How a SaaS boilerplate saves you 200 hours (the realistic version)
An itemized, honest accounting of the time a real SaaS boilerplate saves you. Auth, payments, email, SEO, legal, ops. Hour by hour, with the math, not the marketing.
Every boilerplate landing page claims “save weeks of work” and almost none of them show their math. This post is the math.
I have built the SaaS foundation from scratch four times by now, and used boilerplates (mine and others’) three times. The gap is real. The exact number depends on what you count, but the honest range is 150 to 300 hours saved for a serious SaaS, with around 200 hours as the typical case.
Here is the breakdown, line by line.
Methodology
For each component I list:
- Time from scratch (solo founder, no AI assist).
- Time from scratch (solo founder, with AI assist like Claude Code).
- Time with a boilerplate.
- Net savings.
These are my own numbers from real projects. Your speed will vary, but the ratios are stable.
Authentication
A correct, production-grade auth system needs:
- Sign up with email/password verification.
- Sign in with rate limiting and timing-attack resistance.
- Password reset with hashed tokens, expiry, single-use, info-leak-safe responses.
- Magic links.
- OAuth (Google, GitHub at minimum).
- Session management with
HttpOnly,Secure,SameSite=Laxcookies. - CSRF tokens on state-changing forms.
- Account deletion flow.
| Hours | |
|---|---|
| From scratch, no AI | 40-60 |
| From scratch, with AI | 25-35 |
| From boilerplate | 1-2 (configure OAuth credentials) |
| Saved with boilerplate | ~30 hours |
The AI assist gets you to “looks like auth.” A boilerplate gets you to “auth that has survived multiple security reviews.” Different bar.
Payments
For Stripe, Polar, or LemonSqueezy:
- Checkout session creation, signed redirect, success page.
- Webhook endpoint with signature verification and idempotency.
- Subscription lifecycle handling (created, updated, canceled, payment failed).
- Customer portal integration or self-built billing page.
- Refund handling.
- Tax handling (Stripe Tax setup or MoR configuration).
- Invoice/receipt access for the user.
| Hours | |
|---|---|
| From scratch, no AI | 30-50 |
| From scratch, with AI | 18-28 |
| From boilerplate | 1-3 (configure provider keys) |
| Saved with boilerplate | ~25 hours |
Webhooks are the part that takes the longest to get right. Idempotency, retry handling, dealing with out-of-order events. A boilerplate has these baked in.
- SPF, DKIM, DMARC DNS setup (this is its own multi-hour debugging session).
- Sending subdomain configured separately from apex domain.
- Provider integration (Resend, Postmark, or similar).
- Transactional templates for welcome, verification, password reset, magic link, receipt.
- Plain-text alternatives.
- Unsubscribe link handling.
- Bounce and complaint handling.
| Hours | |
|---|---|
| From scratch, no AI | 12-20 |
| From scratch, with AI | 8-12 |
| From boilerplate | 1-3 (configure DNS, swap templates) |
| Saved with boilerplate | ~10 hours |
Email feels small until you start fighting deliverability. The boilerplate cannot fix DNS for you, but it can ship templates and a sender abstraction that does not bite you later.
Landing page
- Hero section.
- Pricing section.
- Features section.
- FAQ section.
- Testimonials (or placeholder if pre-launch).
- About / Team section.
- Footer with legal links.
- Responsive on mobile.
- Dark mode support.
- Lighthouse score above 90 across all categories.
| Hours | |
|---|---|
| From scratch, no AI | 25-40 |
| From scratch, with AI | 12-20 |
| From boilerplate | 4-8 (customize copy and design) |
| Saved with boilerplate | ~15 hours |
The AI is genuinely fast at landing pages. Where it loses time is in iteration: AI-generated copy is generic, you spend hours making it sound like you. A boilerplate’s prose is a starting point that someone already polished once.
Blog
- Markdown rendering with frontmatter.
- Syntax highlighting for code blocks.
- Tag pages and tag-based filtering.
- Hero image support.
- Read-time calculation.
- RSS feed (or sitemap inclusion).
- SEO metadata, JSON-LD, OpenGraph.
- Newsletter signup integration.
| Hours | |
|---|---|
| From scratch, no AI | 20-30 |
| From scratch, with AI | 10-16 |
| From boilerplate | 0-1 (add markdown files) |
| Saved with boilerplate | ~14 hours |
A working blog is a meaningful chunk of work the first time. The second time you build one is faster, but you do not get the second time savings on a brand new SaaS.
Documentation
- Hierarchical sidebar navigation.
- Table of contents per page.
- Search (or fall back to Algolia/MeiliSearch).
- Mobile responsive.
- Dark mode.
- Breadcrumbs.
- Prev/next page navigation.
