Training
Certification Leadership Frameworks Agentic for Business
Community Keynotes Retreat Blog Book A Consultation
Protocol 07 of 18 · Track, Infrastructure · The rails

Supabase, data structures basics

Tables, rows, columns, relationships, and row-level security. Enough of the data model to read, write, and reason about a database without breaking it.

← All 18 protocols
Protocol 06 Vercel hygiene, domains and DNS All 18 Protocol 08 Design systems and Claude design
Why this matters

The pain it
solves

Most of what you want to build eventually needs to remember things. Names of leads. Status of orders. Settings the user changed. The moment remember enters the requirements, you need a database.

Supabase is the friendliest database for non-engineers building real products. Postgres wearing a friendly interface. You can build a table by clicking, read and write through a simple API, and Claude can do almost all of it for you.

The teaching

What this
actually is

Four ideas that cover 80% of the data you will ever store

Most of what you build eventually needs to remember things. Leads. Orders. User settings. Once you need remember, you need a database. Four ideas cover most of it.

  • Tables, rows, columns
    A table is a list. A row is one item in that list. A column is one fact about that item. A contacts table has rows of contacts, each with columns for name, email, created_at.
  • Relationships
    A row in one table can point at a row in another (a foreign key). An orders table can have a contact_id column pointing at the contacts row that placed the order.
  • CRUD: select, insert, update, delete
    Four operations every database has had for fifty years. Read rows, write rows, change rows, remove rows. Supabase wraps these in a JavaScript client so you call them with one line each.
  • Row-Level Security (RLS)
    Postgres can decide, per row, who is allowed to read or write it. The IL default: RLS on for every table, then add a single policy per use case.

The discipline

Three rules keep your database from rotting into a junk drawer.

  • Schema lives in code, not in your head
    Every table and column in supabase/*.sql files in the repo. If you create a table in the dashboard, copy the SQL into the repo before you commit.
  • One table per concept
    Contacts go in contacts. Orders go in orders. Resist the urge to make one big stuff table.
  • Required columns from the start
    Every table gets id (uuid), created_at (timestamp), and (if user-scoped) user_id. Add them now or wish you had later.

Why Supabase, not raw Postgres

Postgres is the most trusted open-source database, with three decades of production use. You could run your own. Supabase is Postgres plus a team you cannot afford: backups, scaling, auth, an API layer, a dashboard, RLS made friendly.

You pay nothing until you outgrow the free tier (500MB and 50K monthly users). After that, the pricing is honest. The free tier holds an entire real business.

Try it yourself 30 minutes

Hook up a real lead capture in 30 minutes

You need: your Hello World site from Protocol 02 (with a custom domain from Protocol 06), and a Supabase account (created in Protocol 02 or just sign up now).

  1. Step 01
    Create the contacts table

    In Supabase, Table Editor > New Table > contacts. Columns: id (uuid, primary), email (text, required), name (text), created_at (timestamptz, default now()). Enable RLS.

  2. Step 02
    Add an insert policy

    Authentication > Policies > contacts > New policy. Allow anon role to INSERT, with a check of true (anyone can submit). Read access stays locked.

  3. Step 03
    Get your API credentials

    Settings > API. Copy the project URL and the anon key. Add them to your Vercel env vars as NEXT_PUBLIC_SUPABASE_URL and NEXT_PUBLIC_SUPABASE_ANON_KEY (and to .env.local for local testing).

  4. Step 04
    Build the form by prompt

    In Claude Code: "Add a contact form to the homepage with name + email fields. On submit, insert a row into the Supabase contacts table using the anon client. Show a thank-you message on success."

  5. Step 05
    Submit a real test lead

    Commit, push, wait for Vercel. Open your live site, fill the form, submit. Open Supabase Table Editor > contacts. Your row is there.

  6. Step 06
    Verify RLS is working

    Open a new browser tab. Try to hit your-project.supabase.co/rest/v1/contacts?select=* without the auth header. You should get a 401. Strangers cannot read your data.

Outcome

A real lead capture on your live site, writing to a real Postgres database, with row-level security keeping your data private. Your Hello World is no longer just a flier; it is the front door of a small product.

Official resources

Straight from
the source

Supabase doc
Supabase Next.js quickstart
Supabase doc
Row-Level Security basics
PostgreSQL doc
Postgres documentation
Supabase doc
Supabase JavaScript client
What you walk out with

By the end of this
protocol

At the retreat

You learn it by
doing it

You turn your Hello World into a real lead capture: contact form, Supabase table, RLS policy, email confirmation, all in 30 minutes.

Saigon, Jun 19 to 21 See all 18 protocols
Connects to

Other protocols this
compounds with

Protocol 10
Communications
 Protocol 11
Admin interfaces
 Protocol 17
AI testing vs human testing
← Previous, Protocol 06
Vercel hygiene, domains and DNS
 Next, Protocol 08 →
Design systems and Claude design