Soft.xyz is an independent, data-driven platform that compares 232+ developer tools across 69 categories by real metrics — GitHub activity, npm downloads, actual pricing, DX scores, and community sentiment. Unlike pay-to-play review sites, every ranking on Soft.xyz is based on publicly verifiable data pulled from GitHub, npm, and official pricing pages.

How does Soft.xyz collect data?

Soft.xyz pulls data from public APIs including GitHub (stars, forks, commits, open issues, last commit date), npm (weekly download counts), and official pricing pages. Community sentiment data comes from Reddit and Hacker News mention tracking. All metrics are refreshed weekly and timestamped so you can see exactly when data was last updated.

Is Soft.xyz free to use?

Yes, Soft.xyz is completely free to use. All tool pages, comparisons, benchmarks, DX scores, pricing analysis, and category rankings are available at no cost. For teams that need a deeper analysis, we offer a paid Stack Audit report ($199) that evaluates your entire tech stack with personalized recommendations. An API is also available for programmatic access to our dataset.

How many tools does Soft.xyz track?

Soft.xyz tracks 232 developer tools across 69 categories including databases, hosting, authentication, payments, analytics, CI/CD, monitoring, search, CMS, and more. Each tool page includes real-time GitHub metrics, npm download counts, pricing breakdowns, and side-by-side comparisons with alternatives in the same category.

What to look for in SaaS contracts?

Check for automatic renewal clauses, price increase provisions, data ownership terms, termination penalties, and service level agreements. This page reviews contracts from major services and flags specific red, yellow, and green items so you know what to negotiate before signing.

What are common ToS red flags?

Common red flags include unilateral right to change pricing, automatic data deletion on downgrade, broad intellectual property claims on your content, and liability caps that leave you unprotected. Each service on this page shows its specific contract risks sorted by severity.

Can SaaS companies change prices anytime?

Many SaaS contracts include clauses allowing price changes with as little as 30 days notice. Some lock in pricing for annual contracts but can increase upon renewal. Check each service's contract review on this page to see their specific pricing change policies and what protections exist.

Contract Red Flags

We read the Terms of Service so you don't have to. Lock-in risks, pricing traps, and data portability.

Contracts reviewed

High risk

Red flags total

AWS

Cloud · Reviewed 2026-03

high risk

⚠

Egress fees create lock-in

Data transfer OUT is $0.09/GB. Moving 10TB of data out costs ~$900. Financial lock-in by design.

⚠

Terms allow unilateral changes

AWS can modify service terms at any time. Continued use = acceptance.

⚠

Complex billing — surprise costs common

Hundreds of billing dimensions. Easy to accidentally spend $10k on a misconfigured service.

✓

Data sovereignty options

Choose specific regions. GovCloud for compliance. Data stays where you put it.

Positives

Most comprehensive service catalogEnterprise agreements negotiableHIPAA, SOC 2, FedRAMP certified

MongoDB Atlas

Database · Reviewed 2026-03

high risk

⚠

SSPL license — not open source

MongoDB Server is SSPL since 2018. You cannot offer MongoDB as a service without open-sourcing your entire stack.

⚡

Atlas lock-in features

Atlas Search, Atlas App Services, Realm — all proprietary. Moving away means rewriting these features.

✓

Data export with mongodump

mongodump/mongorestore work fine. Data is portable at the database level.

⚡

Price increases happen

Dedicated cluster prices have increased ~15% over 2 years. No contractual price protection.

Positives

Data exportable via standard toolsMulti-cloud deployment availableStrong enterprise agreements

OpenAI

AI · Reviewed 2026-04

high risk

⚠

Rate limits change without notice

Rate limits and model availability can change. GPT models get deprecated with ~6 months notice.

⚠

Model deprecation risk

Older models (GPT-3.5, GPT-4-32k) sunset. Must migrate to newer models, which may behave differently.

⚡

Data usage for training

API data not used for training by default (since March 2023). But Terms allow OpenAI to use data for 'abuse monitoring'.

⚡

No SLA on free tier

Rate limits are lower. Paid plans get priority access and higher limits.

Positives

API data not used for training by defaultEnterprise plan with data processing agreementSOC 2 certified

Firebase

BaaS · Reviewed 2026-04

high risk

⚠

Deep Google lock-in

Firestore, Cloud Functions, Firebase Auth — all proprietary. Migration requires rewriting core app logic.

