence alone, Supabase looks like a recurring software business with usage-linked infrastructure costs and a meaningful venture cushion, but cash balance, burn, gross margin, realized pricing, retention, and concentration remain undisclosed. | 中 | SI001, SI002, SI004, SI005, SI006, SI011 |
| CE001 | Supabase positions the product as one integrated platform that bundles Postgres, authentication, instant APIs, edge functions, realtime, storage, and vector embeddings. | 高 | SE001, SE002, SE009 |
| CE002 | Supabase says each project is a full and portable Postgres database rather than a proprietary application data silo. | 高 | SE001, SE030 |
| CE003 | The docs surface extends beyond core runtime modules into AI tools, CLI, management API, integrations, UI components, and troubleshooting material. | 中 | SE002 |
| CE004 | Supabase Auth stores state in the project Postgres database, uses JWTs for authentication, and scopes database and Data API access through row-level security. | 高 | SE003, SE001 |
| CE005 | Supabase Storage combines S3-compatible, REST, and TUS upload paths with CDN delivery, image transformation, and row-level-security-based access control. | 中 | SE004 |
| CE006 | Supabase Storage extends beyond simple file buckets into analytics buckets using Apache Iceberg and vector buckets with built-in similarity-search indexing options. | 中 | SE004, SE007 |
| CE007 | Supabase Realtime exposes broadcast, presence, and Postgres-change subscriptions for chat, collaboration, live dashboards, and multiplayer-style synchronization. | 中 | SE005 |
| CE008 | Supabase Edge Functions run TypeScript on a Deno-compatible edge runtime behind a gateway that handles routing, JWT validation, and observability, with local dev parity via the CLI. | 高 | SE006, SE009 |
| CE009 | Supabase’s AI toolkit is explicitly built around Postgres plus pgvector so embeddings, metadata, and application data can live in one system. | 高 | SE007, SE001 |
| CE010 | The public repo documents an architecture built from PostgREST, GoTrue, Realtime, Storage, pg_graphql, postgres-meta, and Kong around Postgres. | 中 | SE009 |
| CE011 | Supabase officially supports Docker-based self-hosting for teams that need full data control, compliance, or isolated environments. | 高 | SE008, SE009 |
| CE012 | Self-hosted Supabase omits several managed-cloud features, including branching, advanced metrics beyond logs, managed backups and PITR, analytics and vector buckets, ETL, and the management API. | 中 | SE008 |
| CE013 | In self-hosted mode, the operator remains responsible for provisioning, hardening, Postgres maintenance, HA, scalability, backups, disaster recovery, and uptime monitoring. | 中 | SE008 |
| CE014 | Supabase monetizes a full backend bundle across Free, Pro, and Team plans with usage meters spanning database, Auth, Storage, Realtime, and Edge Functions. | 中 | SE010, SE029 |
| CE015 | Higher-tier packaging explicitly adds governance and enterprise features such as SSO, Auth audit logs, log drains, roles, AWS PrivateLink, ISO 27001 access, support, and SLAs. | 高 | SE010, SE011 |
| CE016 | The enterprise offering emphasizes audit logs, Security Advisors, network restrictions, access roles, 24/7 support coverage, migration help, and designated experts. | 中 | SE011 |
| CE017 | Supabase PrivateLink keeps Postgres and PgBouncer traffic on private AWS networking via VPC Lattice and can eliminate public database exposure for qualifying deployments. | 中 | SE015 |
| CE018 | Supabase PrivateLink is still constrained to Team or Enterprise accounts, same-region AWS VPCs, and database connectivity rather than the full Supabase surface. | 中 | SE015 |
| CE019 | Supabase’s read-replica guidance says replicas are for read isolation and regional latency while write-heavy bottlenecks still require bigger primary compute. | 中 | SE016 |
| CE020 | Supabase publicly recommends pg_stat_statements, EXPLAIN ANALYZE, Database Advisor, and MCP-assisted diagnostics before spending on more compute. | 中 | SE016 |
| CE021 | Supabase’s ISO 27001 certificate is said to cover Database, Auth, Storage, Realtime, Edge Functions, and the Data API. | 高 | SE012, SE011 |
| CE022 | Supabase says its 2025 security changes replaced long-lived anon and service-role keys with publishable and revocable secret keys, plus asymmetric JWT support and automatic GitHub leak revocation. | 中 | SE013 |
| CE023 | Supabase says new dashboard-created tables get RLS by default and that Security Advisors plus an Assistant now help detect and remediate common policy mistakes. | 中 | SE013 |
| CE024 | Supabase publicly describes PrivateLink, fail2ban, IP allowlists, column privileges, custom claims, external testing, and a HackerOne-based disclosure program as parts of its control set. | 中 | SE013 |
| CE025 | Supabase’s published 2026 security roadmap includes grant toggles, GraphQL disabled by default on new projects, push protection, hardened configs, security test harnesses, and broader Assistant integration. | 中 | SE013 |
| CE026 | On February 12, 2026, Supabase had a 3 hour 42 minute us-east-2 outage that affected Postgres, Auth, Data APIs, Edge Functions, Storage, Realtime, and dashboard access because an internal deployment enabled VPC Block Public Access. | 中 | SE014 |
| CE027 | Supabase acknowledged that automatic cross-region failover for customer Postgres databases was not yet available during the February 2026 incident and positioned Multigres as future work. | 中 | SE014 |
| CE028 | The public status page shows core component uptime in roughly the 99.8% to 99.96% range over the prior 90 days and records shared-pooler V2 maintenance as a scalability and uptime upgrade. | 中 | SE017 |
| CE029 | Supabase’s GitHub monorepo shows a large open-source surface with more than thirty-six thousand commits and official clients or sub-libraries across multiple major languages. | 中 | SE009 |
| CE030 | Chatbase uses Supabase as a consolidated stack for documents, embeddings, auth, storage, and dashboard state and publicly planned to add a read replica as analytics load grew. | 中 | SE018 |
| CE031 | Maergo says PostgREST, Edge Functions, and Auth with RLS helped shrink middleware and codebase complexity, cut deploy times to seconds, and support a 100x peak-load test. | 中 | SE019 |
| CE032 | Markprompt says Supabase Vector and Auth let it stay GDPR compliant while indexing more than half a million sections and continuously adding new content. | 中 | SE020 |
| CE033 | Quivr says Supabase Vector, Auth, Storage, and Edge Functions stayed integrated with local-running open-source workflows while supporting 1.6 million embeddings and thousands of Supabase databases. | 中 | SE021 |
| CE034 | Firecrawl says Supabase Vector handled embeddings plus metadata at lower cost and with comparable or better practical performance than dedicated vector databases it had tried. | 中 | SE022 |
| CE035 | Humata says Supabase Postgres, Auth, Realtime, and enterprise support cut vector database cost about fourfold while supporting collaboration and millions of users. | 中 | SE023 |
| CE036 | Resend says Supabase helped it launch quickly and later scale with partitioning, read replicas, backups, RLS, and direct security support. | 中 | SE024 |
| CE037 | Xendit used a full Postgres server, the Trigram extension, and a database function to ship a sanctions-screening workflow to production in under one week. | 中 | SE025 |
| CE038 | Sacra characterizes Supabase as subscription SaaS that bundles database, authentication, storage, and APIs on PostgreSQL with predictable tiered pricing. | 中 | SE029 |
| CE039 | Y Combinator describes each Supabase project as an isolated Postgres cluster that still exposes instant setup, auth, row-level security, realtime streams, and auto-generated APIs. | 高 | SE001, SE030 |
