> ## Documentation Index
> Fetch the complete documentation index at: https://docs.openbunny.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Database

> Supabase PostgreSQL schema with Row Level Security.

The cloud uses Supabase PostgreSQL with Row Level Security (RLS) policies to enforce data isolation between teams.

## Schema

### Core tables

| Table          | Description                                  |
| -------------- | -------------------------------------------- |
| `users`        | Synced from `auth.users`                     |
| `teams`        | Team records                                 |
| `team_members` | Membership with roles (owner, admin, member) |
| `api_tokens`   | Hashed API tokens with team scope            |

### Data tables

| Table             | Description                                     |
| ----------------- | ----------------------------------------------- |
| `tasks`           | Team-scoped tasks with status, priority, labels |
| `task_comments`   | Comments with author and body                   |
| `contacts`        | Team-scoped contact profiles                    |
| `contact_changes` | Contact update audit trail                      |

### Email tables

| Table                | Description                    |
| -------------------- | ------------------------------ |
| `email_oauth_tokens` | Gmail OAuth tokens per team    |
| `email_watches`      | Gmail Watch subscription state |

### Notification tables

| Table                      | Description                            |
| -------------------------- | -------------------------------------- |
| `device_tokens`            | Push notification device registrations |
| `notification_preferences` | Per-user notification settings         |
| `notification_log`         | Push delivery audit                    |

### System tables

| Table              | Description                         |
| ------------------ | ----------------------------------- |
| `event_queue`      | SSE event buffer (cloud to service) |
| `reminder_actions` | Reminder engine audit log           |

## Row Level Security

Every data table has RLS policies that check team membership:

* Users can only read and write data for teams they belong to
* API tokens are scoped to a specific team via the `X-Team-Id` header
* Policies use `auth.uid()` for web sessions and the verified token's team for API access

## Migrations

Database migrations are in `supabase/migrations/` (files 001 through 018). Run them with the Supabase CLI:

```bash theme={null}
supabase db push
```