⚠

Unpredictable pricing at scale

Document reads, writes, and deletes all billed separately. Costs hard to predict with complex queries.

⚡

Data export possible but painful

Firestore export to BigQuery works. Auth users exportable. But no standard SQL dump format.

✓

Free tier is generous

Spark plan: 50k reads/day, 20k writes/day, 1GB Firestore. Good for MVPs.

Positives

Generous free tier for prototypingGoogle infrastructure reliabilityStrong mobile SDK support

Datadog

Monitoring · Reviewed 2026-04

high risk

⚠

Extremely expensive at scale

Per-host pricing starts at $15/mo but custom metrics, APM, logs add up fast. $100k+/year is common.

⚠

Auto-discovery creates cost surprises

Agent auto-discovers and monitors new services. Each new container = new host = more cost.

⚡

Data export limited

Can export dashboards as JSON. Raw metric/log data export is limited and expensive.

⚡

3-year contracts common

Sales pushes multi-year contracts for discounts. Early termination penalties exist.

Positives

Most comprehensive monitoring platformExcellent integrationsStrong enterprise support

Shopify

E-commerce · Reviewed 2026-04

high risk

⚠

Deep platform lock-in

Liquid templates, Shopify-specific APIs, proprietary checkout. Migration to WooCommerce or custom requires full rebuild.

⚠

Transaction fees on non-Shopify Payments

0.5–2% extra fee if you use a third-party payment processor instead of Shopify Payments.

⚡

Data export available but incomplete

CSV export for products, customers, orders. But theme customizations, metafields, and app data often lost.

⚡

App dependency creates hidden costs

Core features often require paid apps ($10-100/mo each). Subscription management, reviews, upsells — all paid extras.

Positives

Reliable infrastructure for e-commerceLarge app ecosystemPCI DSS Level 1 compliant

Convex

BaaS · Reviewed 2026-04

high risk

⚠

Proprietary query language and runtime

Convex uses its own query/mutation model. No standard SQL. Migration requires full rewrite of data access layer.

✓

Data export available

Snapshot export to JSON or streaming export to external systems. Data is recoverable.

⚡

No self-hosted option

Fully managed only. No open-source core. If Convex shuts down, your backend needs a complete rewrite.

⚡

VC-backed startup

Well-funded but pre-profitability. Acquisition or shutdown risk inherent in startup infrastructure.

Positives

Data export via snapshot and streamingGenerous free tierSOC 2 certified

Microsoft Azure

Cloud · Reviewed 2026-04

high risk

⚠

Egress fees like AWS

Data transfer out priced similarly to AWS (~$0.08/GB). Moving data to another cloud or on-premise is expensive.

⚡

Enterprise Agreement required for best pricing

Best discounts require multi-year Enterprise Agreements. Pay-as-you-go pricing can be 40-60% higher.

⚡

Active Directory lock-in

Deep Azure AD/Entra ID integration creates identity lock-in. Microsoft 365 + Azure AD combination is sticky.

✓

Compliance certifications comprehensive

FedRAMP High, DoD IL5, HIPAA, PCI DSS, GDPR, ISO 27001 all certified. Best enterprise compliance catalog.

Positives

Most comprehensive enterprise complianceM365 integrationHybrid cloud (Azure Arc) best-in-classFedRAMP High certified

HubSpot

CRM · Reviewed 2026-04

high risk

⚠

Pricing scales aggressively with contacts

Free CRM is genuinely useful. But Marketing Hub scales with contacts — 50k contacts can cost $800+/month. Price jumps are non-linear.

⚡

Data export available but limited

CSV export for contacts, deals, companies. But workflows, automation logic, and custom objects require manual documentation.

⚠

Ecosystem lock-in via integrations

HubSpot integrations and native syncs (Salesforce, Gmail, etc.) create stickiness. Each integration reimplemented when switching.

✓

Free tier is genuinely useful

Free CRM has real features: contact management, deals, forms. Not a crippled bait. Good entry point.

Positives

Free CRM with real featuresData exportable via CSV and APISOC 2, ISO 27001 certifiedGDPR data tools available

Sendbird

Communications · Reviewed 2026-04

high risk

⚠

Deep SDK coupling

Chat, video, and notifications require Sendbird SDKs (iOS, Android, Web). Switching means rewriting entire messaging layer.

⚠

Per-MAU pricing at scale

Free up to 30 MAU. After that: $99-399/month per tier. Large apps with 100k+ MAU can pay $5k+/month.

