Nhost

What Is Nhost?

Building a modern web or mobile application without a dedicated backend team creates a familiar problem: you need authentication, a database, file storage, and server-side logic — and you need them working together without spending weeks on infrastructure setup. Firebase solved this problem, but its data leaves your control the moment you write the first document. Supabase improved on that, but its default infrastructure is US-hosted. For European developers who need GDPR compliance without fighting for it, neither option is ideal.

Nhost was built specifically to address this gap. Founded in Stockholm in 2019 by Johan Eliasson and Nuno Pato, Nhost offers a backend-as-a-service platform that combines PostgreSQL, Hasura GraphQL, authentication, file storage, and serverless functions into a single, coherent developer experience — all hosted in EU data centres by default.

The technical stack is opinionated in a useful way. Rather than building proprietary services from scratch, Nhost assembles best-in-class open-source components: PostgreSQL for the database, Hasura for instant GraphQL APIs, and an open-source authentication service modelled on best practices. The result is a platform that does not lock you in: every piece of the stack is open-source, self-hostable via Docker Compose, and built on standards that predate Nhost itself.

For teams that need to ship a product quickly, keep data in Europe, and retain the option to self-host if the business case requires it, Nhost removes more friction than any comparable service built outside the EU.

Key Features

PostgreSQL Database with Instant GraphQL

The Nhost database is PostgreSQL — not a Firebase-style document store, not a proprietary managed database. This means your data sits in proper tables with foreign keys, indexes, and transactions. Hasura connects directly to PostgreSQL and generates a full GraphQL API from your schema: queries, mutations, and subscriptions, without writing a single resolver.

Row-level security is handled through Hasura's permission system. You define rules — "users can only read rows where user_id equals the authenticated user's ID" — and Hasura enforces them at the query level. This replaces the Firestore security rules model with something more explicit and auditable.

Real-time subscriptions work out of the box. Any GraphQL query can be converted to a subscription with a single keyword change, giving you live-updating data in frontend applications without building a WebSocket server.

Authentication

Nhost Auth handles email/password, magic links, SMS OTP, and OAuth providers (Google, GitHub, Apple, Discord, LinkedIn, and more). Enterprise teams can connect corporate identity providers via the WorkOS integration, enabling SSO and directory sync without building custom SAML/OIDC middleware.

User data lives in your PostgreSQL database. There is no third-party identity service holding your user records. This distinction matters for GDPR: the data processor relationship is straightforward, the data location is clear, and you can query user tables directly alongside your application data.

File Storage

Nhost Storage provides S3-compatible object storage with access rules defined using the same permission model as the database. A rule like "authenticated users can upload files up to 10 MB; only the uploading user can delete their own files" takes a few lines of configuration rather than a custom API endpoint.

Storage integrates with the GraphQL layer: file metadata (filename, size, MIME type, uploader) is stored in a PostgreSQL table and queryable via GraphQL like any other data.

Serverless Functions

Nhost Functions let you deploy custom backend logic in JavaScript or TypeScript without managing a separate server. Functions handle tasks that fall outside the GraphQL model — payment webhooks, email sending via third-party providers, complex business logic, scheduled jobs. They deploy automatically from your Git repository through the Nhost CLI.

The functions runtime is Node.js-based and familiar. If you have written Express.js middleware or Next.js API routes, Nhost functions will feel immediately recognisable.

Local Development with the Nhost CLI

The Nhost CLI starts the full stack locally — PostgreSQL, Hasura, auth, storage, and functions — in Docker containers. Local development matches production exactly. Schema migrations created locally apply to the production Nhost project with a single CLI command. This parity between local and production is the kind of developer experience detail that separates well-designed platforms from cobbled-together ones.

Self-Hosting

Because every component of Nhost is open-source, the entire platform can be self-hosted using the provided Docker Compose configuration. This is the escape hatch that distinguishes Nhost from proprietary BaaS platforms: if Nhost ever raised prices significantly, changed its terms, or shut down, you can migrate to self-hosted infrastructure without rewriting your application.

Pricing

Nhost's free Starter tier includes 1 GB of PostgreSQL database storage, 1 GB of file storage, and 5 GB of bandwidth. This is enough for genuine side projects and prototypes — not just trivial demo applications.

