- Why 'Supabase alternative' is really four different searches, not one
- The best replacement for each piece: database, auth, bundle, or self-hosting
- How Supabase and Neon actually differ head-to-head
- How to sequence a migration so it can never take the app down
Supabase bundles five products - Postgres, auth, auto-APIs, storage, realtime - and that bundle is exactly why 'Supabase alternative' is a confusing search: the right answer depends entirely on which part stopped working for you. Ranking ten platforms in a line hides that. So this guide is organized the useful way: by what you're actually replacing. (Disclosure: Swyftstack is our product; it appears in one section below, with its limits stated.)
First, diagnose your reason for leaving
"We only use the database." You want managed Postgres, not a platform. → Section 1.
"We love the bundle, want a different one." You want another BaaS. → Section 2.
"Auth is the pain point." Replace auth, keep the rest. → Section 3.
"We need control/sovereignty." Self-host something. → Section 4.
You're replacing | Best alternatives | Why |
|---|---|---|
Just the database | Neon, Swyftstack, AWS RDS, DigitalOcean | Plain Postgres, no bundle tax |
The bundle / DX | Firebase, Appwrite, Nhost, Convex | Batteries-included backend |
Auth | Clerk, Auth.js, Better Auth, Keycloak | Dedicated, deeper auth |
Nothing - just control | Self-hosted Supabase | Same features, your servers |
The best Supabase alternative depends on which piece you are replacing.
The best Supabase alternative depends on which piece you are replacing.
The best Supabase alternative depends on which piece you are replacing.
1. You just want the Postgres: Neon, Swyftstack, RDS, DigitalOcean
The most common case in practice. Because Supabase's core is standard PostgreSQL, exporting is mechanical - the decision is where to land:
Neon - serverless Postgres with branching and scale-to-zero. Best when your workloads are spiky or you want database-per-preview-branch workflows; watch usage-based pricing on always-on apps.
Swyftstack (us) - flat-price managed PostgreSQL plus S3-compatible storage, daily backups and pooling included, guided migration from Supabase that verifies row counts. Best when you want the data layer boring and predictable next to an app hosted elsewhere. Not the answer if you need Supabase's auth/realtime replaced too - pair us with an auth provider from section 3.
AWS RDS / Cloud SQL - when the org already lives in that cloud and needs its compliance surface. Expect cloud-admin ergonomics.
DigitalOcean-style managed - instance-shaped, fixed price, unexciting in the good way.
Whichever you pick, the auth question follows you: your RLS policies referencing auth.uid() need rewiring to your new session mechanism - the multi-tenant RLS patterns post shows the standard replacement.
2. You want a different bundle: Firebase, Appwrite, Nhost, Convex, PocketBase
Firebase - the original BaaS; superb mobile SDKs and realtime, but you trade SQL for Firestore's document model. Choose it for mobile-first products that were never really relational.
Appwrite - open-source, self-hostable, multi-language SDKs; the closest philosophical sibling with a strong self-managed story.
Nhost - Postgres + Hasura: the pick when you want GraphQL as the API layer instead of PostgREST.
Convex - a different model entirely (TypeScript functions + reactive queries, no SQL). Compelling DX for greenfield realtime apps; it's a rewrite, not a migration.
PocketBase - a single Go binary with auth, database (SQLite), and files. Astonishingly good for small self-hosted apps; know SQLite's write-concurrency limits before betting a busy product on it.
3. Auth was the problem: Clerk, Auth.js, Better Auth, Keycloak
If the database is fine but auth is why you're searching, replace just that: Clerk (polished hosted auth with great Next.js DX), Auth.js / Better Auth (open-source, in-your-app, no per-user vendor bill), or Keycloak (self-hosted, enterprise SSO). All of them coexist happily with any Postgres from section 1 - auth issues a user id, your app passes it to the database session, RLS enforces it.
4. Control requirements: self-host Supabase - or simplify
Self-hosted Supabase gives you the exact platform on your metal; budget for operating its dozen services like the distributed system it is. The alternative worth considering: most apps that 'need self-hosted Supabase' actually need Postgres + an auth library + object storage - three boring components you can operate (or buy) separately with far less machinery. Honest self-assessment beats ideology here.
How to choose in five minutes
List which Supabase features you actively use (check the dashboard, not your memory).
One or two features → migrate those pieces to specialists (sections 1 + 3).
Three or more → you're a bundle customer; compare bundles (section 2).
Regulatory/control driver → section 4, with eyes open.
Whatever you choose: export a backup this week regardless. Here's how.
The comparison people actually ask for: Supabase vs Neon head-to-head
Since section 1's two Postgres-first options prompt the most follow-ups: Supabase and Neon are less rivals than different layers. Neon sells the database itself - serverless compute, branch-per-PR workflows, usage pricing - and assumes you bring auth, storage, and APIs. Supabase sells the assembled backend and assumes you want the whole thing. Teams leaving Supabase for 'just Postgres' who choose Neon are also adopting its serverless trade-offs (cold starts, meters); teams choosing a provisioned flat-price platform are optimizing for always-on steadiness instead. We've written the full Neon vs Supabase comparison for that decision specifically - and the honest summary is that they're both excellent at different questions.
Sequencing the migration so it can't hurt you
Export everything first - database dump, storage objects, auth user list - before any decision is final. The export is leverage: you negotiate with options, not hopes.
Stand up the new database and restore; verify row counts and run the test suite against a staging copy.
Move auth (the hard part) behind a feature flag if you can: new sessions on the new provider, old sessions honored until expiry, users never mass-logged-out.
Re-point storage URLs last - objects are the most mechanical piece, and a base-URL config change usually completes it.
Keep the Supabase project alive-but-idle for a month as the rollback nobody should ever need but everyone sleeps better having.
Total calendar time for a typical small SaaS: one to two weeks of part-time effort, with the database itself being an afternoon and the auth rewiring the balance. The sequencing above is what keeps every step individually reversible.
Finally, calibrate urgency honestly: if Supabase is working and the bill fits, 'alternatives research' is optionality-building, not a project - take the export for insurance and revisit quarterly. The forcing functions that make it a project are concrete: a pricing change that reprices your tier, hitting platform limits that paid plans don't lift, or auth coupling blocking a feature. Until one arrives, knowledge of the exits is worth more than using them.
Supabase's genius was bundling; your migration's success comes from unbundling. Replace the piece that hurts, keep what works, and let standard Postgres be the door that makes it all possible.
Frequently asked questions
Why do teams leave Supabase?
Three recurring reasons: they only use the database and don't want to carry the platform around it; costs or limits stopped matching usage as they scaled; or they hit coupling - auth, RLS-via-JWT, and client SDKs woven through the codebase made the platform harder to reason about than the pieces would be separately.
What's the easiest part of Supabase to migrate away?
The database, by far - it's standard PostgreSQL, so pg_dump moves it anywhere. Auth is the hardest (user credentials, sessions, and RLS policies referencing auth.uid() all need rewiring). Storage is in between: objects move mechanically, application URLs need updating.
Is self-hosting Supabase a real alternative?
It's real but underestimated: the stack is a dozen coordinated services (Postgres, GoTrue, PostgREST, Realtime, Storage, Kong...), and you inherit upgrades and incident response for all of them. Choose it for data-sovereignty requirements or genuine ops capacity - not as a cost dodge.
Do I have to replace everything at once?
No, and you usually shouldn't. The pieces decouple: many teams move the database first (or the auth first) and run hybrid for months. Decomposing the migration turns a scary platform switch into a sequence of boring, reversible steps.