Supabase — Conversation Data with Auth, RLS, and Real-Time Built In

RLS is enabled by default on new tables in Supabase. Your pipeline — Edge Functions, cron jobs, external scripts — needs to bypass RLS using the service role key. Application users should go through RLS policies. Design your policies before you start writing data, not after. Retrofitting RLS onto a table with existing data and active queries is painful and error-prone.

The service role key bypasses all RLS. Never expose it in client-side code. Use it only in Edge Functions, server-side scripts, and backend services. Rotate it immediately if compromised. Store it in environment variables — never commit it to source control, never log it, never pass it in a URL parameter.

Edge Functions have a ~200ms cold start on first invocation. For webhook handlers that fire a few times per minute, this is fine. For high-frequency endpoints (>100 req/sec), consider an external service. Max execution time is 150 seconds. Memory limit is 150MB per invocation. These limits are generous for data ingestion but will bite you if you try to do heavy processing inside the function.

Edge Function webhook handler

Recommended starting pattern

Bulk historical loads

External pipelines

RLS policy testing

Test policies in the SQL editor with: set role authenticated; set request.jwt.claims = '{"tenant_id": "test"}'; Then run your SELECT and INSERT queries to verify users can only see their own data. Test both read and write policies. A misconfigured policy that silently returns zero rows is worse than one that throws an error.

Edge Function monitoring

Check Edge Function logs in the Supabase dashboard under Edge Functions → Logs. Monitor for timeouts (150s limit), memory errors, and cold start frequency. If you’re hitting invocation limits on the free plan, scale to Pro. Set up alerts for failed invocations — a silently failing webhook handler means missing data.

Connection pooling with Supavisor

Use port 6543 (Supavisor) for application connections, not port 5432 (direct). Supavisor handles connection pooling automatically. Direct connections are limited and vary by plan — the free tier allows around 60 direct connections. External scripts, BI tools, and application backends should all go through the pooler.

Storage limits by plan

Free plan: 500MB database, 1GB file storage. Pro plan: 8GB database, 100GB file storage. Raw transcripts consume storage fast — a single call transcript can be 20–50KB. At 100 calls per day, that’s 1–5MB daily in transcript data alone. Check your plan limits before loading large historical datasets. You’ll likely need Pro for production volumes.

Realtime channel limits

Supabase Realtime supports broadcasting changes on table rows. On the free plan, you get 200 concurrent connections. For production alerting systems that serve multiple users or teams, use Pro for higher limits. Each dashboard tab or browser window counts as a separate connection.

Postgres under the hood

Everything from the PostgreSQL operational guide applies here: autovacuum tuning, index maintenance, EXPLAIN ANALYZE for slow queries. Access Postgres directly via the Supabase SQL editor or any Postgres client. Supabase does not hide the database from you — you have full superuser access.

Use Supabase’s auto-generated REST API to fetch conversation_signals filtered by team and date range. Build a React dashboard with the supabase-js client. No backend needed — PostgREST serves the data directly. Filter with URL parameters, paginate with Range headers, and let RLS handle per-tenant access control automatically.

Enable Realtime on the conversation_signals table. Subscribe to INSERT events where signal_name = 'risk_flag'. When a high-risk signal lands, instantly notify the rep’s manager via a connected Slack webhook. Zero polling, instant response. The alert fires the moment the row is committed, not on the next polling cycle.

Use the Supabase SQL editor to run aggregation queries — average score by rep, by week, with trend lines. Export results as CSV for stakeholders who prefer spreadsheets. When self-service becomes important, connect a BI tool like Metabase or Grafana directly to your Postgres instance via the connection string.