โ† All posts
๐Ÿ’ธ

I Built a SaaS With $4 in CashApp. Here's the Scrappy Founder Stack.

Started in October with $4 in CashApp and free APIs. 6 weeks later I have a working SaaS that audits other SaaS sites. The stack, the bugs, and the pivots โ€” no fluff.

No "I made $50k in my first month" headline. I haven't made a dollar yet. This is the actual build log of a 17-year-old shipping a SaaS with literally $4 to start.

The starting position

October 2025. I had:

  • $4 in CashApp
  • A laptop
  • An idea: audit local businesses for SEO issues, charge them money
  • Zero customers, zero brand, zero followers

The first decision was the most important: everything has to start free or near-free. No paid SaaS, no paid hosting, no paid APIs until something is actually making money. Here's what I picked.

The free stack

Backend: Node.js + Express

I know JavaScript best. Express is unfashionable in 2026 (everyone's on Next.js / Hono / Bun) but I wanted to control every endpoint, every middleware, every cookie. For a tool that does cookie-based session tracking + A/B testing + payment webhooks, Express was the right call. Total stack lock-in: zero.

Database: better-sqlite3

SQLite running locally on the server. Single-file database, no setup, faster than Postgres for the read-heavy workloads I'm doing. The whole app database is a 4MB .db file I can copy anywhere.

The better-sqlite3 npm package is synchronous, which sounds bad but is actually a feature for solo-dev SaaS: no callback hell, no await everywhere, queries return data immediately. I'm a Postgres convert who will not go back.

Templating: EJS

Server-rendered HTML with EJS templates. No React, no Next.js, no Vue. Why? Because SEO and SaaS landing pages are 90% static content with light interactivity. Server-rendered HTML loads instantly, is perfectly crawlable, and I can ship a new template in 5 minutes without a build step.

I add light JavaScript where needed (theme toggle, audit progress polling, A/B variant tracking). Total client-side JS payload: under 4KB minified.

LLM: Gemini Flash (free tier)

Gemini's free tier gives me 1,500 requests per day. I use it to generate the actual audit reasoning โ€” given a scraped site + PageSpeed data, what are the top 8-12 issues. The structured-output mode (JSON schema) means I don't need to parse free-text. Solid.

If Gemini ever cuts the free tier, I'll switch to Groq (Llama 3.3 70B, also free). Built the LLM client as a swappable module from day 1.

Performance API: Google PageSpeed Insights

Free, real Lighthouse scores. Same data Google uses to evaluate Core Web Vitals. Lets me give users actual numbers ("LCP is 4.2 seconds, target is under 2.5") instead of vague advice.

Email: Resend (free tier)

3,000 emails/month free, decent deliverability, dead-simple API. Magic link login + transactional emails. The cleanest dev experience I've used for transactional email.

Hosting: my own laptop + Cloudflare Tunnel

This is the most controversial choice. I run the production server on my own laptop with Cloudflare Tunnel routing rankradar.shop traffic to localhost. Free TLS, free DDoS protection, free routing.

The downside: if my laptop dies or loses power, the site goes down. The upside: hosting cost is $0 forever, and when I scale to a real VPS it's a 30-minute migration.

Domain: $1.16 on Namecheap

The .shop TLD was on sale. The remaining ~$3 went into a Cloudflare DNS migration. Total spent before launch: $1.16.

Payments: Stripe Checkout

Stripe Checkout Sessions with inline price_data (no pre-created Price IDs to manage). I pay 2.9% + 30ยข per transaction but $0 in fixed costs. Took about 90 minutes to integrate end-to-end including the webhook handler.

What I built on top of that stack

The actual product is an SEO audit tool. User pastes a URL, we:

  1. Scrape the homepage (custom Node scraper, no Apify)
  2. Run PageSpeed Insights API for performance scores
  3. Check robots.txt, sitemap.xml, schema markup, OG tags, etc.
  4. Send the gathered data to Gemini with a structured prompt
  5. Gemini returns 8-12 issues with revenue-loss estimates
  6. We render the audit as a public-shareable report

End to end: 25-35 seconds. Free preview shows top 3 issues, no signup. Full report unlocks for $24.99 (first audit).

