Backend Platform

The backend you keep rebuilding.
Already done.

Your next enterprise customer wants SSO. Then RBAC. Then OAuth2. Your database host doesn't ship those — so you bolt on Auth0, write a permissions layer, wire up a gateway, add a flag service. Four invoices, weekends lost to glue code. ^ never again

Start free — 14 days Try the Demo Self-host it (open source)

The core engine is open source. Clone it, run the whole stack on your laptop, make it yours. Not into running infra? That's what the hosted Cloud is for.

Last quarter you shipped auth. This quarter it's permissions. Next quarter you'll need OAuth2.
When do you ship your actual product?

SQL Workbench
emailorders
alice@acme.co147
bob@startup.io89
carol@design.co63
3 rows · 2.1ms · pgvector + FTS enabled
Postgres with a built-in workbench. Monaco editor, ERD diagrams, branching, pgvector, full-text search — the database experience Supabase charges extra for.
Authentication
Aalice@acme.coactiveMFA
Bbob@startup.ioactiveSSO
Ccarol@design.coinvited
Ddave@agency.devactivePasskey
2,847MAU
99.8%uptime
18providers
SSO, MFA, passkeys — on every plan. Ory Kratos under the hood. Social login, magic links, recovery codes, session management. No Auth0 bill.
Permissions Check
Can bob edit Project:acme-app? ✓ Allowed
Organization:acme
  └ member: bob
    Project:acme-app
    └ parent: Organization:acme
      → bob inherits editor via org membership
Google Zanzibar-style permissions. Relation-based access control (ReBAC) with Ory Keto. Define once, check everywhere — no custom middleware.
OAuth2 Clients
Mobile Appauthorization_codehttps://app.example.com/cb
Internal CLIclient_credentials
SPA FrontendPKCEhttps://spa.example.com/auth
Client Secret: ••••••••••••
Be the identity provider. Issue OAuth2 tokens, manage client apps, PKCE flows. Powered by Ory Hydra.
API Gateway
/api/users/*jwt_auth100 req/s
/api/public/*anonymous500 req/s
/api/admin/*oauth2_introspection50 req/s
/webhooks/*hmac_signed200 req/s
Zero-trust API gateway. Route-level auth, rate limiting, header injection. Powered by Ory Oathkeeper.
Storage Browser
📁 avatars/24 files
📁 uploads/156 files
📄 hero-banner.webp2.4 MB
📄 logo.svg4 KB
Uploading report.pdf — 78%
S3-compatible storage with a visual browser. MinIO under the hood. Presigned URLs, CORS, bucket policies, drag-and-drop uploads.
Realtime Events
ordersINSERTjust now
usersUPDATE2s ago
reviewsINSERT5s ago
sessionsDELETE8s ago
WebSocket connected · 4 subscriptions active
Live database changes over WebSocket. Subscribe to any table. INSERT, UPDATE, DELETE events streamed in real time. No polling.
Webhook Deliveries
ordersINSERT20048ms
usersUPDATE20092ms
paymentsINSERT5003.2s
sessionsDELETE20031ms
4 deliveries · 1 retry pending · HMAC-SHA256 signed
HTTP callbacks on row changes. HMAC-signed, auto-retry, delivery logs. Your free Zapier.
Full-Text Search
SELECT * FROM products WHERE tsv @@ plainto_tsquery('wireless headphones')
Sony WH-1000XM5
Premium wireless headphones with industry-leading noise cancellation...
rank: 0.0891
AirPods Max
Over-ear wireless headphones with spatial audio and adaptive EQ...
rank: 0.0734
Bose QuietComfort Ultra
Premium wireless noise-cancelling headphones with immersive audio...
rank: 0.0612
Full-text search built into Postgres. tsvector indexing, weighted ranking, headline highlights. No Algolia needed.
Vector Search
query: embed('How to deploy a Node.js app') → [0.021, -0.183, 0.447, ...]
Deploying Node.js to production with Docker0.089
CI/CD pipelines for Node.js applications0.142
Scaling Express.js with PM2 and NGINX0.217
3 results · HNSW index · cosine distance · 1.3ms
pgvector for AI/RAG. HNSW indexes, similarity search, embedding storage. Your vector DB is your database.
Database Branches
mainprimary · 2.4 GB
stagingsynced 2m ago
feature/new-checkout+3 migrations
preview/pr-847expires in 6h
Neon-style database branching. Instant copy-on-write dev databases. Auto-expire. Merge when ready.
Backups & PITR
2026-03-27 03:00 UTC1.8 GBcomplete
2026-03-26 03:00 UTC1.7 GBcomplete
2026-03-25 03:00 UTC1.6 GBcomplete
in progress...running
Daily snapshots · 90-day retention · PITR to any second
Automated backups with point-in-time recovery. Daily snapshots, 7-90 day retention. One-click restore.
Feature Flags
new-checkout100%
dark-mode-v245%
pricing-experiment0%
ai-suggestions10%
production staging preview
Ship without fear. Boolean, string, and number flags with percentage rollouts. Per-environment overrides. Powered by CNCF flagd.
Comparison

The gaps you're patching with glue code.