| CE040 | Bytebase’s 2026 comparison describes Supabase as an open-source, standards-based, Postgres-first platform that added branching, physical read replicas, background edge execution, and MCP tooling over 2025–2026. | 中 | SE031 |
| CE041 | Independent 2025 coverage from TechFundingNews and TechCrunch describes Supabase as an open-source Firebase alternative whose appeal rose with AI-native and vibe-coding workflows. | 中 | SE032, SE033 |
| CE042 | Firebase’s docs still emphasize a fully managed Google Cloud product suite, which contrasts with Supabase’s one-Postgres-cluster control-plane story. | 中 | SE034, SE031 |
| CE043 | Appwrite’s docs show that open-source BaaS competition exists, so Supabase’s differentiator is not openness alone but its tighter Postgres and SQL/RLS unification. | 低 | SE035, SE031 |
| CE044 | Neon’s docs show a Postgres-platform alternative focused on database workflows, which highlights that Supabase sits between pure managed Postgres and full BaaS by bundling storage, auth, realtime, and functions around the database. | 低 | SE036, SE031 |
| CE045 | A public GitHub issue reports that Auth email-hook testing can still hit an extended over_email_send_rate_limit state despite configurable sign-up limits, leaving the offending limit unclear to the developer. | 中 | SE026 |
| CE046 | A public GitHub issue reports that PostgREST schema cache corruption after function recreation can persist through reload and full project restart, breaking RPC calls. | 中 | SE027 |
| CE047 | A public GitHub issue reports that self-hosted Studio can generate cloud-style Edge Function URLs that do not resolve inside Docker networks for cron and webhook workflows. | 中 | SE028 |
| CE048 | Public evidence is strongest on integrated module breadth, RLS-led security, and speed-to-value, but still thin on independently audited scale metrics for managed cloud and on enterprise-grade self-hosted operations. | 低 | SE011, SE014, SE018, SE023 |
| CU001 | Supabase's public price ladder is Free, Pro at $25 per month, Team from $599 per month, and custom Enterprise. | 高 | SU002, SU003 |
| CU002 | Higher-governance buyer features such as SSO, audit logs, longer log retention, PrivateLink, and stronger support are positioned above the lowest self-serve tiers. | 高 | SU002, SU003 |
| CU003 | Supabase's public customer posture spans self-serve builders, startups, agencies, innovation teams, and enterprise buyers rather than one narrow ICP. | 中 | SU001, SU002 |
| CU004 | Official enterprise surfaces name GitHub, PwC, Mozilla, and Epsilon3 as customers or enterprise users. | 高 | SU001, SU002 |
| CU005 | The retained story set spans logistics, events, transcription, design research, AI support, documentation, payments, email infrastructure, and knowledge-work software. | 中 | SU010, SU011, SU012, SU014, SU015, SU016, SU018, SU019, SU020, SU021 |
| CU006 | Customer-domain homepages corroborate that the named buyers include AI customer service, AI support, web-data tooling, developer email infrastructure, design research, secure transcription, knowledge-base AI, custom software, and payments companies. | 中 | SU022, SU023, SU024, SU025, SU026, SU027, SU028, SU029, SU030 |
| CU007 | The most visible buyer archetypes are self-serve developers, startup product teams, AI-native SaaS vendors, and enterprise or institutional platform teams. | 中 | SU001, SU002, SU005, SU006 |
| CU008 | The only supportable public budget anchors are list prices, implying spend can begin at self-serve levels and rise materially once Team or Enterprise governance features are required. | 中 | SU002, SU003 |
| CU009 | Procurement-sensitive buyers are most likely the ones requiring compliance positioning, security controls, self-hosting discussion, private networking, and hands-on support. | 中 | SU002, SU003, SU021 |
| CU010 | Maergo reduced its codebase from 730k lines to 95k lines and cut deployments from 12-15 minutes to a few seconds after migrating to Supabase. | 中 | SU010 |
| CU011 | Maergo reported handling 100x its highest sustained traffic and achieving the highest availability in company history on Supabase. | 中 | SU010 |
| CU012 | Shotgun reduced database-related infrastructure spend from more than $12,000 per month to $2,155 per month and reported 40% lower response times after migration. | 中 | SU011 |
| CU013 | Good Tape crossed €1M ARR, serves customers in more than 130 countries, processes roughly 75,000 transcriptions per week, and supports 98 languages. | 中 | SU012, SU022 |
| CU014 | Good Tape migrated both database and authentication to Supabase in one month and cut backend expenses by about 60%. | 中 | SU012 |
| CU015 | Markprompt indexed more than 500,000 sections and adds 10,000-50,000 new sections daily, using Supabase to support GDPR-sensitive customer-support workloads. | 中 | SU013, SU023 |
| CU016 | Mobbin reported more than 200,000 creators served and more than 400,000 registered users, while citing better authentication and lower spend after moving from Firebase. | 中 | SU014, SU024 |
| CU017 | Chatbase says it has more than 8,000 paying customers, ARR above $10 million, and thousands of production AI support agents running on Supabase. | 中 | SU015, SU025 |
| CU018 | Firecrawl reported weekly active user growth of nearly 300% since March and said Supabase was at least as performant as dedicated vector databases for its workload. | 中 | SU016, SU026 |
| CU019 | Quivr stores more than 1.6 million embeddings, launched more than 5,000 databases on Supabase, and turned open-source traction into 17,000 signups and about 500 daily active users on its hosted app. | 中 | SU017 |
| CU020 | Xendit shipped a sanctions-screening workflow to production in less than one week and reported the system had been in production for nine months without a problem. | 中 | SU018, SU030 |
| CU021 | Resend reported scaling to more than 5,000 paying customers, more than 300,000 registered users, and millions of daily emails while adding partitioning, read replicas, and backups as it grew. | 中 | SU019, SU027 |
| CU022 | Voypost completed its core migration in under six months, reduced codebase size by 25%, and described a development process that became 20% faster on Supabase. | 中 | SU020, SU028 |
| CU023 | Humata describes millions of users, enterprise and government buyers, and 4x vector-cost savings after consolidating onto Supabase with Enterprise-plan support. | 中 | SU021, SU029 |
| CU024 | Supabase's named customer proof is stronger than simple logo evidence because multiple stories describe production workloads, deployment durations, or quantified outcomes rather than just brand associations. | 中 | SU002, SU010, SU011, SU012, SU015, SU018, SU019 |
| CU025 | Customer value evidence clusters around faster shipping, less backend glue, lower infrastructure cost, and reduced operator burden more than around audited end-customer ROI. | 中 | SU010, SU011, SU012, SU014, SU015, SU019, SU020, SU021 |
| CU026 | Enterprise readiness signals include ISO 27001 positioning, SOC 2 / HIPAA / GDPR messaging, role-based controls, audit logs, PrivateLink, and 24/7 support. | 高 | SU002, SU003 |
| CU027 | Most quantified customer outcomes in this chapter come from Supabase-authored customer stories, so evidence of value is still materially company-curated. | 中 | SU010, SU011, SU012, SU013, SU014, SU015, SU016, SU017, SU018, SU019, SU020, SU021 |
| CU028 | Several customers explicitly cite support, reliability, or peace of mind as reasons Supabase worked for them, especially Good Tape, Resend, Humata, and Chatbase. | 中 | SU012, SU015, SU019, SU021 |
| CU029 | The recurring expansion pattern is a narrow initial wedge—database, auth, or vector search—followed by broader use of storage, edge functions, replicas, backups, or enterprise support. | 中 | SU012, SU015, SU017, SU019, SU021 |