The Pro plan starts at $25 per month and adds dedicated database compute, daily backups, email support, and expanded resource limits. For an early-stage product with real users, $25/month for a fully managed PostgreSQL backend with auth, storage, and serverless functions is competitive against the cost of assembling equivalent infrastructure from separate services.

Enterprise and Team pricing is custom, covering larger resource limits, priority support, and SLA guarantees. The pricing model is relatively straightforward compared to Firebase's per-read/per-write charges, which can produce unexpected bills as applications scale.

One honest caveat: Nhost's pricing page does not always make resource limits explicit. Teams approaching the boundaries of the Pro tier should test carefully and contact support to understand exactly what the next tier costs.

EU Compliance & Privacy

Nhost's compliance story begins with geography: EU data centres by default, for all plans. There is no configuration required to keep data in Europe — it is the baseline, not a premium add-on.

Beyond location, Nhost's architecture supports GDPR compliance in concrete ways. User data lives in your PostgreSQL database, under your control, queryable and deletable without relying on third-party identity provider APIs. There is no US-headquartered parent company in the data processing chain when you use the managed service. The open-source codebase is auditable by your security team.

For teams that need complete data sovereignty, self-hosting eliminates external data flows entirely. The Nhost stack can run on any EU cloud provider — Hetzner, OVHcloud, Scaleway, Exoscale — entirely within infrastructure you control.

Nhost is headquartered in Sweden, an EU member state, and subject to GDPR as a data processor. Standard Contractual Clauses and Data Processing Agreements are available for compliance documentation.

Who It's Best For

Solo developers and small teams shipping web or mobile applications who need auth, database, and storage without hiring a backend engineer or stitching together five separate services.

Developers switching from Firebase who need GDPR compliance and want proper relational data modelling. The migration path from Firebase to PostgreSQL requires schema design work, but the developer experience remains similarly productive.

European startups that need EU data hosting from day one without fighting configuration options or paying a compliance premium.

Teams evaluating Supabase who prefer GraphQL over REST for their primary API layer. Both platforms are excellent; the choice often comes down to GraphQL versus REST preference.

Open-source advocates who want the ability to self-host as an insurance policy, even if they run on managed infrastructure day-to-day.

Nhost is less suitable for teams that need broad third-party integrations, REST-first APIs, or enterprise support with guaranteed SLAs. Its very small team size (~10 employees) is a genuine risk consideration for production deployments at scale.

The Verdict

Nhost makes a hard problem straightforward: get a production-quality, GDPR-friendly backend running in hours, on technology you actually own. The combination of PostgreSQL, Hasura, and EU-default hosting removes the usual trade-offs that force European developers toward US-hosted services. The open-source foundation means vendor lock-in is a reversible condition rather than a permanent one. The main risks — small team, limited enterprise support, smaller ecosystem than Supabase or Firebase — are real, but predictable. For early-stage projects and growth-stage startups that value data sovereignty and developer velocity equally, Nhost earns serious consideration.

Frequently Asked Questions

Is Nhost really open-source?

Yes. The full Nhost stack — including the Hasura integration, authentication service, storage service, and serverless functions runtime — is available on GitHub under an open-source licence. You can self-host the entire platform with a single Docker Compose file.

How does Nhost compare to Supabase?

Both are open-source BaaS platforms built on PostgreSQL. Nhost uses Hasura for GraphQL-first APIs, while Supabase uses PostgREST for REST APIs with optional GraphQL. Nhost is better suited to teams that prefer GraphQL; Supabase has a larger community and more integrations.

Where is Nhost data hosted?

Nhost hosts data in EU data centres by default. This makes it inherently GDPR-friendly for EU-based applications. You can also self-host Nhost on any infrastructure, including your own EU-based servers.

Can I migrate from Firebase to Nhost?

Yes, migration tooling exists for moving Firebase Auth users and Firestore data. The developer experience is similar — auth, storage, and backend logic in one platform — but the underlying data model shifts from NoSQL (Firebase) to relational (PostgreSQL), which requires schema design work.

What happens if Nhost shuts down?

Because Nhost is open-source and built on standard components (PostgreSQL, Hasura), you can migrate to a self-hosted deployment or another PostgreSQL-compatible service. There is no proprietary data format locking you in.