⚡

Data export available

Message history exportable via API. But message thread structure and SDKs are Sendbird-specific.

⚡

Proprietary — no self-host

No self-hosted option. If Sendbird shuts down or pricing becomes untenable, you rebuild from scratch.

Positives

Comprehensive in-app messaging SDKSOC 2, ISO 27001 certifiedHIPAA BAA available

Intercom

Customer Support · Reviewed 2026-04

high risk

⚠

Per-seat pricing is very expensive

Starter $74/seat/month. Most teams need multiple seats. $500-2000/month is typical for small teams. One of the priciest tools in the stack.

✓

Conversation data exportable

Full conversation export via API. Contacts exportable. Migration to Crisp, Chatwoot, or Help Scout documented.

⚡

AI features require higher tiers

Fin AI and resolution bot locked to Fin add-on (+$0.99/resolution). Costs multiply with AI usage.

⚡

Deep product integration creates coupling

Product tours, banners, news feeds, checklists — all Intercom widgets. Removing means rebuilding onboarding flows.

Positives

Conversation data fully exportableBest-in-class in-app messagingSOC 2, ISO 27001 certified

Snowflake

Data Warehouse · Reviewed 2026-04

high risk

⚠

Compute costs escalate unexpectedly

Credits billed per second of warehouse compute. Runaway queries or misconfigured auto-resume = surprise $1k-10k bills.

✓

Standard SQL — data portable

Snowflake SQL is mostly ANSI-compliant. Data stored as Parquet-compatible. Migrating to BigQuery or Redshift is painful but feasible.

⚡

Proprietary features create coupling

Snowpark, Streamlit native apps, Data Sharing, Marketplace — all Snowflake-specific. Heavy use creates lock-in.

✓

Multi-cloud — choose your cloud

Runs on AWS, GCP, Azure. Choose your preferred cloud and region. Cross-cloud data sharing is a key feature.

Positives

Standard SQL — data is portableMulti-cloud deploymentSOC 2, ISO 27001, HIPAA, PCI DSS certifiedStrong data sharing ecosystem

Airtable

Productivity · Reviewed 2026-04

high risk

⚠

Heavy automation creates deep coupling

Airtable automations, scripts, and views are all proprietary. Migrating a complex base requires rebuilding all business logic.

⚡

Data export via CSV only

CSV export per table. No bulk export of formulas, views, or automation logic. Meaningful data portability is limited.

⚠

Pricing jumped significantly in 2023

Team plan went from $10 to $20/seat/month. Business plan $45/seat/month. Existing users were migrated without grandfather pricing.

✓

API for programmatic access

REST API for all records. Can automate export and migration. API record limit 100k on paid plans.

Positives

REST API for full record accessSOC 2 certifiedGood template ecosystem

Jira (Atlassian)

DevTools · Reviewed 2026-04

high risk

⚠

Data export is painful

XML export of issues is available but complex to import elsewhere. Workflows, custom fields, and automation rules have no migration path.

⚠

Pricing model changed in 2024

Atlassian moved to per-user pricing tiers. Team features gated behind higher plans. Enterprise discounts require negotiation.

⚠

Plugin ecosystem creates coupling

Hundreds of paid Atlassian Marketplace plugins ($10-100/month each). Each plugin is a separate vendor and separate contract.

✓

Cloud and Data Center options

Jira Data Center: self-hosted on your servers. Full data control. Cloud: Atlassian managed. Enterprise choice.

Positives

Self-hosted Data Center optionStandard export formats (XML, CSV)SOC 2, ISO 27001, FedRAMP certified

Zendesk

Customer Support · Reviewed 2026-04

high risk

⚠

Annual contracts with limited cancellation

Zendesk sells annual contracts. Mid-term cancellation is not allowed. You pay for the full year even if you migrate off.

⚠

Significant price increases 2023-2025

Zendesk raised prices significantly after going private (Hellman & Friedman LBO, 2022). Suite Enterprise saw 30-40% increases. No price lock on annual contracts after renewal.

⚡

Data export available but complex

Tickets, users, organizations exportable via API/CSV. Knowledge base as HTML. Triggers, macros, and automation rules require JSON export and manual reimport to alternatives.

⚡

AI features (Fin-equivalent) bundled into higher tiers

Zendesk AI features require Suite Professional or higher. AI is not available on basic Support-only plans.

