Everything between PostgreSQL and production.

Watch one schema definition light up an entire platform.

YOUR SCHEMA
{ "name": "campaign",
"properties": {
"budget": {
"type": "number",
"fls": { "admin": "rw", "viewer": "none" },
"privacy": { "pii": "financial" },
"validation": { "expr": "value > 0" }
}
},
"rls": { "expr": "owner == $actor" },
"relationships": {
"owner": { "type": "lookup", "object": "user" }
}
}
ToastQL FLS Privacy Validation Forms Events & CDC App Builder
DATA ENGINE

Your schema is the product.

Define your data model with a JSON Schema 2020-12 superset. 20+ field types, lookup & master-detail relationships, runtime schema creation, and optimistic concurrency — all from a single definition.

Every property maps directly to a real PostgreSQL column. Real tables, real indexes, real SQL. No proprietary storage format.

schema.json
"name": { "type": "string", "maxLength": 255 }
"email": { "type": "string", "format": "email" }
"revenue": { "type": "currency", "precision": 2 }
"created": { "type": "datetime", "auto": true }
PostgreSQL
name VARCHAR(255) NOT NULL
email TEXT NOT NULL CHECK (email ~* ...)
revenue NUMERIC(19,2)
created_at TIMESTAMPTZ DEFAULT now()
QUERY ENGINE

SQL you know. Guarantees you've never had.

toastql
SELECT name, email, revenue
FROM contact
Tenant isolation by default
RLS -- own records only
FLS enforced automatically
Purpose-based access checked
PII filtered by purpose
PII reads logged
Data masking applied
Soft-delete handled
raw-sql.sql
SELECT name, email, revenue
FROM contacts
-- oops, filter by tenant
WHERE tenant_id = $1
-- wait, soft-delete
AND deleted_at IS NULL
-- right, RLS -- only show own records
AND (owner_id = $2 OR $3 = 'admin')
-- check purpose-based access
AND $4 = ANY(
  SELECT purpose FROM role_purposes
  WHERE role = $3
)
-- oh no, FLS -- need to mask fields
-- need a JOIN for the role check
-- and log every PII read...
-- in ALL 47 endpoints...
-- consistently...
-- forever.
SECURITY & PRIVACY

Seven layers of protection. One line of config each.

Field-Level Security
"fls": { "admin": "rw", "viewer": "none" }
Row-Level Security
"rls": { "expr": "owner == $actor" }
PII Classification
"privacy": { "pii_type": "email" }
Purpose-Based Access
"purposes": ["operations", "support"]
Field Encryption
"encryption": { "algorithm": "aes-256-gcm" }
Data Masking
"masking": { "viewer": "email_domain" }
Differential Privacy
"dp": { "epsilon": 1.0, "mechanism": "laplace" }
Retention policies Read-access logging Subject erasure
VALIDATION & FORMS

Rules in the schema. Forms from the schema.

schema.json
"status": {
"type": "picklist",
"values": ["Open", "In Progress", "Closed"]
},
"resolution": {
"type": "string",
"validate": "status == 'Closed' ? size(self) > 0 : true"
},
"budget": {
"type": "currency",
"validate": "self > 0",
"fls": { "viewer": "none" }
}
Auto-Generated Form
Open
Optional for current status
$—
EVENTS & CDC

Every mutation. Captured. Delivered. Replayable.

event stream
CREATE contact id=c_3f8a tenant=acme
UPDATE deal id=d_91b2 stage: "Negotiation" → "Closed Won"
TRIGGER webhook deal.closed_won • delivered
CREATE activity id=a_7c0d type=call
PII_READ contact.email actor=usr_42 purpose=support
DELETE contact id=c_0a1f erasure=gdpr
CREATE account id=a_88e3 tenant=globex
UPDATE contact id=c_3f8a status: "Lead" → "Qualified"
TRIGGER nats contact.qualified • published
CREATE deal id=d_f4c1 amount=$85,000
CREATE contact id=c_3f8a tenant=acme
UPDATE deal id=d_91b2 stage: "Negotiation" → "Closed Won"
TRIGGER webhook deal.closed_won • delivered
CREATE activity id=a_7c0d type=call
PII_READ contact.email actor=usr_42 purpose=support
Lifecycle hooks Webhooks + DLQ NATS · Kafka Transition detection
APPLICATION PLATFORM

Schema to app. App to phone. Phone to real code.

schema
{ "app": {
"pages": [
"contact-list",
"contact-detail"
],
"nav": "sidebar",
"theme": "dark"
}}
ejected
my-app/src/
components/
ContactList.tsx
ContactDetail.tsx
hooks/
useContacts.ts
routes.tsx
api-client.ts

And that's not even all of it.

Cursor pagination
Efficient, consistent pagination for large data sets
Bulk operations
Create, update, or delete thousands of records in one call
Schema versioning
Track every schema change with full migration history
Audit logging
Immutable record of every data access and mutation
Key rotation
Rotate encryption keys with zero downtime
Retention policies
Automatic data lifecycle management and purging
Data residency
Enforce where data lives at the schema level
Prometheus metrics
Built-in observability for queries, latency, and throughput
Go SDK
Type-safe Go client generated from your schema
MCP server
Schema metadata API for AI agent integration
Dependent picklists
Cascading value lists driven by parent field selection
Computed fields
Derived values calculated automatically from other fields
Rollup summaries
Aggregate child record values on parent objects
Vault fields
Application-level encryption for sensitive data at rest
Privacy budgets
Differential privacy epsilon tracking across queries
Compliance reports
Article 30, CCPA, and HIPAA reports from schema metadata
Push notifications
Real-time alerts to mobile and web clients
Offline support
Mobile apps that sync when connectivity returns
Custom themes
Brand your generated apps with your own design tokens
White-label mobile
Publish mobile apps under your own brand

The whole platform. Free to start.

Bring your PostgreSQL. We'll handle the rest.

Get Started Free View Pricing