Case Study: Auditing and Fixing a Vibe-Coded Digital Business Card App

We recently completed a code audit and dev fixes for BizCardy, a digital and NFC business card platform. It’s a great example of what happens when a solid product idea meets AI-assisted development — and why a professional review before (or after) launch is worth every penny.

The Product

BizCardy lets users create, customise, and share digital business cards. Tap an NFC card, scan a QR code, or share a link — and your contact details, socials, and branding are instantly on someone’s phone. It’s a clean, modern alternative to paper cards.

The app was already live and functional when we got involved. The core experience worked. But under the hood, there were patterns that needed attention before scaling.

What We Found

Every vibe-coded project has its own flavour of issues. BizCardy was no different. Here’s the kind of thing we typically uncover during an audit:

Security Gaps

AI tools are great at building features fast but tend to skip the security fundamentals. Common findings include exposed environment variables, missing input validation, and auth flows that look correct on the surface but have edge cases that could be exploited.

Architecture Concerns

When AI generates code feature-by-feature, the overall architecture can drift. We often find duplicated logic, inconsistent patterns across similar features, and tight coupling that makes future changes risky.

Performance Bottlenecks

Things like unoptimised database queries, missing indexes, unnecessary re-renders on the frontend, and oversized bundle imports. They don’t break anything today, but they’ll bite you at scale.

What We Did

Our process is straightforward:

1. Full codebase review — we read every file, not just the ones that look suspicious
2. Prioritised issue report — each finding categorised by severity with clear explanations
3. Hands-on fixes — we didn’t just flag problems, we fixed them
4. Dev guidance — practical advice on maintaining the codebase going forward

The goal isn’t to rewrite the app. It’s to take what’s already working and make it solid — secure, maintainable, and ready to grow.

The Takeaway

BizCardy is a textbook example of why Vibe Code Audits exist. The product idea was strong, the execution was fast, and the AI tooling got them to market quickly. But that speed comes with trade-offs that are invisible until someone experienced looks under the hood.

If you’ve built something with Cursor, Bolt, Lovable, or any AI coding tool and you’re wondering whether it’s actually production-ready — it’s worth finding out before your users do.

Want the Same for Your App?

We offer dedicated Vibe Code Audits for AI-generated codebases. Fast turnaround, clear reports, and optional dev fixes. Get in touch and we’ll take a look.