Acceptable Use Policy#

Last Modified: 25 February 2026

This Acceptable Use Policy (this "Policy") describes prohibited uses of the web services offered by Supabase, Inc. and its affiliates (the "Services") and the website located at https://supabase.com (the "Supabase Site").
By using the Services or accessing the Supabase Site, you agree to the latest version of this Policy. Violation of this Policy may result in the immediate suspension or termination of your Accounts and / or Services.

1. General Prohibitions#

1.1. You may not use the Services in any manner that materially degrades, disrupts, or interferes with the Services or other customers' use of the Services.
1.2. Illegal & Fraudulent Activities: Any activity that violates applicable laws or regulations. This includes but is not limited to the dissemination of child sexual abuse material (CSAM), promoting fraudulent schemes (e.g., Ponzi or "make-money-fast" scams), and identity theft.
1.3. Infringing Content: Content that infringes or misappropriates the intellectual property or proprietary rights of others, including wholesale copyright infringement (piracy) or hosting unauthorized streaming services.
1.4. Harmful Technology: Viruses, malware, Trojan horses, or any technology intended to damage systems and/or surreptitiously intercept data.
1.5. Obfuscation: Using techniques to obfuscate code or application logic uploaded to the Supabase platform to hide malicious intent or bypass platform detection and security controls.

2. Artificial Intelligence and Content Manipulation#

2.1. Deepfakes & Deceptive or Malicious Synthetics: Generating or storing synthetic media intended to deceive or harass, including but not limited to non-consensual sexual imagery.
2.2. Safety Guardrails Circumvention: Using Services to facilitate the "jailbreaking" of third-party AI models or to bypass safety guardrails.
2.3. Unauthorized Probing & Scraping: Storing or processing datasets obtained through web scraping, or performing automated network and system reconnaissance (including port scanning), in violation of a third party's terms of service, robots.txt directives, or without explicit authorization.
2.4. Reputation & SEO/AEO Manipulation: Creating "gibberish" or nonsensical content, deceptive search engine results, or falsifying reputation metrics (e.g., automated generation of fake social proof or "stars").

3. Security and Network Integrity#

3.1. Unauthorized Access: Attempting to probe, scan, or test the vulnerability of any system (including port scanning) outside the requirements of our Vulnerability Disclosure Program.
3.2. Denial of Service (DoS): Inundating a target with requests (including flooders, reflectors, and amplifiers) to render it ineffective or slow.
3.3. Proxy & Anonymization Services: Operating open proxies, open mail relays, or "proxy farms" used to bypass GeoIP restrictions or IP-based rate limits.
3.4. Cryptocurrency Mining: Using Supabase compute resources (including Edge Functions) to mine digital assets or cryptocurrencies.
3.5. Vulnerability Disclosure: Exploiting discovered vulnerabilities or publicly disclosing them before a fix is available. Discoveries must be reported privately to Supabase.

4. Account and Message Abuse#

4.1. Email Requirements: You may not use temporary, disposable, or "dead-drop" email addresses for your Supabase account.
4.2. Automated & Bulk Registration: Creating accounts via automated means, registering accounts in bulk, or maintaining an excessive number of accounts as a single user is prohibited without explicit permission from Supabase.
4.3. Spam & Deception: Distributing unsolicited mass messages, altering mail headers to obscure identity, or collecting personal data via phishing and deceptive web forms.
4.4. Infrastructure Abuse: Using the Services as a "drop-zone" for stolen data or as command-and-control (C2) infrastructure for malware.

5. Financial Crime and Regulated Goods#

5.1. Carding & Financial Fraud: Using the Services for card testing, card verification, or the storage of stolen financial data.
5.2. Illegal Trade: The sale or distribution of controlled substances, drug paraphernalia, or facilitating unregulated gambling and wagering activities.
5.3. High-Risk Systems: Use in nuclear facilities, aircraft navigation, or life support systems where failure could lead to death or catastrophic damage.

6. Monitoring and Enforcement#

6.1. Investigation and Action: Supabase reserves the right, in its sole discretion, to investigate, suspend, or terminate access to the Services if Supabase determines that a user's conduct violates this Policy or poses legal, regulatory, security, reputational, or operational risk to Supabase, the Services, or other customers.
6.2. Reporting: We may report suspected illegal activity to law enforcement, regulators, or other appropriate third parties. This may include disclosing appropriate customer information and cooperating with investigations into illegal conduct.
6.3. Obligation: Supabase has no obligation to monitor user content or activity and does not assume responsibility for user content.

7. Reporting Violations#

Report violations to legal@supabase.io or abuse@supabase.io