| CU030 | Resend, Good Tape, Mobbin, and Quivr each show a path from an immediate product problem to wider or deeper use of the Supabase stack without a major platform migration away from Supabase. | 中 | SU012, SU014, SU017, SU019 |
| CU031 | Community-to-paid motion is visible in customer examples such as Quivr's open-source-to-hosted path and Chatbase's MVP-to-upmarket trajectory, but Supabase does not disclose its own conversion rates. | 中 | SU015, SU017, SU001 |
| CU032 | Official customer-facing surfaces still advertise a very large developer funnel, including 16 million-plus databases created and 90,000-plus launched daily. | 中 | SU001, SU002 |
| CU033 | No public source retained for this chapter discloses NRR, GRR, logo retention, renewal rates, or top-customer concentration for Supabase. | 中 | SU001, SU002, SU003 |
| CU034 | The named proof set is diversified by sector, but revenue concentration by plan tier, customer size, or top account remains unknown. | 中 | SU005, SU006, SU010, SU011, SU012, SU015, SU019 |
| CU035 | Independent review visibility was weak in this run because both the G2 and TrustRadius review URLs were rate-limited or challenge-blocked. | 高 | SU008, SU009 |
| CU036 | The February 2026 us-east-2 outage took customer databases, auth, storage, functions, and related services offline for 3 hours and 42 minutes because of a Supabase configuration error. | 高 | SU004, SU005 |
| CU037 | Later public status evidence shows additional customer trust risks, including a Brazil network-provider access issue and shared-pooler maintenance that could affect some customers. | 中 | SU005, SU006 |
| CU038 | A GitHub issue reported that an auth email hook setup could still trigger opaque email rate limits and block sign-up attempts for more than 30 minutes. | 中 | SU007 |
| CU039 | The adverse operational record does not erase the positive customer-support narrative, but it means trust underwriting cannot rely on testimonials alone. | 中 | SU004, SU005, SU006, SU012, SU019, SU021 |
| CU040 | Overall customer proof quality is good on breadth of production anecdotes and moderate on enterprise durability because independent satisfaction, retention, and concentration evidence remains incomplete. | 中 | SU001, SU002, SU008, SU009, SU015, SU019, SU021 |
| CR001 | Supabase's February 12, 2026 us-east-2 outage lasted 3 hours and 42 minutes and affected databases, auth, storage, functions, realtime, and other regional services. | 高 | SR001, SR002 |
| CR002 | Supabase said the February 2026 outage was caused by an internal monitoring deployment that enabled AWS VPC Block Public Access rather than by an external attack or AWS service disruption. | 中 | SR001 |
| CR003 | Supabase does not yet provide automatic cross-region failover for customer Postgres databases and instead points to Multigres as a future cross-region failover workflow. | 高 | SR001, SR011 |
| CR004 | Supabase's 2026 Brazil status incident showed access issues linked to an external network provider and advised affected customers to use a VPN or alternative network while resolution was pursued. | 中 | SR002, SR003 |
| CR005 | A public GitHub issue reported that Auth Email Hook testing could still trigger an email rate limit and block sign-up attempts for more than 30 minutes. | 中 | SR004, SR024 |
| CR006 | A public GitHub issue reported that recreating a PostgreSQL function could leave PostgREST's schema cache permanently corrupted for RPC calls even after reloads and restart. | 中 | SR005 |
| CR007 | A public GitHub issue showed that self-hosted edge-function cron URLs were generated in a cloud-specific DNS format that does not resolve in Docker-based self-hosted environments. | 中 | SR006, SR023 |
| CR008 | Supabase's scaling guidance says read replicas isolate read traffic and regional latency but do not fix write-heavy bottlenecks or provide automatic failover. | 中 | SR011 |
| CR009 | Supabase says customers may store PHI on the hosted platform only after signing a Business Associate Agreement and under a shared-responsibility model. | 高 | SR009, SR014 |
| CR010 | Supabase's ISO 27001 certification covers Database, Auth, Storage, Realtime, Edge Functions, and the Data API across the platform. | 高 | SR008, SR009 |
| CR011 | Supabase's 2025 security retro says new key formats can be rotated instantly, leaked secret keys found in public GitHub repos are revoked, and RLS defaults and advisors were strengthened. | 高 | SR007, SR009 |
| CR012 | Supabase's security materials make clear that platform controls are improving but application-level security remains each customer's responsibility. | 中 | SR007, SR014 |
| CR013 | PrivateLink keeps database traffic inside AWS private networking but in its initial release requires AWS workloads and same-region deployment. | 高 | SR010, SR013 |
| CR014 | Supabase's privacy notice says the company is the controller for its own service data and a processor for customer data handled through customer workloads. | 中 | SR015 |
| CR015 | Supabase discloses that personal data may be transferred to and stored in countries outside the originating jurisdiction, including the United States and Singapore, with safeguards such as standard contractual clauses for some transfers. | 高 | SR015, SR016 |
| CR016 | European Commission guidance says transfers of personal data outside the EU require safeguards such as adequacy decisions, standard contractual clauses, or binding corporate rules. | 中 | SR016 |
| CR017 | HHS's HIPAA Security Rule summary emphasizes administrative, physical, and technical safeguards and links Security Rule duties to breach-notification obligations. | 中 | SR017 |
| CR018 | Supabase's terms allow temporary service suspension for threats, security risk, illegal activity, vendor termination, or legal prohibition and disclaim liability for losses resulting from suspension. | 中 | SR014 |
| CR019 | Supabase's terms disclaim warranties that the service will operate without interruption, be secure, accurate, complete, or error free. | 中 | SR014 |
| CR020 | Supabase's general liability cap is limited to the amounts paid or payable in the prior 12 months, with excluded-liability carve-outs capped at 3x that amount. | 中 | SR014 |
| CR021 | Supabase's terms require arbitration and include class-action and jury-trial waivers for disputes. | 中 | SR014 |
| CR022 | Supabase's public pricing structure concentrates monetization into upgrades from self-serve plans toward Team at $599 per month and custom Enterprise contracts. | 高 | SR012, SR013, SR029 |
| CR023 | Bytebase's 2026 comparison says Firebase now offers managed PostgreSQL via Data Connect while retaining stronger mobile and offline tooling, narrowing the original Firebase-versus-Supabase gap. | 中 | SR029 |
| CR024 | Tracxn says Supabase has 227 active competitors, including 52 funded competitors. | 中 | SR025 |
| CR025 | Supabase's public company surfaces emphasize very large community scale, including 7M+ registered developers and 98k+ GitHub stars. | 高 | SR020, SR021, SR022 |
| CR026 | TechCrunch, Tech Funding News, and Fortune/Yahoo all reported Supabase's 2025 Series D at $200 million and a $2 billion valuation with roughly $398 million total funding after the round. | 高 | SR018, SR019, SR030 |
| CR027 | Tracxn separately reports a later 2025 Series E, $544 million total funding, and a $5 billion valuation for Supabase. | 中 | SR025 |
| CR028 | Taptwice publishes unaudited estimates of about $16 million 2024 revenue, about $27 million projected 2025 revenue, and roughly 124 employees for Supabase. | 低 | SR026 |
| CR029 | Supabase's company page still says it has raised over $116 million, which lags the larger total funding figures in 2025 financing coverage. | 高 | SR020, SR018, SR019 |