Positives

Comprehensive support platformEnterprise-grade compliance (SOC 2, HIPAA BAA)GDPR DPA availableLarge partner ecosystem

Vercel

Hosting · Reviewed 2026-03

medium risk

⚡

Price changes with 30 days notice

Vercel can change pricing with 30 days email notice. No price lock on annual plans.

⚡

Usage limits can change

Fair use policy limits (bandwidth, builds) are not contractually fixed and can be adjusted.

✓

Data export available

You can download your source code anytime. Deployments and analytics data exportable via API.

⚠

No SLA on Hobby plan

Free/Hobby tier has zero uptime guarantee. Pro has 99.99% SLA.

Positives

Source code always yoursStandard data processing agreement availableSOC 2 Type II certified

Stripe

Payments · Reviewed 2026-03

medium risk

⚠

Reserve rights on funds

Stripe can hold reserves (% of transactions) if they deem your business high-risk. Common for new accounts.

⚠

Account termination without cause

Stripe can terminate your account at any time with notice. Funds held for dispute period (120 days).

⚡

Data portability limited

Customer payment data exportable. But payment methods (cards on file) cannot be migrated to another processor.

✓

Transparent per-transaction pricing

2.9% + 30c clearly documented. Volume discounts negotiable.

Positives

Industry-standard processing ratesExcellent documentationPCI DSS Level 1 certified

Clerk

Auth · Reviewed 2026-03

medium risk

✓

User data export available

Full user data export via API. Passwords can be exported as hashes for migration.

⚡

MAU-based pricing can spike

If you go viral, costs jump immediately. No spending caps or alerts by default.

⚡

Proprietary — no self-host option

Unlike Auth0 or Keycloak, Clerk has no self-hosted version. You depend on their infrastructure.

Positives

User data fully exportablePassword hash migration supportedSOC 2 Type II certified

Anthropic

AI · Reviewed 2026-04

medium risk

⚡

Model deprecation with notice

Claude models get deprecated with ~6 months notice. Must migrate prompts to newer versions.

✓

Usage-based pricing only

Clear per-token pricing. No hidden fees. Batch API offers 50% discount.

⚡

Data retention policy

API inputs/outputs retained for 30 days for abuse monitoring. Enterprise plans can opt out.

Positives

Clear usage-based pricingAPI data not used for trainingSOC 2 Type II certifiedEnterprise agreements available

Netlify

Hosting · Reviewed 2026-04

medium risk

⚠

Bandwidth overages bill immediately

100GB/month on free tier. Overages billed at $55/100GB. A viral moment can cost hundreds.

⚡

Build minutes limited

Free: 300 min/month. Pro: 25k min/month. Complex builds can eat through this fast.

✓

Good data portability

Static sites deploy anywhere. Netlify Functions are standard AWS Lambda format.

Positives

Standard deployment formatFunctions portable to AWS LambdaSOC 2 certified

Lemon Squeezy

Payments · Reviewed 2026-04

medium risk

⚡

Higher fees than Stripe

5% + 50c per transaction (vs Stripe's 2.9% + 30c). But handles sales tax, VAT, and MoR.

⚡

Merchant of Record = less control

They are the legal seller. Good for tax compliance but limits payment customization.

⚡

Customer data partially portable

Can export customer list. But payment methods and subscriptions are not transferable.

Positives

Handles global sales tax/VAT automaticallyNo Stripe Atlas needed for international salesSimple integration for digital products

Pinecone

Vector DB · Reviewed 2026-04

medium risk

⚡

Proprietary — no self-host

Fully managed only. No open-source version. If they shut down, you need to migrate vectors.

✓

Data export available

Vectors can be fetched via API and migrated to another vector DB. Not a one-click export though.

⚡

Pricing by pod/serverless

Serverless: $0.04/1k queries. Pod-based: $70+/mo. Costs escalate with high-dimensional vectors.

Positives

Industry-standard vector DBGood documentationSOC 2 certifiedServerless option available

GitHub

DevTools · Reviewed 2026-04

medium risk

✓

Git-based — inherently portable

All code is standard Git. Clone and push to GitLab, Bitbucket, or self-hosted Gitea in minutes.

⚡

Actions lock-in

GitHub Actions workflows are GitHub-specific YAML. Migrating CI/CD to GitLab CI or CircleCI requires rewriting.

⚡

Copilot data concerns

Individual plan code snippets may feed into model training. Business tier explicitly excludes training.