Feature for feature, no asterisks. Every missing dot is a weekend you'll spend wiring it yourself. check the receipts
Truss
Complete
  • Postgres database
  • Auth (SSO, SAML, MFA, passwordless)
  • Fine-grained permissions (ReBAC)
  • OAuth2 / OIDC provider
  • API Gateway
  • S3-compatible storage
  • Realtime + HMAC webhooks
  • Vector + full-text search
  • Database branching
  • Backups + PITR
  • Feature flags + A/B testing
Supabase
Partial
  • Postgres database
  • Auth (MFA, social login)
  • Fine-grained permissions
  • OAuth2 / OIDC provider
  • API Gateway
  • S3-compatible storage
  • Realtime + webhooks
  • Vector + full-text search
  • Database branching
  • Backups + PITR
  • Feature flags
Appwrite
Gaps
  • Postgres database
  • Auth (social, MFA)
  • Fine-grained permissions
  • OAuth2 / OIDC provider
  • API Gateway
  • S3-compatible storage
  • Realtime + webhooks
  • Vector + full-text search
  • Database branching
  • Backups + PITR
  • Feature flags
Firebase
Gaps
  • Postgres database
  • Auth (SSO via Identity Platform)
  • Fine-grained permissions
  • OAuth2 / OIDC provider
  • API Gateway
  • Cloud Storage (GCS, not S3)
  • Realtime + Cloud Functions
  • Vector + full-text search
  • Database branching
  • Backups + PITR
  • Remote Config (basic flags)

Truss doesn't abstract these tools away. It wires them together — Postgres, Ory, MinIO — so you get the full power of each without the integration tax.

One dashboard. One API. One invoice. Standard protocols all the way down.

Pricing

One price, everything included.

Auth, permissions, OAuth2, gateway, storage — every plan. You only pay more when you need more capacity.

Full platform on every plan ^ even the $9 one
Starter
$9 /mo
For side projects
  • 1 project
  • 1 GB database
  • 2 GB storage
  • 2K MAU
  • 5 GB bandwidth
  • 100 req/min
Daily backups (7d retention)
Join Waitlist
Popular
Pro
$29 /mo
For growing apps
  • 5 projects
  • 15 GB database
  • 150 GB storage
  • 100K MAU
  • 100 GB bandwidth
  • 1K req/min
5 branches + daily backups (14d retention)
Join Waitlist
Team
$89 /mo
For teams (5 seats, +$15/seat)
  • 25 projects
  • 100 GB database
  • 500 GB storage
  • 500K MAU
  • 500 GB bandwidth
  • 5K req/min
20 branches + PITR backups (30d)
Join Waitlist
Business
$299 /mo
For scale (10 seats, +$15/seat)
  • projects
  • 500 GB database
  • 2 TB storage
  • 2M MAU
  • 5 TB bandwidth
  • 50K req/min
∞ branches + PITR (90d) + SLA
Join Waitlist

Need more of one thing? Booster packs — no forced tier upgrade.
+5 GB database $5/mo · +10 GB storage $5/mo · +5K MAU $5/mo · +20 GB bandwidth $5/mo · +3 branches $3/mo

napkin math
to match Truss Pro
Supabase Pro $25
Auth0 for SSO/SAML $35+
LaunchDarkly flags $12+
ReBAC permissions build it yourself
OAuth2/OIDC issuer build it yourself
API gateway build it yourself
Total $72+/mo + DIY
vs
Truss Pro
Postgres + workbench
Auth + SSO/SAML
OAuth2 / OIDC provider
ReBAC permissions
API gateway
Feature flags + A/B
Storage + realtime + PITR
Total $29/mo flat
↖ same platform, one bill
Questions

Straight answers

How is Truss different from Supabase?

Supabase covers database, auth, storage, and realtime well — it's a solid platform. Where it stops: SSO/SAML enterprise auth, fine-grained permissions (ReBAC), an OAuth2/OIDC provider you can issue tokens from, a configurable API gateway, and feature flags. To get those, you'd bolt on Auth0 ($35+/mo), build custom permissions, wire up a separate gateway, and add LaunchDarkly ($12+/mo). Truss ships all of it on every plan, starting at $9/mo.

Is Truss an alternative to Firebase?

Yes. Truss replaces Firebase Auth, Firestore, Cloud Storage, and Cloud Functions with PostgreSQL, Ory Kratos for auth, and MinIO for S3-compatible storage. Unlike Firebase, Truss uses standard Postgres — no vendor lock-in, no proprietary query language, pg_dump always works.

What database does Truss use?

PostgreSQL — with pgvector for vector/embedding similarity search, built-in full-text search with weighted ranking, database branching (Neon-style instant dev copies), point-in-time recovery, and a web-based SQL workbench with Monaco editor, query history, and ERD visualizer.

Does Truss replace Neon?

Truss includes Neon-style database branching — instant copy-on-write dev databases that auto-expire. Combined with a SQL workbench, schema visualizer, backups, and PITR, it covers the Postgres developer experience Neon provides, plus auth, permissions, storage, and everything else in one platform.

How do I migrate from Supabase or Firebase?

Truss runs standard PostgreSQL — pg_dump and pg_restore work out of the box. Auth uses Ory Kratos with standard identity schemas, so you can import users via the admin API. Storage is S3-compatible (MinIO) — any S3 SDK or CLI works. No proprietary formats, no lock-in, no migration tax.

Is there a free trial?

Yes — every new account gets a 14-day free trial with full access to all features. No credit card required. You get the complete platform from day one: Postgres, auth, permissions, OAuth2, storage, flags, realtime, webhooks. At the end of the trial you pick a plan or your account automatically downgrades to the Starter tier. Starter keeps your data and access — it just applies resource limits.

Ship products, not infrastructure.

Start free — full platform access for 14 days. No credit card required.

Start free trial

Already have an account? Sign in