| CR030 | Postman's 2025 State of the API report says 65% of organizations generate revenue from APIs and 51% of developers cite unauthorized agent access as a top security risk. | 中 | SR027 |
| CR031 | Stack Overflow's 2025 survey says developers are actively exploring a rapidly evolving AI and tooling landscape rather than committing to one platform, which raises switching risk for developer-tool vendors. | 中 | SR028 |
| CR032 | Bytebase says Firebase's Spark and Blaze model can be cheaper for small apps while Supabase's flat pricing becomes easier to forecast at scale, creating pricing pressure at both ends of the market. | 中 | SR029, SR012 |
| CR033 | Supabase remains a private company with no publicly audited revenue, retention, concentration, or margin disclosures in this chapter's source set. | 中 | SR020, SR025, SR026 |
| CR034 | Public financing coverage still centers on founders Paul Copplestone and Ant Wilson and on the vibe-coding narrative, indicating material brand and key-person coupling. | 中 | SR018, SR019, SR030 |
| CR035 | Supabase's 100k-stars post and company page both frame the business as a community-led open-source movement rather than as a conventionally disclosed software company. | 中 | SR020, SR021 |
| CR036 | Supabase's reliability and security roadmap still includes future-state items such as Multigres failover workflows, late-2026 key migration completion, and stricter hardened environments that are not fully landed yet. | 中 | SR001, SR007, SR011 |
| CR037 | Supabase's scale guidance shows that serious workloads can move customers into materially higher infrastructure spend, softening the simplicity of the low-cost developer story. | 中 | SR011, SR012 |
| CR038 | Because PrivateLink is limited to AWS and same-region database connectivity, enterprise procurement mitigants are meaningful but not universal across all deployment patterns. | 中 | SR010, SR013 |
| CR039 | Public user metrics vary by source, with two million developers in Fortune/Yahoo coverage, 7M+ registered developers on the company page, and eight million developers in the 100k-stars post. | 中 | SR020, SR021, SR030 |
| CR040 | Supabase's security page says all paid customer databases are backed up every day and point-in-time recovery is available as a Pro add-on, so some resilience features remain monetized rather than uniformly bundled. | 中 | SR009, SR012 |
| CR041 | Supabase's terms place responsibility for configuration, backups, credential security, and legal compliance on the customer. | 高 | SR014, SR015 |
| CR042 | Regulatory exposure for Supabase-enabled workloads is partly indirect because GDPR- and HIPAA-style duties still extend beyond infrastructure controls into customer safeguards and notification processes. | 中 | SR015, SR016, SR017 |
| CR043 | The public adverse issue set spans auth, RPC/PostgREST, and self-hosted edge-function routing, suggesting operational sharp edges across several first-class product surfaces rather than one isolated module. | 中 | SR004, SR005, SR006, SR023, SR024 |
| CR044 | Postman reports that only 24% of developers actively design APIs for AI agents even as AI use is widespread, implying API platforms must absorb rising agent-driven security and product expectations. | 中 | SR027 |
| CR045 | Supabase's open-source distribution and cheap entry tiers support adoption, but durable monetization still depends on converting users into higher-governance Team and Enterprise accounts whose public conversion math is not disclosed. | 中 | SR012, SR013, SR020, SR029 |
| CR046 | Enterprise packaging now includes SSO, audit logs, PrivateLink, designated support, and compliance artifacts, which materially mitigates go-to-market risk for larger accounts. | 高 | SR009, SR010, SR012, SR013 |
| CR047 | The main transmission path in Supabase's risk stack is that reliability or security shocks can hit customer trust, force support and remediation spend, and slow higher-tier conversion at the same time. | 中 | SR001, SR018, SR027 |
| CR048 | The main hard dependencies exposed in public sources are AWS and network configuration, third-party vendors, and customer-side operator competence for self-hosted or compliance-sensitive use cases. | 中 | SR001, SR010, SR014, SR023 |
| CR049 | The reliability risk view improves materially if Supabase demonstrates a clean post-February 2026 operating record and publishes clearer failover and multi-region guidance. | 中 | SR001, SR002, SR011 |
| CR050 | The monetization and governance risk view improves materially if management publishes a canonical baseline for plan mix, enterprise conversion, concentration, revenue, and current funding metrics. | 中 | SR020, SR025, SR026 |
| CR051 | Firebase SQL Connect is a fully managed PostgreSQL service backed by Cloud SQL with GraphQL-based query management, platform SDKs, and an emulator, reducing one historic differentiation point for Supabase. | 中 | SR031 |
| CR052 | Cloud Firestore offers offline persistence that caches active data locally and automatically synchronizes changes on reconnect, reinforcing Firebase's edge for offline-first mobile use cases. | 中 | SR032 |
| CR053 | Supabase's production checklist tells customers to enable RLS, SSL, network restrictions, MFA, custom SMTP, load testing, and read replicas or PITR depending on availability and durability needs, underscoring that production hardening still requires meaningful operator work. | 中 | SR034 |
| CR054 | Supabase's backups docs say daily backups exist across plans, retention windows vary by tier, free projects are advised to maintain off-site exports, and restores create downtime while a project is inaccessible. | 中 | SR033 |
| CV001 | Supabase's best-supported valuation anchor is the April 2025 Series D that raised $200 million at a $2 billion post-money valuation. | 高 | SV001, SV002 |
| CV002 | Accel led the Series D and Coatue, Y Combinator, Craft Ventures, and Felicis also participated. | 高 | SV001, SV002 |
| CV003 | Public reporting around the Series D put Supabase's cumulative capital raised at roughly $398 million. | 高 | SV001, SV002, SV012 |
| CV004 | The immediately prior financing was an approximately $80 million round roughly seven months earlier and was associated with about a $900 million valuation estimate. | 中 | SV001, SV013 |
| CV005 | Current official Supabase pages show 7,000,000+ registered developers and 98,000+ GitHub stars. | 中 | SV006, SV011 |
| CV006 | Supabase's enterprise page says the platform has created 16,000,000+ databases and launches 90,000+ databases daily. | 中 | SV007 |
| CV007 | Official enterprise materials cite GitHub, PwC, Mozilla, and NASA-linked use cases alongside compliance and support features that support an enterprise upsell path. | 中 | SV007, SV028 |
| CV008 | GetLatka says Supabase reported $31 million of revenue in April 2025. | 中 | SV004 |
| CV009 | GetLatka says Supabase hit $70 million of revenue in September 2025. | 中 | SV004 |
| CV010 | Sacra estimates Supabase reached about $70 million ARR in 2025 after finishing 2024 at about $30 million ARR. | 中 | SV003 |
| CV011 | TapTwice estimates Supabase generated about $16 million of revenue in 2024 and about $27 million in 2025. | 中 | SV013 |
| CV012 | The $2 billion Series D implies roughly 74x on a $27 million base, roughly 65x on a $31 million base, and about 29x on a $70 million base. | 中 | SV003, SV004, SV013 |
| CV013 | Tracxn records a March 2025 Series D of about $202 million at $2 billion and an October 2025 Series E of $143 million at $5 billion. | 低 | SV014 |
| CV014 | GetLatka also shows a 2025 Series E at a $5 billion valuation and about $495 million of total funding. | 低 | SV004 |
| CV015 | Sacra says that as of April 2026 Supabase was seeking a financing that could double valuation to $10 billion. | 低 | SV003 |
