Next.js/Supabase/Twilio Engineer — Code Cleanup, Security Audit & Production Readiness

Category: Web Development → Full Stack Development Project Type: One-time project with potential to convert to ongoing Description: We're building Neucler (neucler.com), a B2B SaaS that monitors inbound phone calls for medspas and dental practices — transcribing, scoring, and analyzing calls to help front desk teams convert more leads into booked appointments. The core product is mostly built and we're preparing for our first real users. Tech stack: Next.js, Supabase (Postgres + Auth), Twilio (voice/SMS) What we need: We want an experienced engineer to do a thorough technical review and cleanup of the existing codebase before we onboard paying customers. Specifically: Codebase cleanup — Identify and remove dead code, unused components/routes, leftover experiments, and stale dependencies. Codebase should be lean and easy to maintain going forward. Security audit — Review Supabase Row Level Security (RLS) policies, auth flows, API routes, and environment/secrets handling for vulnerabilities Twilio integration review — Check webhook validation, call/SMS data handling, and how call recording consent is handled (many jurisdictions require a consent disclosure before recording begins — please confirm this is implemented correctly) Code quality pass — Identify bugs, edge cases, and fragile logic likely to break under real usage/load Data privacy check — We store call recordings and transcripts, which can include sensitive customer conversations. Make sure data is stored and accessed securely (encryption at rest/in transit, proper access controls) Production readiness recommendations — Logging, error handling, rate limiting, and anything else that commonly bites teams once real traffic hits Deliverables: A written audit report covering findings, severity, and recommended fixes A cleaned-up codebase with dead code/unused dependencies removed Direct fixes for critical/high-severity issues (to be scoped together once findings are in) A short call to walk through findings and prioritize what gets fixed now vs. later Ideal candidate: Strong hands-on experience with Next.js + Supabase in production (RLS policies especially) Experience with Twilio voice/SMS APIs Comfortable doing security-minded code review, not just feature building Has shipped SaaS products that handle sensitive user data Clear communicator — we want findings explained in plain language, not just a list of CVEs Ownership & confidentiality: All code and work product produced under this contract is work-for-hire and owned by Neucler Corp. An NDA will be required before repo access is granted. This could turn into an ongoing role. If this engagement goes well, we'd like to bring you on for continued bug fixes, feature work, and support as we move into production and onboard customers. Please mention your availability for ongoing work in your application. To apply, please include: Relevant experience with Next.js, Supabase RLS, and Twilio An example of a security review, audit, or significant cleanup you've done (even informally) Your availability — both for this initial project and potential ongoing work TL;DR: Looking for a Next.js/Supabase/Twilio developer to clean up dead code, do a security review (RLS policies, auth, Twilio webhooks), and make sure our SaaS (call tracking/scoring for medspas & dentists) is safe and stable before we onboard real users. Possible ongoing work fixing bugs once we're live.