The hard-earned lessons (most painful first)

1. Build the analytics yourself

I tried GA4 for a week. It was useless. For a SaaS where every visitor matters, you need session-level detail: who came from where, what they clicked, where they bounced, what variant of your landing page they saw. GA4 aggregates everything into useless funnels.

I rebuilt visitor tracking as ~200 lines of code: a cookie-based session, beacon endpoint for page views + clicks + unload, A/B variant assignment, confirmed-human signal (2-second visibility timer beats bots). Way more useful than any third-party tool.

2. The phantom session problem

First 4 weeks of analytics showed: 60 sessions, 0 signups. I thought my landing page was broken. Then I realized 51 of those sessions had seconds_on_page = 0 โ€” they were bots, link previewers (Slack, Discord, Twitter), and scrapers, not humans.

Real human count was 9. Real signups were 4. Activation rate was actually 44%, not 0%. The signal had been there all along, buried under bot noise.

Lesson: separate humans from bots in your analytics from day 1. Add a "confirmed human" beacon that fires 2 seconds after the page becomes visible. Bots never trigger it.

3. Pivot when the data tells you to

My original target was local service businesses โ€” plumbers, HVAC, salons. I posted on r/sweatystartup, r/hvacadvice, r/smallbusiness. Got 4 signups in 3 weeks.

The honest diagnosis: trades don't read Reddit, don't trust "AI audits," and don't believe their site is the problem. The audience-product fit was wrong.

I pivoted last week to indie hackers, AI builders, SaaS founders. Same product (an SEO audit tool), different positioning. Indie hackers obsess over their site. They're on Reddit. They're early adopters. They actually pay for tools.

The pivot took 6 hours of code changes โ€” I made the audience switchable via one env var (BRAND_MODE=digital or BRAND_MODE=local) so I could revert if it didn't work. Best risk-mitigation pattern of the build.

4. The "silly bug" was actually the biggest one

I shipped a feature where admins could export an audit at a chosen tier (free / paid / full). Tested it locally โ€” worked. Shared one with someone โ€” they saw the full paid report when I'd selected "free."

Root cause: my client-side JS used FormData(), which sends as multipart/form-data. My Express server only had the urlencoded + JSON body parsers. req.body.tier was undefined on every request. The server's fallback was "default to full."

One line of client JS to switch from FormData to URLSearchParams. Server-side change to remove the default and fail loudly. Two-line fix. Could have been silently leaking paid content for months.

Lesson: never have a quiet fallback for paywall-controlling parameters. Fail loudly with a 400.

5. Price for the click, not the value

I had a feature called "AI Fixer" that auto-rewrites your meta tags / titles / descriptions for any issue we find. Original price: 50% of the issue's monthly revenue loss. So a $400/mo issue cost $200 to auto-fix.

Nobody clicked. Zero conversions in 3 weeks despite hundreds of audit views.

Dropped the price to 25%. So a $400/mo issue now costs $100. Same exact feature. The conversion signal got way cleaner โ€” people actually click the button now even if they don't buy.

Lesson: "value-based pricing" is a meme when nobody has heard of you. Price for the click first. Once people are using the feature, prove the value, then raise the price.

The numbers right now

  • MRR: $0
  • Signups: 4
  • Audits run: ~30 (mostly mine + 3 friends')
  • Real human visitors (last 30 days): ~80
  • Total spent: $1.16 (the domain)
  • Hours built: ~250 over 6 weeks

Pre-revenue but real. Pivoting to indie hackers as of this week. The first Reddit post on the new positioning ships in 3 days.

What's next

  • Get 5 paid customers (any tier)
  • Ship a referral system (audit unlock for sharing your audit publicly)
  • Add Chrome extension for one-click audits on any site you're viewing
  • Migrate hosting off my laptop once MRR > $20/mo (pay for a $5 VPS)

If you build SaaS too, the most valuable thing I can offer is honest data. Run a free audit on your own site โ€” top 3 issues, no signup needed. If it's useful, the full report is $24.99 for your first audit.

Get a free audit on your own SaaS

30 seconds, no signup, real Lighthouse scores + revenue-loss estimates.

โšก Audit my site โ†’

Questions about the stack or any specific implementation detail? I'm always around โ€” drop me a note via the audit tool, I read everything.