Security & logical review of a Next.js + Supabase app

We built a Dutch directory and interactive map of e-commerce service providers (fulfilment, marketing, webshop builders, payment, etc.). Companies create profiles, tag their capabilities, and declare verified partnerships — visibility is driven by these mutually confirmed connections, not ad spend. The app was "vibe coded" by our Growth team using Next.js and Supabase. I'm looking for someone to evaluate it from a security and architectural perspective: Do the flows make sense? Is Supabase properly configured (RLS, auth, etc.)? Any obvious risks? Long-term maintainability isn't the priority right now — we just want this live quickly, but safely. (E.g. Tailwind is a dependency yet there are still huge handwritten CSS files — that's fine for now.) There may also be some follow-up work to make fixes and improvements.