# OhMyPolicy > Free Supabase RLS security scanner. Detects exposed tables and missing Row Level Security policies in about ten seconds, then generates ready-to-run Fix SQL with a Supabase SQL Editor deeplink. OhMyPolicy is a developer security tool built on Cloudflare Workers. It performs real HTTP probes against a Supabase project to verify exactly which tables and storage buckets are accessible with the public anon key. Today the scanner targets Supabase only; Firebase Security Rules, Clerk permissions, and general PostgreSQL RLS validation are on the 2026 roadmap. OhMyPolicy is the master brand — Supabase is the first wedge, not the final scope. ## Core pages - [Home / Scanner (English)](https://ohmypolicy.com/): Paste a Supabase project URL plus service_role and anon keys to get a 10-second RLS audit and Fix SQL. - [Home / Scanner (Korean)](https://ohmypolicy.com/ko): Same scanner, Korean copy. - [Scanner roadmap](https://ohmypolicy.com/docs/scanner-roadmap): What is supported today (Supabase RLS, Storage policy) and what is coming (Firebase, Clerk, general Postgres). ## How the scanner works 1. The scanner fetches your project's OpenAPI schema using the service_role key, in-memory only. 2. For every public table it issues real HTTP requests with the anon key to verify READ and WRITE exposure. 3. Storage buckets are probed for unauthenticated public access. 4. A Fix SQL block plus a Supabase SQL Editor deeplink is generated for every unprotected table. 5. The report is stored under a random token for 72 hours and never contains credentials. ## Pricing Free. No signup. No account. No data stored beyond the tokenized scan result (72-hour TTL). ## Brand and trust notes - API keys are never logged or persisted. They live only in the Worker request memory for the duration of the scan. - Scan reports contain table names, exposure flags, Fix SQL, and a Mermaid ERD — no credentials. - OhMyPolicy is independent and is not affiliated with Supabase. Supabase trademarks belong to Supabase Inc. ## Optional - [llms-full.txt](https://ohmypolicy.com/llms-full.txt): Long-form version with FAQ and step-by-step instructions.