An open-source Firebase alternative
Supabase, an open-source Firebase alternative, makes it easy for developers to launch websites or mobile applications with a scalable back-end. The platform provides key features such as authentication for application access, databases for storing information, real-time updates, storage, and automated API generation based on tables. By offering these essential components, Supabase enables developers to quickly ship top-shelf products. Supabase heavily focuses on the developer experience and continuously adds new features to make back-end development more accessible for all teams.
Founded in 2020, Supabase originally began as a marketplace for PostgreSQL extensions. Inian, one of the first few engineers at Supabase, joined the company after they graduated from Y Combinator in the summer of 2020. Initially an Infrastructure/Site Reliability Engineer, Inian eventually transitioned into product and security engineering roles.
Given the nature of their industry, security and compliance have been a top priority for Supabase since day one. Their target customers are other developers — who are incredibly security conscious and build applications that ingest customer data and thus, need to demonstrate trust to their customers. Knowing this, the company built a team of security-proactive individuals, with Inian and another engineer leading the charge to champion a security and compliance-focused culture within Supabase.
Scaling go-to-market motions from 0 to 1 while building trust
As Supabase began to scale their go-to-market strategy, the company faced several challenges. Initially, their user base consisted of early adopters and individual hobbyists who were more interested in trying out the platform rather than using it for professional purposes. However, as word of mouth spread, the company started attracting customers who began to use Supabase for work-related purposes. Supabase then quickly grew from a team of 5 to 60 employees globally to help them address the challenge of retaining existing customers and growing with them throughout the product life cycle.
As Supabase expanded their customer base and moved toward the enterprise market, the company had to adapt their product offerings and features to meet the needs of larger businesses. Their original customer base of independent developers did not necessarily prioritize security — but the move upmarket required a higher level of trust and proving security. This meant focusing on security and compliance, which was crucial for gaining the trust of enterprise customers.
From the outset, Supabase understood the importance of focusing on security, as they host customer databases, and any breach could be disastrous for the company. As Inian put it, “Trust is difficult to regain once lost,” and the need for compliance became apparent once time-consuming security questionnaires came rushing in from their larger prospects. This, combined with the push for SOC 2 compliance, came as a result of customers inquiring about Supabase’s compliance status, which often served as a blocker for further engagement.
Inian knew that becoming compliant while the company was still in their early stages would help ingrain security as part of the culture. As he put it, “It’s easier to get and maintain compliance while your company is still small.” Achieving SOC 2 compliance would make their lives easier and facilitate conversations with prospects while also indicating their seriousness in catering to security-conscious larger enterprises. In addition, they recognized the importance of HIPAA compliance as a strong requirement for their healthcare customers, driving their decision to pursue HIPAA compliance in late 2022.
Trusting in Vanta's experience and expertise
Supabase recognized the need for a streamlined compliance process and chose Vanta's experience and expertise. They wanted to avoid the traditional consulting process, so they were referred to Vanta through their mutual Y Combinator network, where Vanta was highly recommended for its competitive pricing and high-quality product.
Vanta's intuitive user experience, combined with its first-to-market position and extensive audit experience, made it easy for Supabase to choose Vanta over other competitors. The platform provided Supabase with a comprehensive overview of SOC 2 requirements, clarifying which aspects were relevant for the SOC 2 audit, which were not, and which controls helped with progress towards HIPAA compliance. Supabase also found that their auditors’ familiarity with Vanta and their experience with other devtool companies proved to be a huge source of time savings, and meant less back-and-forth between their engineers and the auditing team.
Supabase had also initially considered building a continuous monitoring system in-house. However, they found it challenging to make it public to customers who were interested in the state of Supabase’s security posture. Vanta's Trust Reports solved this issue by allowing Supabase to easily share their compliance status with customers without sharing screenshots. Vanta's policy templates were also extremely helpful in streamlining the creation and implementation of security policies and meant Supabase did not have to start from scratch.
Overall, Supabase's decision to trust Vanta's experience and expertise paid off, resulting in a streamlined and effective compliance process that positioned the company for continued success in the move upmarket.
Using Vanta to demonstrate trust with upmarket customers
Vanta's comprehensive solution has allowed Supabase to transform trust into a revenue-generating opportunity and successfully acquire larger customers. By partnering with Vanta, Supabase has experienced a significant reduction in security questionnaires, streamlining their operations and enabling them to focus on growth.
One of the most valuable aspects of Vanta's offering is Trust Reports, which have proven useful for handling inbound leads and gathering prospect information when potential customers request access to Supabase's security documents. By linking prospects to their Trust Report from their security page, Supabase has facilitated conversations between prospects and their Growth teams — accelerating deal cycles.
Ultimately, Vanta has enabled Supabase to strengthen their position in the market by providing the tools and expertise necessary to build trust with enterprise customers and ensure their ongoing success.
Vanta Trust Reports for demand generation
Supabase sought to build their security page to showcase their strong security culture and highlight the importance of protecting customer data. The goal was to create a platform that would not only demonstrate their commitment to security but also support lead-generation efforts.
Vanta's Trust Reports allowed their security page to become more interactive. By integrating Trust Reports with Supabase's existing systems, the company accessed a continuous monitoring solution that provided a live look into their security posture. The real-time tracking feature of Trust Reports became a valuable asset for Supabase, allowing them to stay up-to-date with their security measures and ensure customer confidence.
In addition to enhancing their security visibility, Trust Reports contributed to a quantifiable return on investment for Supabase. Being in their early stages, Supabase was heavily focused on driving demand and streamlining the lead generation process. Trust Reports proved to be an essential part of their top-of-funnel strategy and delivered these benefits by allowing interested prospects to learn more about Supabase’s security posture themselves and providing a way for prospects to reach out to Supabase’s Growth team directly. As a result, Supabase has leveraged their work in security and compliance and build elevated trust in their brand, which has contributed to their growth and long-term success.