Skip to main content
Prefer to run your own backend? You can connect your own Supabase project to a Kleap site. This is the “bring your own database” option — for full control, if you already use Supabase, or if you want Supabase-specific features.
Not sure which to pick? Kleap Database is the built-in, zero-setup option — no account, managed for you. Choose Supabase when you want to own and manage the backend yourself. See Kleap Database.

Kleap Database vs. Your Own Supabase

Kleap DatabaseYour own Supabase
SetupBuilt in, on demandYou create a Supabase project
Managed byKleapYou
Best forFastest path, most sitesFull control, existing Supabase users
Where data livesIn KleapIn your Supabase account

Connecting Your Supabase

1

Create a Supabase project

In your Supabase dashboard, create a project and copy two values from Project Settings → API: your Project URL and your anon (public) key.
2

Add the keys and wire it up

These are safe to use in the browser. Give them to the AI and describe what you want:
3

Build with it

Ask the AI to read and write your tables, add login, or show per-user data. It uses the Supabase client from your site’s interactive parts.

Keys & Security

Kleap sites are static, so anything in the site is public. That’s fine for Supabase’s anon (public) key — it’s designed to be exposed, and your data is protected by the Row Level Security policies you set in Supabase.
Only use the anon / public key in your site. Never put your Supabase service_role secret key in a website — it bypasses all security. Service-role operations must run on a backend you control (a serverless function), not in the static site.

What Works From a Static Site

Using the public key from your site’s interactive parts, you can:
  • Read & write data — protected per-user by your Row Level Security policies
  • User accounts — Supabase Auth (email/password, magic link, OAuth), client-side
  • File storage — public buckets or signed URLs
  • Realtime — live updates when table data changes

Needs a Backend

Anything requiring the service_role key — admin writes that bypass RLS, server-only logic, secure webhooks — must run in a separate serverless function, not in the static site.

Managing Your Backend

Schema, RLS policies, auth providers, and storage buckets are managed in your Supabase dashboard, the same as any Supabase project. Ask the AI to generate the SQL or policies, then apply them in Supabase.

Best Practices

Enable RLS on every table that holds user data. Since the public key is exposed in the browser, RLS is what keeps data private.
Never ship it in your site. Use it only from a backend you control.
If you just need saved data or logins without managing a backend, the built-in Kleap Database is faster.

Prefer zero setup?

Use the built-in Kleap Database — no external account