I'll set up Supabase authentication and row-level security (RLS) policies that actually isolate each user's data — the part that quietly eats days and causes leaks when it's done wrong. Includes: auth flows (email + OAuth), per-table RLS policies, tests of the access boundaries, and a short handoff doc. Built this recently for showkit.dev. Fixed scope, 50% deposit upfront, delivered in 3 days.