✓

Microsoft ownership

Backed by Microsoft. No startup risk. But strategic priorities may shift (Copilot monetization push).

Positives

Standard Git — code always portableLargest developer ecosystemSOC 2, ISO 27001, FedRAMP certified

Auth0

Auth · Reviewed 2026-04

medium risk

⚠

MAU pricing escalates fast

Free up to 7,500 MAU. After that, pricing jumps significantly. Enterprise plans start at $23k/year.

⚡

Okta acquisition changed direction

Acquired by Okta in 2021. Product strategy shifted. Some features deprecated in favor of Okta equivalents.

✓

User data exportable

Management API allows full user export including password hashes. Migration to self-hosted Keycloak feasible.

⚡

Rules/Actions create coupling

Auth0 Rules and Actions are proprietary serverless functions. Heavy customization makes migration harder.

Positives

User data fully exportable with password hashesSelf-hosted alternative (Keycloak) existsSOC 2, ISO 27001, HIPAA certified

Render

Hosting · Reviewed 2026-04

medium risk

⚠

Free PostgreSQL expires in 90 days

Free-tier PostgreSQL databases auto-delete after 90 days. Data is lost if not backed up or upgraded.

⚡

Free web services sleep after 15 min

Free tier web services spin down after 15 minutes of inactivity. Cold starts take 30-60 seconds.

✓

Docker-based — portable

Standard Docker deployments. Move to any container platform with minimal changes.

Positives

Standard Docker containersClear pricing tiersSOC 2 certifiedManaged PostgreSQL available

Deno Deploy

Edge Hosting · Reviewed 2026-04

medium risk

⚡

Deno runtime lock-in

Code must run on Deno runtime. Node.js compatibility improving but not 100%. npm packages mostly work via npm: specifiers.

⚡

KV store is proprietary

Deno KV is Deno Deploy-specific. No standard export. Data migration requires manual rewrite.

✓

Code is portable JavaScript/TypeScript

Your actual code is standard JS/TS. Moving to Node.js or Bun requires minor adjustments.

Positives

Edge deployment globallyStandard JavaScript/TypeScriptFree tier generous (100k requests/day)Built-in KV database

Sanity

CMS · Reviewed 2026-04

medium risk

⚡

GROQ query language is proprietary

Sanity uses GROQ, a proprietary query language. Content exportable as JSON, but queries need rewriting on migration.

⚡

Content Lake is managed-only

Content Lake (hosted datastore) has no self-hosted option. Content exportable via CLI but storage is Sanity-dependent.

✓

Generous free tier

Free plan: 100k API requests/day, 500k assets, 3 users. Reasonable for small projects.

⚡

Overage pricing can spike

API CDN requests beyond plan billed at $1/10k. A traffic surge can create unexpected costs.

Positives

Full content export via CLI (ndjson)Real-time collaboration built-inCustom Studio is open source React app

Contentful

CMS · Reviewed 2026-04

medium risk

⚠

Expensive at scale

Free: 5 users, 25k records. Team starts at $300/mo. Enterprise pricing is opaque and often $2k+/mo.

✓

Content export available

Full content export via CLI and API. Migrations to Strapi or Sanity are well-documented community paths.

⚡

Rate limits on free tier

Free tier: 55 requests/second. Can throttle during build if many pages fetch content.

Positives

Content fully exportableWell-documented APISOC 2 certifiedStrong enterprise compliance

Hasura

API Gateway · Reviewed 2026-04

medium risk

✓

Open source core available

Hasura CE is open source (Apache 2.0). Self-host with Docker. GraphQL layer over your Postgres.

⚡

Cloud-only features in Enterprise

Caching, observability, SSO are Cloud/Enterprise only. CE lacks features you might grow to need.

⚡

Schema coupling

Hasura metadata (permissions, relationships, actions) is Hasura-specific. Migration means rewriting authorization layer.

✓

Data stays in your database

Hasura is a layer over YOUR Postgres. Remove Hasura and your data is untouched.

Positives

Open source core (Apache 2.0)Data stays in your PostgresSelf-hostableNo data lock-in whatsoever

Twilio SendGrid

Email · Reviewed 2026-04

medium risk

✓

Generous free tier

100 emails/day forever on free tier. Good for development and small apps.

⚡

Twilio acquisition added complexity

Billing merged with Twilio. Account management more complex. Support quality reportedly declined.

