Security Audit — Lovable/Supabase SaaS App (Travel Advisor Platform)
Worldwide
I'm the founder of Cultural Passport, a live SaaS platform for travel advisors built on Lovable (React/Vite) with a Supabase backend (Postgres, Auth, Storage, Edge Functions), Stripe for subscription billing, and Resend for transactional email. The platform was built using AI-assisted tools and is preparing to onboard its first paying subscribers in approximately three weeks. I need an experienced developer to conduct a focused security and stability audit before live subscribers are onboarded. This is not a rebuild — it's a one-time review with a written report, ideally leading to an ongoing relationship I can call on for future fixes as needed. Scope of the audit: - Row Level Security (RLS) policies across all tables, specifically confirm that advisor-to-advisor data isolation is airtight. One advisor should never be able to see another advisor's clients, campaigns, or analytics under any circumstance - Stripe webhook handler (subscription created/updated/deleted, payment failed) — review for correctness, idempotency, and edge cases - Edge Functions - particularly the scheduled job that permanently deletes advisor data 6 months after cancellation, and the campaign sending logic - SECURITY DEFINER functions - review for privilege escalation risk - General stability review - flag anything that looks fragile or likely to break as advisor signups grow - Resend email integration - review API key storage, sender domain configuration, and the campaign email sending logic for security and reliability issues Deliverable: A written report ranked by severity, with each finding explained in plain language alongside the specific recommended fix. I need to understand what's wrong and why it matters, not just receive a list of technical terms. Timeline for the report is important - I need findings back within one week of granting access. Ideal candidate: - Direct experience auditing or hardening apps built with Lovable, Bolt, Replit, or similar AI builders - you understand the patterns these tools produce and where they typically fall short - Strong Supabase/Postgres background, specifically RLS policy design and Edge Functions - Experience with Stripe webhook integrations - Comfortable explaining technical findings clearly to a non-technical founder - Available to start within the next few days - Open to an ongoing as-needed relationship after the audit for future fixes Budget: Fixed price preferred. Please include your estimate and timeline in your proposal. For a focused review and written report of this scope, I'm expecting proposals in the $300–$600 range, but open to discussion based on experience. Note: Initial access will be read-only or limited to a staging environment. Full credentials will only be shared once trust is established.
$500.00
Fixed-price- ExpertExperience Level
- Remote Job
- Ongoing projectProject Type
Skills and Expertise
Activity on this job
- Proposals:20 to 50
- Interviewing:0
- Invites sent:0
- Unanswered invites:0
About the client
- United States5:33 PM
Explore similar jobs on Upwork
How it works
Create your free profileHighlight your skills and experience, show your portfolio, and set your ideal pay rate.
Work the way you wantApply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
Get paid securelyFrom contract to payment, we help you work safely and get paid securely.
About Upwork
- 4.9/5(Average rating of clients by professionals)
- G2 2021#1 freelance platform
- 49,000+Signed contract every week
- $2.3BFreelancers earned on Upwork in 2020
Find the best freelance jobs
Growing your career is as easy as creating a free profile and finding work like this that fits your skills.
Trusted by