Is supabase secure enough to store very sensitive information such as social security numbers and full credit card info?

Hello @Jingly! This thread has been automatically created from your message in #843999948717555735 a few seconds ago. We have already mentioned the @User so that they can see your message and help you as soon as possible! Want to unsubscribe from this thread? Right-click the thread in Discord (or use the ``...`` menu) and select "Leave Thread" to unsubscribe from future updates. Want to change the title? Use the ``/title`` command! We have solved your problem? Click the button below to archive it.

You should never store any of these things inside of your own DB system. You normally leave the credit card info storage up to the payment gateway you will be using.

But say I was building an application using Supabase that's purpose was to store and track this information for other companies. https://supabase.com/docs/company/terms. Under Part 7. It states that the customer must have supabase's prior written approval to store payment cardholder information. Does this mean that with the right encryption/storage/etc that supabase is compliant with data protection/data storage laws(PCI DSS, HIPAA, GLBA, etc.)? I mention this because I am prepared to spend the time and resources to make sure that all of these are meant on the front-end. Assuming I am not going to self-host, I'm just clarifying that Supabase is compliant with these regulations?

Please open a support request with more information about the kind of project you wish to use Supabase for https://app.supabase.io/support/new