| CV016 | The latest supportable valuation anchor remains the April 2025 $2 billion Series D because the later $5 billion and $10 billion signals are not corroborated with equally strong evidence quality. | 中 | SV001, SV002, SV003, SV004, SV014 |
| CV017 | Cloudflare's May 22, 2026 quote page showed about $76.4 billion market cap, about $75.8 billion enterprise value, about $2.33 billion trailing revenue, and about 32.54x EV/revenue. | 中 | SV017, SV021 |
| CV018 | Datadog's May 22, 2026 quote page showed about $79.1 billion market cap, about $75.7 billion enterprise value, about $3.67 billion trailing revenue, and about 20.61x EV/revenue. | 中 | SV016, SV020 |
| CV019 | Snowflake's May 22, 2026 quote page showed about $59.7 billion market cap, about $58.4 billion enterprise value, about $4.68 billion trailing revenue, and about 12.47x EV/revenue. | 中 | SV018, SV022 |
| CV020 | MongoDB's May 22, 2026 quote page showed about $26.3 billion market cap, about $23.9 billion enterprise value, about $2.46 billion trailing revenue, and about 9.70x EV/revenue. | 中 | SV015, SV019 |
| CV021 | Applying the selected public-comp EV or revenue range of about 9.7x to 32.5x means a $2 billion value implies roughly $62 million to $206 million of revenue support. | 中 | SV015, SV016, SV017, SV018 |
| CV022 | Supabase's high-end third-party 2025 estimate of $70 million only gets close to the $2 billion mark under very premium comp treatment, while the lower $27 million to $31 million range sits materially below it. | 中 | SV003, SV004, SV013, SV015, SV017 |
| CV023 | The public comp set is much larger, more disclosed, and often more diversified than Supabase, so its multiples are context bands rather than direct private-company clearing prices. | 中 | SV019, SV021, SV022, SV023, SV025, SV026 |
| CV024 | Official pricing shows a free tier, $25 Pro, $599 Team, and paid add-ons for storage, egress, PITR, MFA, SSO, logs, and custom domains. | 高 | SV008, SV003 |
| CV025 | Supabase's pricing structure implies realized revenue should mix subscriptions, usage overages, and enterprise contracts rather than behave like simple seat-only SaaS. | 中 | SV008, SV027, SV028 |
| CV026 | Supabase's scaling guidance shows meaningful infrastructure cost sensitivity as projects move into larger compute tiers or read-replica architectures. | 中 | SV027, SV008 |
| CV027 | PrivateLink being limited to Team and Enterprise plans shows an enterprise monetization path tied to compliance and secure networking. | 中 | SV028, SV007 |
| CV028 | Supabase's February 2026 outage lasted 3 hours and 42 minutes across all services in the us-east-2 region. | 中 | SV009, SV010 |
| CV029 | Supabase said after the outage that automatic cross-region failover for customer Postgres databases was not yet available. | 中 | SV009 |
| CV030 | A $2 billion value requires about $100 million of revenue or ARR if investors use a 20x revenue multiple. | 中 | SV015, SV016, SV017, SV018 |
| CV031 | A hypothetical $5 billion mark would imply about 71x on a $70 million base and roughly 185x on a $27 million base. | 中 | SV004, SV013, SV014 |
| CV032 | Current official scale signals of millions of developers and databases support premium strategic value but do not disclose paid conversion, NRR, or gross margin. | 中 | SV005, SV006, SV007, SV011 |
| CV033 | A bear valuation frame of about $0.4 billion to $0.7 billion corresponds to roughly $40 million to $60 million of revenue at about 10x to 12x multiples. | 中 | SV015, SV018, SV020, SV022 |
| CV034 | A base valuation frame of about $1.1 billion to $1.8 billion corresponds to roughly $80 million to $100 million of revenue at about 14x to 18x multiples. | 中 | SV015, SV016, SV018 |
| CV035 | A bull valuation frame of about $2.0 billion to $3.0 billion corresponds to roughly $120 million to $150 million of revenue at about 17x to 20x multiples. | 中 | SV016, SV017, SV021 |
| CV036 | Because the supportable public range centers below $2 billion unless ARR is already near or above about $100 million, the April 2025 round looks plausible but not obviously cheap. | 中 | SV003, SV013, SV015, SV016, SV018 |
| CV037 | Multiple expansion from here would likely require proof that free developer adoption is converting into large and durable enterprise contracts. | 中 | SV007, SV008, SV028 |
| CV038 | Downside compression would likely come from weak monetization disclosure, further multi-hour reliability failures, or a follow-on round with flat or down-round economics. | 中 | SV009, SV010, SV014 |
| CV039 | MongoDB's investor overview says millions of developers and more than 50,000 customers rely on its platform, underscoring how much larger a mature disclosed database peer is than Supabase today. | 中 | SV019, SV023 |
| CV040 | Cloudflare's investor overview cites 4,400+ large customers, 75% GAAP gross margin in FY2025, and 38%+ FY20-FY25 revenue CAGR, illustrating the quality bar behind a 32x premium public multiple. | 中 | SV021, SV025 |
| CV041 | Snowflake's investor overview cites 733 customers spending more than $1 million and 125% net revenue retention, illustrating why a lower multiple can still rest on stronger disclosure and enterprise scale. | 中 | SV022, SV026 |
| CV042 | SEC EDGAR search pages show MongoDB, Datadog, Cloudflare, and Snowflake each filed 2026 annual reports, confirming that the comparable-set metrics come from public filers rather than opaque private-company disclosures. | 高 | SV023, SV024, SV025, SV026 |
| CV043 | No retained public source discloses Supabase's current audited ARR, net revenue retention, gross margin, enterprise ACV mix, or cap-table preference stack. | 中 | SV001, SV003, SV004, SV007, SV014 |
| CV044 | The absence of those disclosure items means public evidence can bracket valuation but cannot pin it with venture-round precision. | 中 | SV003, SV004, SV014, SV015, SV018 |
| CV045 | No retained source shows IPO readiness or public-offering preparation, so the next valuation proof point is likelier to be another private financing or strategic secondary transaction than a near-term listing. | 中 | SV001, SV002, SV003, SV014 |
| CV046 | A reasonable diligence stance is research-more with medium confidence, high risk, and a stretched-to-fair boundary at $2 billion depending on where true ARR sits inside the public range. | 中 | SV001, SV003, SV013, SV015, SV016, SV018 |
| CV047 | Y Combinator still lists Supabase in its company directory, reinforcing the company's continuing startup-ecosystem distribution channel. | 低 | SV030 |
| CV048 | GitHub and Supabase-controlled sources show open-source community strength at or above 100,000 stars by late 2025 and 2026. | 中 | SV011, SV029 |
| 编号 | 出版方 | 标题 | 引文 |
|---|---|---|---|
| SO001 | Supabase | Supabase | The Postgres Development Platform. | |
| SO002 | GitHub | supabase/supabase | |
| SO003 | Supabase | One of the world's fastest-growing open source communities | Supabase | |
| SO004 | Supabase | Pricing | Supabase | |
| SO005 | Supabase | Supabase Docs | |
| SO006 | Supabase | Supabase for Enterprise | |
| SO007 | Supabase | Customer Stories | Supabase | |
| SO008 | Supabase | We hit 100,000 GitHub stars!! | |
| SO009 | Supabase | Supabase security 2025 retro | |
| SO010 | Supabase | Supabase incident on February 12, 2026 | |
| SO011 | Supabase | Supabase Status | |
| SO012 | Supabase | Supabase Status - Incident History | |
| SO013 | Supabase | Access Issues From Some Providers in Brazil | |
| SO014 | TechCrunch | Vibe coding helps Supabase nab $200M at $2B valuation just seven months after its last raise | |
| SO015 | Yahoo Finance | Exclusive: Supabase raises $200 million at $2 billion valuation | |
| SO016 | Y Combinator | Supabase | Y Combinator | |
| SO017 | Tech Funding News | Supabase snaps $200M at $2B valuation to power the future of vibe coding: 3 things to know | |