- Code copy buttons.
| Hours | |
|---|---|
| From scratch, no AI | 25-40 |
| From scratch, with AI | 12-20 |
| From boilerplate | 0-1 (add markdown files) |
| Saved with boilerplate | ~18 hours |
Docs are a sneakily large chunk of work. Most boilerplates ship them. Most “vibe-coded” SaaS launches without them and adds them six months later as an afterthought.
Legal pages
- Privacy Policy that mentions the actual data you collect.
- Terms of Service with limitation of liability.
- License page if you sell code (irrelevant for most SaaS).
- Cookie policy if you have non-essential cookies.
- Imprint for German operations.
- Data processing agreement template for B2B customers.
| Hours | |
|---|---|
| From scratch, no AI | 8-16 |
| From scratch, with AI | 4-8 |
| From boilerplate | 1-2 (replace placeholders) |
| Saved with boilerplate | ~5 hours |
These are usually copy-paste-and-edit work. The boilerplate saves you both the time and the “what should this section say” research.
SEO scaffolding
- Sitemap.xml that dynamically includes blog, docs, products.
- Robots.txt with the right allow/disallow patterns.
- Canonical URLs on every page.
- OpenGraph and Twitter card tags.
- JSON-LD structured data for blog posts.
- Per-page title and description.
hreflangfor international variants.- Server-rendered HTML (free if you are on the right stack).
| Hours | |
|---|---|
| From scratch, no AI | 12-20 |
| From scratch, with AI | 6-10 |
| From boilerplate | 0-1 (it just works) |
| Saved with boilerplate | ~10 hours |
SEO scaffolding is the part most founders forget and pay for in low search visibility for years. The boilerplate gives you parity with the top 5% of indie SaaS in the first week.
Security headers and CSP
- Content Security Policy with nonces (not
unsafe-inline). X-Frame-Options,X-Content-Type-Options,Referrer-Policy.- Permissions-Policy for camera, geolocation, payment, etc.
- CSRF middleware with token rotation.
- Rate limiting on sensitive endpoints.
| Hours | |
|---|---|
| From scratch, no AI | 10-20 |
| From scratch, with AI | 6-10 |
| From boilerplate | 1 (configure values) |
| Saved with boilerplate | ~10 hours |
This is the part the AI helps least with, because it does not know what your CSP should look like for your specific page set. The boilerplate ships a tested CSP that allows your own assets and common providers.
Database, migrations, and the connection layer
- Connection pooling configured correctly.
- Migrations system with up/down support.
- Initial schema (users, sessions, password_resets, magic_links, etc.).
- Health check endpoint that pokes the DB.
| Hours | |
|---|---|
| From scratch, no AI | 8-14 |
| From scratch, with AI | 5-8 |
| From boilerplate | 1-2 (point at your DB) |
| Saved with boilerplate | ~6 hours |
The schema part is small. The “did I set up connection pool limits and timeouts correctly” part is where errors creep in. Boilerplate has reasonable defaults.
File uploads to object storage
- S3-compatible API integration (R2, AWS S3, Backblaze).
- Presigned URLs for direct browser upload.
- File type and size validation.
- Avatar resizing or thumbnail generation.
- Cleanup on user deletion.
| Hours | |
|---|---|
| From scratch, no AI | 15-25 |
| From scratch, with AI | 8-14 |
| From boilerplate | 2-4 (configure credentials) |
| Saved with boilerplate | ~12 hours |
Deployment workflow
- Dockerfile or single-binary build.
- CI/CD pipeline that builds, tests, and deploys.
- Reverse proxy config for HTTPS (Caddy, Traefik, or nginx).
- Environment-specific configuration.
- Zero-downtime restart.
| Hours | |
|---|---|
| From scratch, no AI | 15-30 |
| From scratch, with AI | 10-18 |
| From boilerplate | 3-6 (provision VPS, set secrets) |
| Saved with boilerplate | ~15 hours |
Component library and design system
- Buttons, dialogs, dropdowns, sheets, sidebars, toasts.
- Forms with validation styling.
- Tables with sort and filter.
- Date pickers.
- Tooltips, popovers.
- Avatar component.
- Tabs, accordions.
| Hours | |
|---|---|
| From scratch, no AI | 60-100+ |
| From scratch, with AI | 25-40 |
| From boilerplate | 0 (it ships with templUI / shadcn) |
| Saved with boilerplate | ~30 hours |
This is the single biggest line item if you build it yourself. Component libraries are a huge time sink, especially if you care about accessibility.
Observability
- Structured logging with
slog. - Sentry or equivalent error tracking.
- Health check endpoint.
- Basic metrics (request count, latency, error rate).
