A US-based founder came to me with something that already had real potential. He'd built a prototype — a photo transformation app where users upload their face and get reimagined as movie characters using Google's AI. People who tried it loved it. The concept worked.
The problem was under the hood. The entire app ran client-side, which meant the Gemini API key was sitting exposed in the JavaScript bundle. Anyone who opened DevTools could see it, copy it, and use it to rack up thousands of dollars in API costs overnight. The foundation the product was sitting on wasn't safe. You can't build a business on that.
He needed someone to come in, fix it properly, and build the infrastructure that would let this thing actually scale.
The first thing I did was migrate the entire app from Vite to Next.js App Router. Not a trendy choice — a structural one. It meant every AI call could now live server-side, permanently. The API key never touches the browser. On top of that I built a layered security model: input sanitization against prompt injection, IP-based rate limiting, daily generation caps enforced at the database level, and cloud budget alerts as a last line of defence. The founder could now sleep without worrying about waking up to a $4,000 API bill.
The core AI pipeline runs on Gemini 3.1 Flash Image — the same model that went viral in India in 2025 with over 200 million edits in its first weeks. I engineered a seven-route server-side pipeline handling everything from character validation and face detection to cinematic narration, face morphing, similarity scoring, and video generation. Each route manages its own errors and falls back cleanly under load. The AI is fast. The infrastructure around it is solid.
A great AI feature alone doesn't make a product. I built a ten-table PostgreSQL schema that covers the full roadmap — guest users, registered users, paid subscribers, a credit transaction system, ad events with fraud prevention, geo-based pricing for India and the US, promo codes, and a complete admin dashboard the founder controls in real time without touching code.
The viral loop was built in from the start. Every generated image gets its own share URL with dynamic preview cards optimised for WhatsApp. When someone shares their transformation, their contacts see the image and one button. That button drops them into the app with the character already selected. Guests get three free generations before hitting a signup wall — timed exactly at the moment they've already seen what the product can do.
The app is still in active development, getting sharper every week.
"Piyush rebuilt the entire backend, locked down the security, and delivered exactly what I needed. The product is in a completely different place now."— Saranjit, Founder, Imagine