| SO018 | Sacra | Supabase | |
| SO019 | Tracxn | Supabase | |
| SO020 | TapTwice Digital | Supabase statistics in 2025 | |
| SO021 | GitHub | Issue #45743: Auth email hook still hits over_email_send_rate_limit | |
| SO022 | GitHub | Issue #45492: RPC schema cache ambiguous after recreate | |
| SO023 | GitHub | Issue #44907: Self-hosted cron edge function URL bug | |
| SO024 | G2 | Supabase reviews | |
| SO025 | TrustRadius | Supabase reviews | |
| SM001 | Stack Overflow | Stack Overflow Developer Survey 2025: Technology | |
| SM002 | DB-Engines | DB-Engines Ranking | |
| SM003 | GitHub | Octoverse 2025 | |
| SM004 | Postman | State of the API 2025 | |
| SM005 | JetBrains | Developer Ecosystem Report 2024 | |
| SM006 | Google Firebase | Firebase developer documentation | |
| SM007 | Google Firebase | Firebase pricing | |
| SM008 | AWS Amplify | AWS Amplify documentation | |
| SM009 | Amazon Web Services | AWS Amplify pricing | |
| SM010 | Neon | Neon documentation | |
| SM011 | Neon | Neon pricing | |
| SM012 | PlanetScale | PlanetScale documentation | |
| SM013 | PlanetScale | PlanetScale pricing | |
| SM014 | Railway | Railway documentation | |
| SM015 | Railway | Railway pricing | |
| SM016 | Render | Render documentation | |
| SM017 | Render | Render pricing | |
| SM018 | Appwrite | Appwrite documentation | |
| SM019 | Appwrite | Appwrite pricing | |
| SM020 | Hasura | Hasura DDN documentation | |
| SM021 | Hasura | Hasura pricing | |
| SM022 | Bytebase | Supabase vs. Firebase in 2026 | |
| SM023 | Supabase | Supabase homepage | |
| SM024 | Supabase | Supabase pricing | |
| SM025 | Sacra | Supabase | |
| SM026 | TechCrunch | Vibe coding helps Supabase nab $200M at $2B valuation just seven months after its last raise | |
| SM027 | Tech Funding News | Supabase snaps $200M at $2B valuation to power the future of vibe coding: 3 things to know | |
| SM028 | Grand View Research | Database as a Service Market | |
| SP001 | Supabase | Supabase | The Postgres Development Platform. | |
| SP002 | Supabase | Pricing & Fees | Supabase | |
| SP003 | Supabase | Supabase Docs | |
| SP004 | Supabase | Supabase for Enterprise | |
| SP005 | Supabase | Supabase security 2025 retro | |
| SP006 | Supabase | Supabase PrivateLink is now available | |
| SP007 | Supabase | Supabase Status | |
| SP008 | Supabase | GitHub - supabase/supabase | |
| SP009 | Firebase | Firebase developer documentation | |
| SP010 | Firebase | Firebase pricing | |
| SP011 | AWS | Amplify Documentation | |
| SP012 | AWS | AWS Amplify Pricing | |
| SP013 | Neon | Neon Docs | |
| SP014 | Neon | Neon pricing plans | |
| SP015 | Neon | Security — Neon | |
| SP016 | PlanetScale | PlanetScale Docs | |
| SP017 | PlanetScale | PlanetScale pricing | |
| SP018 | Railway | Railway Documentation | |
| SP019 | Railway | Railway pricing | |
| SP020 | Render | Render Postgres | |
| SP021 | Render | Pricing | Render | |
| SP022 | Appwrite | Appwrite Docs | |
| SP023 | Appwrite | Appwrite pricing | |
| SP024 | Hasura | Hasura Docs | |
| SP025 | Hasura | Hasura pricing | |
| SP026 | Bytebase | Supabase vs Firebase | |
| SP027 | Tracxn | Supabase | |
| SI001 | Supabase | Pricing & Fees | Supabase | |
| SI002 | Supabase | Supabase for Enterprise | |
| SI003 | Supabase | Supabase | The Postgres Development Platform. | |
| SI004 | TechCrunch | Vibe coding helps Supabase nab $200M at $2B valuation just seven months after its last raise | |
| SI005 | Yahoo Finance | Exclusive: Supabase raises $200 million at $2 billion valuation | |
| SI006 | Sacra | Supabase | |
| SI007 | GitHub | supabase/supabase | |
| SI008 | Supabase | Supabase incident on February 12, 2026 | |
| SI009 | Tracxn | Supabase | |
| SI010 | Tech Funding News | Supabase snaps $200M at $2B valuation to power the future of vibe coding: 3 things to know | |
| SI011 | TapTwice Digital | Supabase statistics in 2025 | |
| SI012 | GitHub | Issue #45743: Auth email hook still hits over_email_send_rate_limit | |
| SI013 | GitHub | Issue #45492: PostgREST schema cache remains ambiguous after function recreation | |
| SI014 | Supabase | Supabase Status - Incident History | |
| SI015 | Supabase | Supabase migration delivers an 83% reduction in data infrastructure costs for Shotgun | |
| SI016 | Supabase | Good Tape migrates to Supabase managed Postgres and Authentication and achieves database efficiency and a 60% cost reduction. | |
| SI017 | Supabase | Chatbase goes upmarket on Supabase | |
| SI018 | Supabase | Maergo's Express Delivery - How Supabase Helped Achieve Scalability, Speed, and Cost Saving | |
| SI019 | Supabase | Voypost uses Supabase's strong relational model to overcome NoSQL challenges | |
| SI020 | Supabase | GDPR-compliant AI chatbots for docs and websites. | |
| SI021 | Supabase | When to use Read Replicas vs. bigger compute | |
| SI022 | Y Combinator | Supabase: Build in a weekend. Scale to millions. | Y Combinator | |
| SI023 | OpenCorporates | OpenCorporates request for Supabase Pte. Ltd. (challenge page) | |
| SI024 | Supabase | Supabase is now ISO 27001 certified | |
| SI025 | Supabase | Mobbin | Supabase Customer Stories | |
| SE001 | Supabase | Supabase | The Postgres Development Platform. | Supabase is the Postgres development platform. Start your project with a Postgres database, Authentication, instant APIs, Edge Functions, Realtime subscriptions, Storage, and Vector embeddings. |
| SE002 | Supabase | Supabase Docs | |
| SE003 | Supabase | Use Supabase to authenticate and authorize your users. | Auth uses your project's Postgres database under the hood, storing user data and other Auth information in a special schema. |
| SE004 | Supabase | Use Supabase to store and serve files. | Supabase Storage is a robust, scalable solution for managing files of any size with fine-grained access controls and optimized delivery. |
| SE005 | Supabase | Send and receive messages to connected clients. | 'Supabase provides a globally distributed Realtime service with the following features: Broadcast, Presence, and Postgres Changes.' |
| SE006 | Supabase | Globally distributed TypeScript functions. | Edge Functions are server-side TypeScript functions, distributed globally at the edge—close to your users. |
| SE007 | Supabase | The best vector database is the database you already have. | Supabase provides an open source toolkit for developing AI applications using Postgres and pgvector. |
| SE008 | Supabase | Self-Hosting | Supabase Docs | Self-hosting is a good fit if you need full control over your data, have compliance requirements that prevent you from using managed services, or want to run Supabase in an isolated environment. |
| SE009 | GitHub | 'GitHub - supabase/supabase: The Postgres development platform. Supabase gives you a dedicated Postgres database to build your web, mobile, and AI applications.' | Supabase is a combination of open source tools. We’re building the features of Firebase using enterprise-grade, open source products. |
| SE010 | Supabase | Pricing | Supabase | Dedicated Postgres Database ... Auth ... Storage ... Postgres Changes ... Invocations ... AWS PrivateLink ... Uptime SLAs. |
| SE011 | Supabase | Supabase for Enterprise | Keep your data secure with SOC 2, HIPAA, and GDPR compliance. |
| SE012 | Supabase | Supabase is now ISO 27001 certified | The certificate covers our information security management system across the entire platform, including Database, Auth, Storage, Realtime, Edge Functions, and the Data API. |
| SE013 | Supabase | Supabase security 2025 retro | The new API key model replaces long-lived JWT-based anon and service_role keys. |
| SE014 | Supabase | Supabase incident on February 12, 2026 | The outage lasted 3 hours and 42 minutes, with full service recovery at 00:54 UTC on February 13. |
