Raising more money, but can't reply to vital support/security inquiries?
Like the final request of mine below, asking them to save their own resources, because someone was spinning up fake trials or something using my company's domain:
"Please cancel these signups, they're fraud." Hide quoted text
---------- Forwarded message --------- From: Supabase Auth <[email protected]> Date: Sat, Jul 12, 2025, 5:15 PM Subject: Confirm Your Signup To: <employee@***.com>
Confirm your signup Follow this link to confirm your user:
Confirm your mail
You're receiving this email because you signed up for an application powered by Supabase Opt out of these emails Hi there,
Thanks for reaching out to us. We have received your support request and your ticket id is SU-223879
Free plan will receive no guaranteed support response - we try to respond to outage related issues asap however Pro and Enterprise tickets take priority. Upgrade here.
For non-outage related issues, Free plan users are encouraged to ask their questions inside our GitHub Discussions https://github.com/supabase/supabase/discussions.
The Supabase Team.
Me: This is a pretty bad smell for this to still be unanswered and ongoing.
Your "Opt-Out" link remains broken - how is anyone supposed to get in touch with you?!
2-3 months go by: Hey,
For security reasons, we’re not able to process requests submitted by email. Please resubmit your request through the Support Portal so we can verify project ownership.
If your request falls into one of these categories, here’s how to proceed: If your issue is related to login access and this ticket was closed in error, just reply to this email and we’ll reopen it For account deletion, you can remove your account directly in your Supabase dashboard For the latest DPA, visit the Legal Documents page To report a security issue, please submit it through our HackerOne program
Thanks for your understanding, Supabase Support Team Website • Docs • Community • Twitter • Status Sent from Front
"Wow...I'm not a customer.
Months later, this is still unresolved?"
csomara month ago
They are squeezing the free tier hard to monetize. It never made sense in the first place (they don't have their own servers, they host on AWS). It probably cost them something like $10-15/free customer. That's as bad or worst than many of the AI startup burning money to acquire customers. Also the free tier is good for most people, so why pay up?
I got my DB paused a few times despite it being active (the irony is that I have an inactive DB that was not affected).
ibejoeba month ago
Here's how I'm interpreting this:
1. your company owns example.com
2. someone signs up to supabase with [email protected]
3. you receive the confirmation email somehow (which probably isn't important)
a. either the email address is valid,
b. it is delivered some catch-all mailbox
4. you email supabase support notifying them that someone is signing up with an address that your company controls
DANmodeopa month ago
It really depends what's being done with their services during the trial period by someone claiming to be example.com!
(I have no way to know what's possible, or what the spoof accounts are doing - I've never registered with them! Just trying to give a courtesy heads up so they can take a look at bad actors on their platform...)
ibejoeba month ago
You can't use the services until you confirm the account via email. When you sign up, you provide and email address, and the you're presented with this:
"You've successfully signed up. Please check your email to confirm your account before signing in to the Supabase dashboard. The confirmation link expires in 10 minutes."
If you attempt to sign in before verifying, you'll see:
"Account has not been verified, please check the link sent to your email"
So nothing is going to happen. This is probably a bot probing for accounts. The system is operating as intended. No cause for concern.
----
One more bit: when you receive the initial account email, you'll find a note at the bottom confirming the intention:
"If you didn't request for this, you can safely ignore this email."
DANmodeopa month ago
Familiar with botting etc - no, there was NOT a message saying it was safe to ignore it if I didn’t request it.
The Opt out of these emails link was the end of their email.
Unless they’ve changed this since this ordeal began for me on July 12th, this is still a problem.
ibejoeba month ago
We must be talking about different things, then.
They're active on discord, so maybe bring it up there: https://discord.com/invite/AYybku5cUz
gelfundea month ago
I would differentiate between a bad customer service, that answers too late and doesn’t think outside the box versus their product. As a customer I am actually pretty happy with what I’m getting, but apparently this will only remain true as long as I don’t need to contact anyone. I guess they think they don’t need good customer support if the product is good enough for no one to complain.
AznHisokaa month ago
They also never mailed me free t-shirt for completing their State of Startups survey a few months back
kiwicopple23 days ago
let me follow up with the team to find out what happened here
DANmodeopa month ago
I want to underline the fact that I am not a client, nor has my firm ever registered with them, so this is a security/fraud correspondence...not customer service.
Emails to support@, info@ etc multiple TLDs, all ignored for months...
kiwicopple23 days ago
hey DANmode - supabase ceo here. similar to the sibling thread I want to make sure I know what happened here:
1. someone created an website using supabase with email logins (and possibly edited the template / opt-out link)
2. someone signed you up to that service - you received an email from that app
3. you sent us an email (to [email protected] or similar) to report abuse
4. we emailed a few months later with the generic email you posted
I'm be the first to acknowledge that this is something we want to improve. Unfortunately that will take time and iterations - you are experiencing our support (i hope) at it's worst. We sent an email to the backlog of unanswered free-plan emails just to acknowledge and redirect them somewhere we can offer more support
For security/fraud, we have a slightly different process: https://supabase.com/.well-known/security.txt
This process is to ensure that we _don't_ miss emails, like we did with yours.
You post here is helpful for us to figure out the areas that we need to improve. Again, I'm sorry that we didn't give you a good impression the first time - all we can do is iterate based on feedback like yours. If you want to share more my email is in my profile
DANmodeop22 days ago
I believe the biggest issue is that the ONLY lever the email gave the user to pull (the Opt-Out of these emails link) was broken. (FYI: It's working now.)
I still don't even know if that does what I think it does (it sounds like marketing list opt-out).
/ /
How is a user, who has been signed up for your services without their knowledge, meant to "opt out" of the trial, or account, after the point of receiving the email,
if they never even initiated the account on your end?
lucasknighta month ago
supabase supabase supabase
@kiwicopple - given you have keyword notifications set up on here [0], between this and your current AWS situation, this is not a good look
kiwicopple23 days ago
thanks for the tag lucasknight - i'll respond inline to OP about their email situation
> your current AWS situation
I think the assessment here is accurate:
https://x.com/theo/status/1979271205279666586
> Looked into this a bit. I don’t think “downtime” is a fair way to report on this. No existing databases are affected. Amazon is literally out of boxes in eu-west-2, so Supabase can’t provision NEW DBs in that one specific region
I want to own the fact that we can be multi-cloud, and that we can work with AWS on their capacity planning (note: this is not a typical request for an increase on a soft limit). We are working through both of these options. That said, the Reddit poster classifying this as days of downtime is not entirely fair, and it makes it harder to for us to over communicate with our community. Throughout this period we had days where there was free of capacity on AWS and we chose to leave the status up until we have finalized our conversations with AWS.
I also want to acknowledge that there is a broader AWS issue today in us-east-1 which affects us (and most other companies today) that is unrelated
DANmodeopa month ago
...what's the AWS situation?
cadamsdotcoma month ago
Sympathy to you for these woes.
While this sucks, your best bet is to vote with your wallet, find a way to act as though they don't exist, and leave them to their own devices.
DANmodeopa month ago
I mean, I was already doing that!
I'm not a client, no relationship with them.
patricktttt4a month ago
Nobody is going to see this. They are a Y Combinator and claim to have Hacker News locked down.
DANmodeopa month ago
Plenty "saw it". Really only needed one person to see it...
They claim that? Where?
[deleted]a month agocollapsed
dontdoxxmea month ago
The sad fact is investors don’t care about abuse. Provided the company aren’t deliberately faking customers there is no incentive to spend any resources on a free trial other than looking for customers to convert.