All docs
Reference
Data model
The Supabase tables that back LaunchRoom and how they relate.
Overview
All app data is stored in Postgres via Supabase. Every table has Row-Level Security policies — see /docs/security-notes. Tables are scoped by organization_id or launch_id via the security-definer functions is_org_member and user_can_access_launch.
Identity and workspace
| Column | Type | Notes |
|---|---|---|
| profiles | user-scoped | Display name, avatar, onboarding flag. One row per auth user. |
| organizations | owner-scoped | Workspace. Owned by a single auth user via owner_id. |
| organization_members | membership | Links users to organizations with a role. |
Launches
| Column | Type | Notes |
|---|---|---|
| launches | org-scoped | Name, product, audience, goal, date, status, readiness. |
| launch_blueprints | launch-scoped | Strategic spine: summary, audience, goal, channels, metrics, risks. |
| launch_tasks | launch-scoped | Title, description, owner, due date, status, priority. |
| launch_assets | launch-scoped | Name, type, owner, due date, status, file URL. |
| message_blocks | launch-scoped | Title, type, audience, content, status (draft/review/approved). |
| outreach_contacts | launch-scoped | Name, type, channel, status, follow-up date, notes. |
| launch_timeline_events | launch-scoped | Title, phase, date, time, owner, status. |
| launch_feedback | launch-scoped | Signals: source, category, sentiment, content. |
| launch_debriefs | launch-scoped | Summary, what worked, what underperformed, themes, next actions. |
Platform
| Column | Type | Notes |
|---|---|---|
| activity_logs | org-scoped | Audit trail. Insert-only by members; no update/delete. |
| notification_settings | user-scoped | Per-user product/launch notification toggles. |
| email_preferences | user-scoped | Marketing/product/educational opt-ins; preference_token for unauthenticated changes. |
| consent_records | user or anon | Append-only consent audit. Insert by anyone, select only by the owning user. |
| email_suppressions | system | Suppression list. No client RLS access; managed by server functions. |
| unsubscribe_tokens | system | Hashed tokens for unsubscribe links. No client access. |
| contact_messages | public insert | Inbound contact form. Insert-only from anon/authenticated. |
| email_events | system | Provider webhook events. No client access. |