I don’t think it is a good idea to include Fastgen in the mix. Doing so will lead to the same issues: granting access to your database to an additional company. Fastgen lacks security certifications, and as far as I understand, they host their services in the US. This compromises Supabase’s SOC2 certification and does not comply with the EU’s data privacy regulations (GDPR).
Supabase is designed for frontend use. However, the issue is that WeWeb requires the service_role key for Auth plugin configuration. But as @Alexis mentions here, I believe this requirement can be made optional: