Secured by the database.
Not by middleware.
Authorization in Rebase is Postgres row-level security, enforced by the database itself — and it fails closed: a table without RLS is refused, never leaked. Self-hosted, open-source, and your data never touches our servers.
Security Principles
Three pillars that define how Rebase handles your data.
Your Data Stays Put
Rebase connects to your PostgreSQL database. Your data never leaves your infrastructure — it's your server, your database, your rules.
Database-Level Enforcement
Row-Level Security policies, role-based access control, and JWT authentication — defined in code, enforced by PostgreSQL.
Fully Auditable
The Rebase server is open-source under the MIT license. Audit the code, inspect every query, verify every permission check. No black boxes.
Your Data, Your Infrastructure
Unlike SaaS platforms that ingest and control your data, Rebase connects directly to your own PostgreSQL database.
No Data Migration Required
Rebase introspects and adapts to your existing schema.
Zero Vendor Lock-in
Stop using Rebase anytime — your data stays exactly where it is.
Direct Infrastructure Access
Full control over your PostgreSQL database, backups, and infrastructure.
Row-Level Security
Define who can read, create, update, and delete each row — enforced directly by PostgreSQL. Policies are written as code in your schema, version-controlled, and applied via migrations. No middleware, no ORM hacks. And it fails closed: a table without RLS has no authorization model, so Rebase refuses to serve it — and prints the exact SQL to protect it at boot. There is no auth check to forget.
Role-Based Access Control
Define roles in your schema — admin, editor, viewer, or any custom role you need. Each role gets granular permissions per collection.
Per-collection permissions — SELECT, INSERT, UPDATE, DELETE per role per collection.
RLS integration — Policies can reference the current user's role for row-level filtering.
JWT authentication — Stateless token-based auth with configurable expiry and refresh.
Deploy on Your Terms
Run Rebase wherever you want. No proprietary cloud required.
Your Database
Run PostgreSQL anywhere — AWS RDS, Supabase, Neon, a VPS, or your own hardware. Rebase connects to it; you own it.
Your Server
Deploy the Rebase backend as a Node.js process or Docker container. Railway, Render, Fly.io, or bare metal — your call.
Your Rules
Auth, RLS policies, and API permissions live in your codebase. Review them in PRs, version them in Git, enforce them in CI.
Designed for Compliance
Because your data stays in your own database, compliance with GDPR, CCPA, and other privacy regulations is simpler by design.
You Are the Data Controller
You maintain direct control and legal responsibility for your end-user data. No third-party processor involved.
Direct Data Access
Fulfill access and deletion requests directly from your database — no support tickets, no waiting on a vendor.
Data Residency Control
Choose your PostgreSQL deployment region to meet residency requirements. EU, US, or anywhere else — your choice.
Ready to Give It a Try?
Use Rebase to keep your data sovereign while delivering powerful content management.