[kiwicopple]

Hey there, supabase ceo here. I did a cmd+f for "HIPAA" and didn't find it anywhere in your description. I don't mind whether you use supabase or not, but please make sure that you take care of patient data. Everything you do should be HIPAA compliant.

The number 1 feature of your project should be security. Supabase is just Postgres + tools - it will be as secure as you decide to make it.

[janreges]

Hi @kiwicopple, thank you for your reply. The project will be implemented in the EU and of course we will be subject to GDPR regulations and laws related to medical documentation. If the project is successful, we would like to provide the source code free of charge to responsible people in other countries, but that is far in the future.

My post was more about whether the actual power-users of Supabase consider the current state and version of Supabase production-ready even for high-load deployments. If e.g. GraphQL performance is not a problem, etc. If we decide to use Supabase, it is definitely only with strict RLS and our own backend outside Supabase for critical API endpoints. It will be a completely self-hosted solution on your own physical servers, no cloud, no edge-functions, etc.