React + Supabase Developer for SaaS

React + Supabase Developer Needed — Wedding Photography SaaS | Pre-Launch Through Long-Term # The Framework — Developer Hiring Brief ## About Us The Framework is a SaaS platform for wedding photographers. It automates timeline generation from client intake forms and delivers timelines via a private couple-facing portal. We're a bootstrap, pre-revenue startup solving a real pain point in a $3B+ wedding industry. **Stack:** Next.js, Supabase (PostgreSQL + Auth), Stripe, Resend, Vercel --- ## The Problem We're Solving Wedding photographers spend 2–4 hours manually building timelines for every wedding. Couples are anxious about coordination. We automate it. The product workflow works. The security doesn't. --- ## What We Need. Before we charge anyone — especially before we collect couple data (emails, phone numbers, wedding details) — the backend must be beta-ready and secure. **Right now:** - Intake form flow ✓ (form out → couple fills → PDF generated) - Core product logic ✓ - Backend security ✗ (row-level access, input validation, secrets management, monitoring) We need someone who: 1. Understands SaaS security fundamentals (not just "install packages") 2. Can implement Supabase Row-Level Security (RLS) correctly 3. Knows how to lock down API endpoints and validate input 4. Can audit and fix a codebase in 2–3 weeks 5. Communicates clearly about risk and tradeoffs --- ## The Scope (What "Beta-Ready" Means) This is NOT a full production hardening. This is making the app safe enough to go into beta with a limited set of founding members (100 photographers). **You need to deliver:** - Row-level security (RLS) policies implemented on all tables - Input validation and sanitization on all critical endpoints - Authentication checks on every API route - Secrets properly managed (no keys in code or logs) - Basic error monitoring set up - Clear documentation of what was fixed and why **Plus minor UX/configuration tweaks:** There are some configuration and UX refinements (e.g., streamlining selections, improving user flow). We'll discuss the full scope on a call so you understand what's needed. These are small adjustments, not feature builds—the app is solid as-is. **You do NOT need to:** - Build new features - Scale for 10,000 users - Set up enterprise compliance (GDPR, SOC2) - Rebuild the product --- ## The Work (2–3 Week Sprint + Beyond) - **Week 1:** Security audit of current Supabase/Next.js architecture; identify gaps - **Week 2:** Implement row-level security policies; add input validation; harden API endpoints - **Week 3:** Testing, secrets rotation, beta-readiness checklist sign-off --- ## Technical Requirements - Strong PostgreSQL + Supabase RLS experience (not "I've used Supabase once") - Comfortable with Next.js API routes and Stripe integration - Understands OAuth, session management, and data isolation - Has shipped production or beta SaaS before - Can write clear documentation of what you fixed and why -- ## Why This Is Worth Your Time - Pre-revenue startup, but founder is bootstrapped and committed (12-year photography business funding this) - Real product, real market (wedding photography is a $3B+ industry; timelines are universally painful) - Clean codebase (not a legacy mess) - You'll ship this to market in 3 months - Potential to grow into a bigger engineering role and long-term partnership post-launch