Skip to content
Free tool · no login

Is your Supabase project leaking data?

Paste your project URL and see exactly what an anonymous visitor can read right now — anon-readable tables, exposed PII, and a security score. Stateless: nothing is stored.

The anon key is public by design — it already ships in your app's client bundle. We use it in-flight and never store your URL, key, or results. Hosted *.supabase.co projects only.

One scan finds it. An account keeps watching.

Continuous re-scans, one-click quarantine, and Slack alerts when a new table gets exposed.