How to Migrate Lovable Cloud to Supabase

Log into your Lovable Cloud dashboard and document every table, its columns, data types, and relationships (foreign keys).

Identify which tables use JSONB fields, arrays, or custom types — these need special handling when moving to PostgreSQL.

List all authentication providers currently active (email/password, Google, GitHub, Apple, magic links).

Document your file storage: count the number of files, total size, and note which database columns reference storage URLs.

Record any API endpoints, webhooks, or serverless functions your frontend depends on.

Check your current monthly costs on Lovable Cloud — you will compare this with Supabase pricing later.

Go to supabase.com and create a new project. Choose the region closest to your user base (e.g., US East for North America, Frankfurt for Europe).

Save your project URL, anon key, and service_role key — you will need these for your frontend and migration scripts.

Enable the authentication providers that match your Lovable setup (email, Google OAuth, GitHub, etc.).

Configure your OAuth redirect URLs to point to your application domain.

Set up your database password and enable the pg_net and pg_cron extensions if you need webhooks or scheduled jobs.

Since Lovable Cloud does not offer a standard pg_dump, you need to use API-level data extraction. Use the Lovable API to pull all records from each table.

Write extraction scripts that paginate through large tables to avoid timeouts. Process tables in dependency order (parent tables first, then child tables with foreign keys).

Transform the extracted JSON data into PostgreSQL-compatible INSERT statements. Pay special attention to: UUID formats, timestamp timezone handling (use timestamptz), JSONB field encoding, and array types.

Validate the export by comparing row counts between Lovable and your SQL dump. Every single record must be accounted for.

Store the SQL dump securely — use encrypted storage and never commit database dumps to version control.

Create your tables in Supabase using the SQL editor or the Table Editor UI. Define proper column types: use uuid for IDs, timestamptz for dates, text for strings, and jsonb for nested data.

Add all foreign key constraints to maintain referential integrity. Supabase enforces these at the database level, which is stronger than application-level checks.

Create indexes on columns you frequently query or filter by. At minimum, index all foreign key columns and any column used in WHERE clauses.

Set up database triggers for any automated logic (e.g., updating an updated_at timestamp, sending notifications on insert).

Consider schema optimizations: normalize overly nested JSONB into proper relational tables, add check constraints for data validation, and use enums for status fields.

Import tables in the correct order: start with tables that have no foreign key dependencies, then move to child tables.

Use the Supabase SQL editor or psql CLI to run your INSERT statements. For large datasets (100k+ rows), use COPY commands or batch inserts for better performance.

After each table import, verify: row counts match the export, foreign key relationships are intact, JSONB fields are queryable, and date/time values are correct.

Run a full data integrity check: query for orphaned records (child rows without parents), null values in required columns, and duplicate primary keys.

If any discrepancies are found, re-export the affected tables from Lovable and re-import. Do not proceed until data integrity is 100%.

Export user records from Lovable including: user IDs, email addresses, password hashes (bcrypt format), creation dates, and linked social provider IDs.

Import users into Supabase's auth.users table using the Supabase Admin API or direct SQL inserts into the auth schema. Preserve the original password hashes so users can log in with their existing passwords.

For social login users (Google, GitHub, Apple): update your OAuth app settings in each provider's developer console to add your Supabase project's callback URL.

Map Lovable user IDs to Supabase user IDs. Update all foreign key references in your data tables to point to the new auth user IDs.

Test authentication flows: sign up, sign in with email, sign in with each social provider, password reset, and magic link login. Every flow must work before proceeding.

Enable RLS on every table that contains user data. In Supabase, go to each table → RLS → Enable.

Write SELECT policies: for user-owned data, use 'auth.uid() = user_id' to ensure users can only read their own records. For public data (like blog posts), create a policy that allows all authenticated or anonymous reads.

Write INSERT policies: ensure users can only create records where the user_id matches their authenticated identity.

Write UPDATE and DELETE policies: restrict modifications to record owners only. For admin operations, create separate policies that check for admin role claims in the JWT.

Test every policy thoroughly: try accessing another user's data via the API — it must return empty results, not an error. This confirms RLS is working correctly.

Download all files from your Lovable Cloud storage buckets. Maintain the original directory structure and file names.

Create matching storage buckets in Supabase: set public buckets for user-facing assets (profile pictures, product images) and private buckets for sensitive files (invoices, documents).

Upload files to Supabase Storage using the SDK or CLI. For large file sets, use batch upload scripts with retry logic.

Run a URL re-mapping script: find every old Lovable storage URL in your database and replace it with the new Supabase CDN URL. This ensures no broken images or file links.

Set up RLS policies on storage buckets to control who can upload, download, and delete files.

Install the Supabase client library: npm install @supabase/supabase-js. Initialize it with your project URL and anon key.

Replace all Lovable SDK calls with Supabase equivalents. The query syntax is similar: supabase.from('table').select('*').eq('column', value).

Update authentication code: replace Lovable auth methods with supabase.auth.signIn(), supabase.auth.signUp(), and supabase.auth.signOut().

If you use real-time features, set up Supabase Realtime subscriptions: supabase.channel('table').on('postgres_changes', ...).subscribe().

Generate TypeScript types from your Supabase schema using the CLI: npx supabase gen types typescript. This gives you full type safety across your frontend.

Update all file upload/download code to use Supabase Storage SDK methods.

Deploy your updated frontend to a staging URL pointed at the Supabase backend. Test every user flow: registration, login, data CRUD, file uploads, real-time updates.

Run automated tests if you have them. If not, create a manual test checklist covering all critical paths.

Perform a final data comparison: spot-check 50+ records across different tables to confirm they match the original Lovable data.

For zero-downtime migration: set up a blue-green deployment. Keep Lovable running while Supabase handles a percentage of traffic. Gradually increase to 100%.

Once validated, update your DNS or frontend environment variables to point to Supabase permanently. Monitor error rates and performance for the first 48 hours.

Keep your Lovable Cloud account active for 30 days as a safety net. Only decommission after confirming everything runs smoothly on Supabase.