| SE015 | Supabase | Supabase PrivateLink available | Our AWS PrivateLink implementation uses AWS VPC Lattice under the hood. |
| SE016 | Supabase | When to use Read Replicas vs. bigger compute | Read Replicas solve this by isolation. Point your analytics tools at a replica. |
| SE017 | Supabase | Supabase Status | |
| SE018 | Supabase | Chatbase goes upmarket on Supabase | The backend underneath the product has stayed the same. Chatbase runs on Supabase. |
| SE019 | Supabase | "Maergo's Express Delivery: How Supabase Helped Achieve Scalability, Speed, and Cost Saving" | Maergo successfully handled 100x their highest sustained traffic with no problems on the database during the last load test. |
| SE020 | Supabase | Markprompt and Supabase - GDPR-compliant AI chatbots for docs and websites. | Building everything on Supabase from the Auth, to DB, to the vectors—this integrated experience really made it for us. |
| SE021 | Supabase | Quivr launch 5,000 Vector databases on Supabase. | Because Supabase is open source, the possibility of running it locally made it a better choice. |
| SE022 | Supabase | Firecrawl switches from Pinecone to Supabase Vector for PostgreSQL vector embeddings. | We found them to be incredibly expensive and not very intuitive... Supabase has been just as performant - if not more performant - than the other vector databases. |
| SE023 | Supabase | 'Humata Scales with Supabase: Achieving 4X Cost Savings and Enhanced Performance' | Backed by Supabase's Enterprise plan, Humata gained access to deep technical specialists to optimise the back-end performance ongoing. |
| SE024 | Supabase | "Resend's Journey with Supabase: Scaling Email Infrastructure with Ease" | Features like partitioning, read replicas, and database backups as they scaled. |
| SE025 | Supabase | Xendit use Supabase and create a full solution shipped to production in less than one week. | The full solution was built and in production in less than one week. |
| SE026 | GitHub | 'Issue #45743: Auth Email Hook still hits email rate limit' | "After being able to test for some time, i am receiving this response for almost 30 minutes now. {\"code\":\"over_email_send_rate_limit\",\"message\":\"email rate limit exceeded\"}" |
| SE027 | GitHub | 'Issue #45492: PostgREST schema cache remains corrupted after function recreation' | "Neither NOTIFY pgrst, 'reload schema' nor a full project restart clears the corrupted schema cache." |
| SE028 | GitHub | 'Issue #44907: Self-hosted edge-function URLs generated in cloud format' | The UI generates a cloud-format URL ... that fails to resolve in the Postgres container's DNS. |
| SE029 | Sacra | Supabase | Sacra | Supabase monetizes as subscription SaaS, bundling together database, authentication, storage, and APIs on top of PostgreSQL. |
| SE030 | Y Combinator | 'Supabase: Build in a weekend. Scale to millions. | Y Combinator' | Each project within Supabase is an isolated Postgres cluster, allowing customers to scale independently. |
| SE031 | Bytebase | Supabase vs Firebase 2026 comparison | Over 2025–2026 it shipped Branching (Git-based preview environments), physical read replicas, background Edge Functions, and MCP server integration for AI agents. |
| SE032 | Tech Funding News | 'Supabase snaps $200M at $2B valuation to power the future of vibe coding: 3 things to know' | Key capabilities also include real-time updates, task automation through Supabase Cron, and global scalability via read-only replicas and Edge Functions. |
| SE033 | TechCrunch | Vibe coding helps Supabase nab $200M at $2B valuation just seven months after its last raise | Supabase combines the open source SQL database Postgres with other enterprise-grade open source tools for features like authentication, auto-generated APIs, file storage, and a vector toolkit. |
| SE034 | Firebase developer documentation | Accelerate your development with fully managed infrastructure, powered by Google Cloud. | |
| SE035 | Appwrite | Appwrite Docs | All the core functionalities you need with a scalable and flexible API. |
| SE036 | Neon | Get started | Neon Docs | Neon docs center on connect, clients and tools, Neon Auth, Postgres RLS, AI, local development, and workflows. |
| SU001 | Supabase | Customer Stories | Supabase | Discover case studies on how Supabase is being used around the world to quickly create outstanding products and set new industry standards. |
| SU002 | Supabase | Supabase for Enterprise | Leading enterprises use Supabase to build faster, better, and more scalable products. From GitHub to PwC, innovative companies trust Supabase to drive their digital transformation strategy. |
| SU003 | Supabase | Pricing | Supabase | Dedicated Postgres Database ... Auth ... Storage ... AWS PrivateLink ... Uptime SLAs. |
| SU004 | Supabase | Supabase incident on February 12, 2026 | The outage lasted 3 hours and 42 minutes, with full service recovery at 00:54 UTC on February 13. |
| SU005 | Supabase Status | Supabase Status - Incident History | There will be a scheduled maintenance on 2026-05-26 from 13:00-15:00 UTC on the Shared Pooler (V1) for the eu-central-1 region. |
| SU006 | Supabase Status | Supabase Status | We are investigating reports of some access issues to Supabase IP addresses from a network provider in Brazil. |
| SU007 | GitHub | Issue #45743: Auth Email Hook still hits email rate limit | {"code":"over_email_send_rate_limit","message":"email rate limit exceeded"} |
| SU008 | G2 | Supabase Reviews 2026 | G2 | Please enable JS and disable any ad blocker |
| SU009 | TrustRadius | Supabase Reviews 2026 | TrustRadius | Just a moment... |
| SU010 | Supabase | Maergo's Express Delivery: How Supabase Helped Achieve Scalability, Speed, and Cost Saving | Maergo successfully handled 100x their highest sustained traffic with no problems on the database during the last load test. |
| SU011 | Supabase | Supabase migration delivers an 83% reduction in data infrastructure costs for Shotgun | Instead of spending $12k per month, the team now spends $2,155 per month. An 83% decrease. |
| SU012 | Supabase | Good Tape migrates to Supabase managed Postgres and Authentication and achieves database efficiency and a 60% cost reduction. | Good Tape recently crossed the €1M ARR threshold and is growing +25% MoM. |
| SU013 | Supabase | Markprompt and Supabase - GDPR-compliant AI chatbots for docs and websites. | Markprompt has successfully indexed over half a million sections of content, with a steady influx of 10,000 - 50,000 new sections daily. |
| SU014 | Supabase | How Mobbin migrated 200,000 users from Firebase for a better authentication experience. | They have now more than 400,000 registered users through word of mouth. |
| SU015 | Supabase | Chatbase goes upmarket on Supabase | More than 8,000 paying customers across the platform as of early 2026. |
| SU016 | Supabase | Firecrawl switches from Pinecone to Supabase Vector for PostgreSQL vector embeddings. | Firecrawl was experiencing tremendous success, growing Weekly Active Users by nearly 300% since March. |
| SU017 | Supabase | Quivr launch 5,000 Vector databases on Supabase. | There are now 5,100 Quivr databases on Supabase, making it one of the most influential communities on the Supabase platform. |
| SU018 | Supabase | Xendit use Supabase and create a full solution shipped to production in less than one week. | The full solution was built and in production in less than one week. |
| SU019 | Supabase | Resend's Journey with Supabase: Scaling Email Infrastructure with Ease | Resend scaled from 0 to 1,000 paying customers in one year, doubling that in just six months and reaching 5,000+ paying customers today. |
| SU020 | Supabase | Voypost uses Supabase's strong relational model to overcome NoSQL challenges | Voypost enjoyed a 20% faster development process compared to their traditional development approach. |
