In a Flux project, each service owns a specific slice of data. Supabase handles everything that needs a persistent relational store tied to a logged-in user. Profiles, orders, wishlists, and custom business logic.

Create a free project at supabase.com, copy your project URL and anon key, then install the JS client. The anon key is safe to expose to the browser. Row-Level Security on your tables enforces what each user can actually read or write.

Supabase Auth handles sign-up, sign-in, OAuth providers (Google, GitHub), magic links, and session management. The session JWT is automatically attached to every supabase-js request, so your RLS policies can reference auth.uid() to scope rows to the current user.

Supabase gives you a full Postgres database. Query it with the supabase-js client or raw SQL. Row-Level Security (RLS) policies run inside Postgres. They ensure users can only read or write their own rows, even if the anon key is exposed.

Supabase Storage is an S3-compatible object store. Use it for product images, user avatars, and any file uploads. Buckets can be public (CDN-served) or private (signed URLs required). Storage policies use the same RLS syntax as database tables.