Build a SaaS for $100/mo

Hosts the Next.js app as a managed container, auto-deploys from GitHub on every push.

$5/mo is the floor — and it stays $5 whether you have one user or ten thousand. Commercial use is explicit (no Hobby-tier ToS gotchas). App Platform handles TLS, zero-downtime rollouts, and basic autoscale without locking you into a serverless runtime. If you ever outgrow it, the same Dockerfile runs on any cloud — no rewrite tax.

• The $5 plan is single-instance and suspends after a quiet stretch — first request after idle is slow. The $12 'Basic' tier removes the suspension; pay it the day a real user complains.
• Build minutes are capped (a few hundred per month). On a heavy Next.js build with frequent pushes, you'll burn through it — wire a self-hosted GitHub Actions runner if it bites.
• Their built-in CDN is fine, not great. Pair with Cloudflare in front (free, next line) for serious global latency wins.

Sits in front of the app: DNS, caches static assets at 300+ edge POPs, blocks bots, free TLS.

There's no good reason to skip Cloudflare. The free tier covers everything an indie SaaS needs — unlimited bandwidth, free TLS, Page Rules, Workers (limited free), and DDoS mitigation that's the industry leader. Pointing your domain at Cloudflare also unlocks every other Cloudflare product (R2, Pages, Workers, Stream) without a second account.

• Default cache TTLs are aggressive. Ship a deploy without a purge step and users see the old build for up to 4 hours — wire 'purge on deploy' into your CI.
• WAF rules on the free plan are limited. Geographic blocking, rate limiting, and the full Page Rules library require Pro at $20/mo.
• If you proxy through Cloudflare and your origin is misconfigured, you'll get a Cloudflare error page — and the Cloudflare branding on it makes users think your site is broken, not theirs.

Postgres database, row-level security, and the auth provider for the app.

Pro at $25 gets you 8GB of storage, daily backups, and — the part most comparisons skip — a connection pool that doesn't fall over the first time a serverless function fans out. Auth is bundled, so there's no Clerk per-MAU pricing on top. SQL access is real, which means the query language is the one you already know.

• The pooled connection limit is around 200 concurrent. With Vercel serverless that adds up faster than you'd expect — keep transactions short and use the pooler URL for app code.
• Email-based auth without a custom SMTP gets rate-limited on the free SMTP relay. Wire Postmark in as custom SMTP for auth emails too, not just product email.
• RLS bugs are silent by default. A policy that's slightly wrong returns zero rows instead of erroring; budget time for writing tests against your policies.

Sends every transactional email — auth, receipts, password resets, the lot.

Postmark is the deliverability gold standard for transactional. They publicly publish their inbox-rate numbers and average around 99.5%+, which sounds like marketing copy until you see what it does for password-reset complaints (none). $15 covers 10k emails/mo with full headers, real audit trail, and a separate-IP architecture that keeps marketing email far away from your transactional stream.

• Marketing email is forbidden on Postmark. A single broadcast 'Hey check out our new feature' send and they will lock the account first, ask questions later. Use Beehiiv or MailerLite for that.
• $15 is for 10k. Past that, the next jump is $50/mo for 50k — not gentle. Forecast before you ship.
• DKIM/SPF/DMARC verification is stricter than most ESPs. Their docs are excellent but plan an hour the first time.

Serverless Redis for caching, sessions, and rate limiting.

Pay-per-request pricing is the right shape for a SaaS that doesn't run flat-line. $10 covers ~3M commands a month — past that, you're in runaway-cron territory. The Vercel integration is one click, the SDK is small, and the rate-limit primitives are widely considered good enough to skip writing your own.

• Pay-per-request can surprise you if a hot code path forgets to cache. Set a soft monthly cap in their dashboard — the alert is free, the overage isn't.
• Eventual consistency between regions is real. Anything that has to be strictly counted (not just rate-limited) should live in Postgres, not Redis.

Captures errors and performance traces from the app, with source maps and release tracking.

The Team plan at $26 covers 50k errors and 100k performance events a month, with unlimited members. Cheaper alternatives exist (Bugsnag, Highlight, self-hosted GlitchTip), but Sentry's breadcrumbs pay for themselves the first time a customer sees a 500 — they shave hours off a triage.

• Quotas are easy to blow if you don't sample. Set tracesSampleRate to around 0.1 in production from day one.
• Source map uploads need to actually run in CI. A surprising number of teams ship for months with un-symbolicated stack traces and don't notice.
• $26 is a lower bound. Add another seat or hit a noisy release and you'll see the bill drift — keep an eye on the monthly view.

Privacy-friendly, cookie-free page analytics and goal tracking.

$6 buys 10k pageviews a month, no cookie banner, and a dashboard a non-engineer can read. You don't need session replay; you need to know which pages convert. The script is 1KB-ish and doesn't dent Lighthouse.

• 10k pageviews is genuinely small. A single Hacker News appearance burns through the monthly cap in an afternoon — set up overage email alerts.
• There's no funnel analysis on the entry tier. If you need that, Plausible Business at $19 is still cheaper than the alternatives.