| SU021 | Supabase | Humata Scales with Supabase: Achieving 4X Cost Savings and Enhanced Performance | Backed by Supabase's Enterprise plan, Humata gained access to deep technical specialists to optimise the back-end performance ongoing. |
| SU022 | Good Tape | Good Tape - Automated Transcription | Secure AI Automatic Transcript Tool | Good Tape - Automated Transcription | Secure AI Automatic Transcript Tool |
| SU023 | Markprompt | Markprompt | Artificial Intelligence for Customer Support | Enterprise-grade AI agents that solve your hardest support challenges. Specialized for developer platforms and fintech. |
| SU024 | Mobbin | Mobbin — UI & UX design inspiration for mobile & web apps | Mobbin — UI & UX design inspiration for mobile & web apps |
| SU025 | Chatbase | Chatbase: The Leading AI Customer Service Platform | Chatbase: The Leading AI Customer Service Platform |
| SU026 | Firecrawl | Firecrawl - Search, Scrape, and Clean the Web for AI Agents | Firecrawl - Search, Scrape, and Clean the Web for AI Agents |
| SU027 | Resend | Resend · Email for developers | Resend · Email for developers |
| SU028 | Voypost | Voypost - Custom Software Development Company - Voypost | Voypost - Custom Software Development Company - Voypost |
| SU029 | Humata | Humata: AI meets your knowledge base | Humata: AI meets your knowledge base |
| SU030 | Xendit | Best Payment Gateway in Indonesia, Philippines and SEA | Xendit | Best Payment Gateway in Indonesia, Philippines and SEA | Xendit |
| SR001 | Supabase | Supabase incident on February 12, 2026 | The outage lasted 3 hours and 42 minutes, with full service recovery at 00:54 UTC on February 13. |
| SR002 | Supabase | Supabase Status | |
| SR003 | Supabase | Supabase Status - Incident History | |
| SR004 | GitHub | Issue #45743: Auth Email Hook still hits email rate limit | After being able to test for some time, i am receiving this response for almost 30 minutes now. |
| SR005 | GitHub | Issue #45492: PostgREST schema cache remains corrupted after function recreation | Neither NOTIFY pgrst, 'reload schema' nor a full project restart clears the corrupted schema cache. |
| SR006 | GitHub | Issue #44907: Self-hosted edge-function URLs generated in cloud format | The supabase. subdomain pattern is cloud-specific and doesn't exist in self-hosted environments. |
| SR007 | Supabase | Supabase security 2025 retro | |
| SR008 | Supabase | Supabase is now ISO 27001 certified | |
| SR009 | Supabase | Security | Supabase | Supabase is HIPAA compliant. You can store Protected Health Information (PHI) on our hosted platform once you enter into a Business Associate Agreement (BAA) with us and fulfill your HIPAA obligations under our shared responsibility model. |
| SR010 | Supabase | Supabase PrivateLink available | |
| SR011 | Supabase | When to use Read Replicas vs. bigger compute | |
| SR012 | Supabase | Pricing | Supabase | |
| SR013 | Supabase | Supabase for Enterprise | |
| SR014 | Supabase | Terms of Service | Supabase | In no event will either party's aggregate liability ... exceed the total amounts paid and/or payable to Supabase under this Agreement in the twelve (12) months immediately preceding the claim. |
| SR015 | Supabase | Privacy Notice | Supabase | |
| SR016 | European Commission | Data protection | |
| SR017 | U.S. Department of Health & Human Services | Summary of the HIPAA Security Rule | |
| SR018 | TechCrunch | Vibe coding helps Supabase nab $200M at $2B valuation just seven months after its last raise | |
| SR019 | Tech Funding News | Supabase snaps $200M at $2B valuation to power the future of vibe coding: 3 things to know | |
| SR020 | Supabase | One of the world's fastest-growing open source communities | Supabase | |
| SR021 | Supabase | We hit 100,000 GitHub stars!! | |
| SR022 | GitHub | GitHub - supabase/supabase: The Postgres development platform | |
| SR023 | Supabase | Self-Hosting | Supabase Docs | |
| SR024 | Supabase | Use Supabase to authenticate and authorize your users. | |
| SR025 | Tracxn | Supabase | |
| SR026 | Taptwice Digital | Supabase statistics in 2025 | |
| SR027 | Postman | 2025 State of the API Report | Postman | |
| SR028 | Stack Overflow | Stack Overflow Developer Survey 2025: Technology | |
| SR029 | Bytebase | Supabase vs Firebase 2026 comparison | |
| SR030 | Yahoo Finance / Fortune | Exclusive: Supabase raises $200 million at a $2 billion valuation | |
| SR031 | Firebase | Firebase SQL Connect overview | |
| SR032 | Firebase | Access data offline with Cloud Firestore | |
| SR033 | Supabase | Database Backups | Supabase Docs | |
| SR034 | Supabase | Going into production | Supabase Docs | |
| SV001 | TechCrunch | Vibe coding helps Supabase nab $200M at $2B valuation just seven months after its last raise | Supabase announced a $200 million Series D at a $2 billion post-money valuation led by Accel. |
| SV002 | Yahoo Finance | Exclusive: Supabase raises $200 million at $2 billion valuation | Supabase raises $200 million in a Series D that values the company at $2 billion. |
| SV003 | Sacra | Supabase | Sacra estimates that Supabase reached $70M in annual recurring revenue in 2025. |
| SV004 | GetLatka | Supabase company profile | In 2025, Supabase's revenue reached $70M and the company previously reported $31M in 2025. |
| SV005 | Supabase | Supabase | The Postgres Development Platform. | |
| SV006 | Supabase | One of the world's fastest-growing open source communities | Supabase | |
| SV007 | Supabase | Supabase for Enterprise | |
| SV008 | Supabase | Pricing | Supabase | Pro starts at $25 per month and Team starts at $599 per month with additional usage-based charges. |
| SV009 | Supabase | Supabase incident on February 12, 2026 | The outage lasted 3 hours and 42 minutes and automatic cross-region failover for customer Postgres databases was not yet available. |
| SV010 | Supabase Status | Supabase Status - Incident History | |
| SV011 | Supabase | We hit 100,000 GitHub stars | Today we have eight million developers building with Supabase. |
| SV012 | Tech Funding News | Supabase snaps $200M at $2B valuation to power the future of vibe coding | |
| SV013 | TapTwice Digital | Supabase statistics in 2025 | Supabase generated $16 million in revenue in 2024 and is projected to reach $27 million in 2025. |
| SV014 | Tracxn | Supabase | Tracxn lists a March 2025 Series D at $2B and an October 2025 Series E at $5B. |
| SV015 | Yahoo Finance | MDB quote page | |
| SV016 | Yahoo Finance | DDOG quote page | |
| SV017 | Yahoo Finance | NET quote page | |
| SV018 | Yahoo Finance | SNOW quote page | |
| SV019 | MongoDB Investor Relations | MongoDB investor relations overview | |
| SV020 | Datadog Investor Relations | Datadog investor relations overview | |
| SV021 | Cloudflare Investor Relations | Cloudflare investor relations overview | |
| SV022 | Snowflake Investor Relations | Snowflake investor relations overview | |
| SV023 | Securities and Exchange Commission | MongoDB 10-K filing search results | The SEC filing search shows MongoDB filed a 10-K on 2026-03-11. |
| SV024 | Securities and Exchange Commission | Datadog 10-K filing search results | The SEC filing search shows Datadog filed a 10-K on 2026-02-18. |
| SV025 | Securities and Exchange Commission | Cloudflare 10-K filing search results | The SEC filing search shows Cloudflare filed a 10-K on 2026-02-26. |
| SV026 | Securities and Exchange Commission | Snowflake 10-K filing search results | The SEC filing search shows Snowflake filed a 10-K on 2026-03-20. |
| SV027 | Supabase | Read replicas vs bigger compute | |
| SV028 | Supabase | Supabase PrivateLink available | |
| SV029 | GitHub | supabase/supabase repository | |
| SV030 | Y Combinator | Supabase | Y Combinator |