Supabase Row Level Security
Postgres feature, exposed in Supabase, that enforces per-row access rules so the database itself decides who can see or modify each row.
In detail
Row Level Security (RLS) is a Postgres feature that lets you write policies controlling which rows a user can SELECT, INSERT, UPDATE or DELETE. In Supabase, RLS is the primary defence layer because the public anon key is exposed in the browser. Without RLS, anyone with the anon key can read or write any table. With RLS enabled and policies written, the database enforces the rules regardless of how the request arrived. Supabase ships RLS disabled by default on new tables, which is the most common cause of security failures in Lovable, Bolt and other Supabase-backed AI-built apps.
Why it matters for Australian business
If your Australian SMB app is built on Supabase, the question "is RLS enabled on every table" is the single most important security check. The OAIC's Notifiable Data Breaches reports list misconfigured access controls among the leading causes of breaches. RLS is how Supabase apps avoid being on that list.