Skip to main content
When you sign in to Ezaalah, you might briefly notice your browser showing a web address like: https://frnvfebtyxmeihkmrryq.supabase.co That’s normal. It doesn’t mean the site is unsafe, and it doesn’t mean you’ve been redirected to a scam. It’s simply part of how Ezaalah’s sign-in is handled behind the scenes.

What that URL is

Ezaalah uses Supabase to manage authentication and user accounts. Supabase is a widely used platform that provides secure sign-in flows, session handling, and the backend services that make “Sign in with Google” work smoothly. The *.supabase.co domain you see is tied to Ezaalah’s Supabase project. During login, your browser may be redirected through this domain so Supabase can complete the authentication step and then send you back to Ezaalah as a signed-in user. If you’ve ever logged into another service and briefly seen Google’s domain during the process, this is the same idea: the authentication happens with a trusted provider, then you return to the app.

Why Ezaalah uses Google sign-in

Ezaalah supports Google sign-in because it’s fast, familiar, and reduces sign-in friction for many users (especially educators and schools). With Google sign-in, Google verifies your identity, and Supabase handles the secure “handshake” that turns that verification into a session in Ezaalah. If you’d rather not go through the Google/Supabase redirect flow, you can use email sign-in instead. Depending on what’s enabled for your account, that may mean email-only (for example, a sign-in link or code) or signing in with a username/email and password.

Is my information safe?

Yes. If you use Google sign-in, your Google password is handled by Google, not Ezaalah. Ezaalah never receives or stores your Google password. Supabase receives confirmation from Google that you successfully signed in, then passes your verified identity back to Ezaalah so we can create or resume your session. If you choose a password-based sign-in option, your password is still handled securely through our authentication provider (Supabase). Ezaalah does not store your password in plain text. Ezaalah does not read your emails, contacts, or files as part of sign-in. The goal of the flow is only to confirm “this is you,” then let you access your account.

What you should expect during login

Most sign-ins happen very quickly. A typical flow looks like this:
  1. You click Sign in with Google.
  2. Google confirms your account.
  3. Your browser briefly redirects through Supabase (*.supabase.co) to finish the secure sign-in step.
  4. You return to Ezaalah, signed in.
Depending on your browser and network, you may see that Supabase URL for a moment, or you may not notice it at all.

When you should be concerned

It’s worth stopping and reaching out to support if anything feels “off,” especially if:
  • You didn’t click Sign in with Google but got redirected anyway.
  • You were asked to enter your Google password somewhere that isn’t clearly Google.
  • The domain looks suspicious (misspellings, extra words, or not https://).
If you’re unsure, don’t continue the sign-in flow. Contact us at mailto:[email protected] and include a screenshot of what you’re seeing.