For freelance projects, Supabase is the closest thing to a cheat code I've found. You get a real Postgres database, authentication, file storage, edge functions, and realtime — all behind one client SDK, all on a free tier that covers most early-stage apps. The combination eliminates the parts of backend work that don't directly serve the client (server provisioning, auth flows, file upload plumbing, deployment pipelines) and lets me ship features that actually justify my invoice. Row Level Security is the underrated headline feature — it pushes access control into the database itself, which means a tiny frontend-heavy team can ship a multi-tenant app safely. I don't use Supabase for everything; some projects genuinely need different tools. But for the 90% of freelance work that looks like "CRUD with auth, file uploads, and a few realtime touches," nothing else gets me from kickoff to launch faster.
When you're freelancing, every hour you spend on backend setup is an hour you're not building features the client actually cares about. Clients don't pay you to provision a database server. They don't pay you to write a password reset flow from scratch. They don't pay you to think about S3 IAM policies or set up nightly backups. They pay you for the thing that solves their problem.
After years of cobbling together my own stacks — Express on Heroku with Postgres on RDS, then Firebase, then Hasura, then back to Postgres on Render — I needed a backend that:
Supabase checks every box. Two years in, I've never wanted to leave.
A real relational database with foreign keys, joins, constraints, views, materialized views, full-text search, JSON columns, and every other Postgres feature that's been battle-tested over thirty years. This matters more than people give it credit for. A "modern" document database lets you ship the first feature faster, then punishes you when your data model evolves. Postgres lets you ship the first feature in a perfectly survivable way, and rewards you when the data model grows up.
Row Level Security (RLS) is the killer feature. You write SQL policies that say "users can only see their own rows," and Postgres enforces it for every query, no matter where it comes from — your React app, your edge function, a SQL console session. That single feature eliminates an entire category of authorization bugs that plague hand-rolled APIs.
Email/password, OAuth (Google, GitHub, Apple, Twitter, Discord, dozens more), magic links, SMS OTP, phone auth, anonymous sessions — all built in. The client SDKs handle session management, refresh tokens, and persistence automatically. A typical login form in my projects is fifteen lines of code, and it's been the same fifteen lines for two years.
The piece I value most is the JWT integration with RLS. Every authenticated request automatically carries the user's identity into the database, which means RLS policies can reference \auth.uid()\ and the right user always gets the right rows.
File uploads with bucket-level access control. Perfect for user avatars, project images, document uploads, and product photos. You can mark a bucket public or private, write RLS-style policies for object access, and the SDK gives you signed URLs with expiry built in. I've shipped projects with gigabytes of user-uploaded files and never had to think about S3 once.
When I need server-side logic — webhook handlers, third-party API calls, scheduled jobs, anything that shouldn't run in the browser — Edge Functions run on Deno at the edge. No server to provision, no Dockerfile to write, no autoscaling to configure. I write a function, run \`supabase functions deploy\