diff --git a/README.md b/README.md
index 0f12287..09b6d60 100644
--- a/README.md
+++ b/README.md
@@ -35,3 +35,6 @@ Otherwise you can visit:
 
 It will allow to Make offers by **User1** to **User2** (or vice versa) and test purchase action from both sides (shop and customer points of view).
 
+# Review @@@
+- Please split apps to `frontend` and `functions`
+- Please check tags `@@@`
diff --git a/functions/index.js b/functions/index.js
index a5e2bd1..229ed1b 100644
--- a/functions/index.js
+++ b/functions/index.js
@@ -4,6 +4,9 @@ const cors = require('cors');
 
 const Stripe = require('./services/stripe.service');
 const FireBase = require('./services/firebase.service');
+
+//TODO @@@slava use const instead of let
+//TODO @@@slava inject Firebase DB here
 let fb = new FireBase();
 
 const app = express();
diff --git a/functions/services/firebase.service.js b/functions/services/firebase.service.js
index 8ed07d3..12fa570 100644
--- a/functions/services/firebase.service.js
+++ b/functions/services/firebase.service.js
@@ -1,3 +1,6 @@
+//TODO @@@slava const/let usage, use const instead
+
+//TODO @@@slava it would be great to have this code {{{
 const functions = require('firebase-functions');
 let config = functions.config();
 
@@ -9,7 +12,9 @@ admin.initializeApp({
 });
 
 const db = admin.database();
+//TODO @@@slava }}} reusable, please extract this to reuse
 
+//TODO @@@slava FirebaseService pretty common name. There is business logic for offers and orders mostly.
 class FirebaseService {
   getStripeByUserId(userId) {
     return new Promise((resolve, reject) => {
diff --git a/src/environments/firebase.rules.json b/src/environments/firebase.rules.json
index 2e9498a..159c035 100644
--- a/src/environments/firebase.rules.json
+++ b/src/environments/firebase.rules.json
@@ -1,23 +1,28 @@
 {
   "rules": {
+    //@@@TODO todo I am not sure that I should have access to write another user
     "users": {
       ".read": "auth != null",
       ".write": "auth != null",
       ".indexOn": "_id"
     },
 
+    //@@@TODO todo I am not sure that I should have access to write product of another user for example change price
     "products": {
       ".read": "auth != null",
       ".write": "auth != null",
       ".indexOn": "createdBy"
     },
 
+    //@@@TODO todo same for write
+    //@@@TODO todo read only for me and offer creator
     "offers": {
       ".read": "auth != null",
       ".write": "auth != null",
       ".indexOn": ["createdBy", "to"]
     },
 
+    //@@@TODO read: seems like only for me and order creator
     "orders": {
       ".read": "auth != null",
       ".write": false,