- Uptime monitoring integration.
| Hours | |
|---|---|
| From scratch, no AI | 8-14 |
| From scratch, with AI | 5-8 |
| From boilerplate | 1-2 |
| Saved with boilerplate | ~6 hours |
Total
Adding it up:
| Category | Hours saved |
|---|---|
| Auth | 30 |
| Payments | 25 |
| 10 | |
| Landing page | 15 |
| Blog | 14 |
| Docs | 18 |
| Legal | 5 |
| SEO scaffolding | 10 |
| Security headers | 10 |
| Database + migrations | 6 |
| File uploads | 12 |
| Deployment | 15 |
| Component library | 30 |
| Observability | 6 |
| Total | ~206 hours |
That is roughly 5 weeks of full-time work, or 10 weeks of part-time work for a solo founder.
The cost math
Hours are one axis. Money is another. Even if you do not bill yourself, those weekends have a price.
Same foundation work, priced three ways. Hours are conservative totals across the 14 categories above. The dollar column uses a $40 per hour opportunity cost (well below any senior dev market rate, well above zero).
| Approach | Hours | At $40/h | Out-of-pocket |
|---|---|---|---|
| From scratch, no AI | ~300 | $12,000 | $0 |
| From scratch, with AI | ~180 | $7,200 | $60 to $600 (1 to 3 months of AI Pro) |
| Boilerplate + AI | ~25 | $1,000 | $99 launch + ~$100 AI |
| You save (vs. AI alone) | ~155 | ~$6,100 |
The number that should hit hardest: $99 launch price ($199 regular) vs $6,000+ saved, even when you already pay for AI.
AI cuts your foundation work in half. A boilerplate cuts it by more than 90%. The two stack. You are not picking AI or boilerplate. You are picking AI without a foundation versus AI with one.
A boilerplate makes your AI subscription dramatically more useful. The AI stops rediscovering HttpOnly cookies and Stripe webhook signatures every new chat. It walks into a codebase where that is already done, and writes the code that is actually yours.
$99 is roughly one month of an AI Pro subscription. The boilerplate pays itself back the day you ship.
The hidden savings the table does not show
The numbers above are the explicit time savings. The hidden savings are arguably bigger.
Decision fatigue
Every “build it yourself” path includes hundreds of small decisions: which library, which pattern, which version. A boilerplate makes 90% of those decisions for you, leaving you to spend your decision-making capacity on product.
Bug avoidance
A boilerplate has been used by hundreds of other founders. The bugs you would hit and spend a day each on, they hit and fixed two years ago. You skip them entirely.
Operational stability
A boilerplate’s deploy story, backup story, and update story have been validated across many users. Your custom version of each is one founder’s first attempt.
Faster AI workflow
A boilerplate with documented conventions is dramatically more productive when you pair it with AI coding tools. The AI follows the conventions, you do less correction.
When the math does not work
A boilerplate is the wrong choice when:
- You are building something genuinely different from a typical SaaS (a browser extension, a CLI tool, a desktop app). Then the boilerplate’s assumptions do not apply.
- You are explicitly learning the stack. Build it yourself, slowly, and learn.
- You hate the boilerplate’s stack choices. Forcing yourself to use Go if you only know Python is not a saving.
For the other 90% of cases, the math is one-sided. 200 hours at any reasonable hourly value (even a developer’s “free time” hourly value) dwarfs the $100-500 cost of a real boilerplate.
In goilerplate
goilerplate ships every item on the list above for the Go stack: auth (magic-link, OAuth via Google and GitHub, password reset), Polar and Stripe managed payments (more providers on the roadmap), Resend email scaffolding, landing page, blog, docs, legal pages (privacy, terms, cookies), SEO scaffolding (dynamic sitemap, robots.txt), security headers (CSP with nonces, X-Frame-Options, Permissions-Policy, and more), sqlite or Postgres schema with goose migrations, S3-compatible file uploads (avatars wired in, R2/AWS/DO Spaces compatible), Dockerfile and single-binary deploy, templUI components, slog plus Sentry integration.
If you are on Next.js, supastarter and ShipFast offer the equivalent for JavaScript. For the head-to-head, see goilerplate vs supastarter vs ShipFast.
I ship new features, fixes, and blocks into goilerplate every week. Lifetime updates means the same code I run for my own products, with every change I push.
Either way, the question is not “should I use a boilerplate.” The question is “which one matches my stack.”
The actual recommendation
If you have a SaaS idea and you have not built one before, buy a boilerplate. Spend the 200 hours you save on customer development, content marketing, and product iteration.
If you have built three SaaS already, you have your own boilerplate (mentally or literally). Use it.
If you are building a portfolio piece, build everything yourself. The portfolio piece is the building. That is the point.
For everyone else, do not be the founder who spent six months on a foundation that someone else already built and sells for $200. Those six months are the difference between launching this quarter and launching next year.
200 hours is a lot of weekends. Spend them on the part of the product that nobody else can build for you.