Supabase has achieved SOC2 Type 1 compliance, which evaluates companies on five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. The company underwent a rigorous process to get certified, including choosing a compliance monitoring tool, Vanta, and selecting an auditor. The audit verified that Supabase was adhering to its stated policies at the time of the audit, but also highlighted the importance of ongoing security measures. The certification is not just about passing a test, but about implementing security practices that improve security or risk threshold in a meaningful way. Supabase used the SOC2 process to codify its existing security practices and will continue to work on improving its security posture, including obtaining HIPAA certification and rolling out security improvements for all projects hosted on the Supabase Cloud offering.