✓

Standard SMTP/API — portable

Standard SMTP and REST API. Switching to Resend, Postmark, or Mailgun takes hours.

⚠

Account suspension risk

Aggressive automated fraud detection. Accounts sometimes suspended without warning. Recovery can take days.

Positives

Standard SMTP — zero lock-in100 emails/day free foreverStrong deliverability reputation

CircleCI

CI/CD · Reviewed 2026-04

medium risk

⚡

Proprietary CI config format

.circleci/config.yml is CircleCI-specific. Orbs are CircleCI's reusable config — not portable.

⚠

2023 security breach

January 2023 security incident exposed customer secrets. All secrets had to be rotated. Trust concern.

✓

Docker-based builds — partially portable

Build steps run in Docker. Individual build steps are standard shell commands — portable.

⚡

Credits-based pricing can spike

Credit consumption varies by resource class. Large parallel builds can burn credits faster than expected.

Positives

Docker-based executionGood parallelism supportSOC 2 certified

HashiCorp Vault

Security · Reviewed 2026-04

medium risk

⚠

BSL license since 2023

Changed from MPL 2.0 to BSL 1.1 in August 2023. Competing products cannot use it. Community fork: OpenBao.

✓

Self-hosted option available

Can self-host Vault. Full control over secrets. HCP Vault adds managed convenience.

⚡

Complex operations

Unsealing, replication, audit logging — Vault ops are complex. Requires dedicated expertise.

✓

Secrets export available

All secrets accessible via API. Migration to Doppler, Infisical, or AWS Secrets Manager is feasible.

Positives

Self-hostableIndustry-standard secrets managementRich audit loggingMany auth backends

New Relic

Monitoring · Reviewed 2026-04

medium risk

✓

Generous free tier — 100GB/month

100GB free ingest per month. One full-platform user free. Actually usable for small teams.

⚠

Data ingest pricing can spike

Beyond 100GB free: $0.35/GB ingest. APM agents can generate 50+ GB/month per service easily.

⚡

NRQL is proprietary

New Relic Query Language is proprietary. Dashboards and alerts not portable to Grafana or Datadog.

⚡

Data export via NRQL API

Raw data queryable and exportable via API. But formats are New Relic-specific.

Positives

100GB/month free ingestAll-in-one observability platformSOC 2, FedRAMP certified

Twilio

Communications · Reviewed 2026-04

medium risk

⚠

Phone number ownership ambiguity

You rent phone numbers from Twilio. Porting numbers out requires carrier support and can take weeks. Phone number portability is not guaranteed in all countries.

⚠

Account suspension without warning

Twilio aggressively monitors for spam/abuse. Accounts suspended if abuse detected — even false positives. Reinstatement can take days.

✓

Usage-based pricing — clear

Per-message, per-minute pricing. Transparent rate cards. No hidden fees. Volume discounts available.

⚡

Standard APIs — partially portable

TwiML and Twilio API are Twilio-specific but widely understood. Switching to Vonage/Plivo requires rewriting API calls but not core logic.

Positives

Industry-standard SMS/voice APIsTransparent per-unit pricingSOC 2, ISO 27001 certifiedHIPAA BAA available

Okta

Auth · Reviewed 2026-04

medium risk

⚠

Expensive — enterprise pricing only

No meaningful free tier. Starter ~$2/MAU. Workforce Identity separate product. Total cost can hit $100k+/year for large orgs.

⚠

2022 breach — Lapsus$ group

January 2022: Lapsus$ group accessed support system, potentially viewing ~2.5% of customer tenants. Trust significantly impacted.

✓

User data exportable

Full user export via API. Password hash migration possible. SCIM support for standard provisioning.

✓

Deep enterprise integrations

HR system sync (Workday, BambooHR), 7000+ app integrations, adaptive MFA. Switching loses all these integrations.

Positives

User data fully exportableSCIM provisioning standardSOC 2, ISO 27001, HIPAA, FedRAMP certified

PlanetScale

Database · Reviewed 2026-04

medium risk

✓

MySQL-compatible — portable

Standard MySQL wire protocol. Migrate with mysqldump. No proprietary query language.

⚡

Branching requires schema workflow

Schema changes require deploy requests (no DDL in production). Powerful but forced workflow that differs from standard MySQL ops.

⚠

Removed free tier in 2024

PlanetScale eliminated the free tier in April 2024. Minimum spend now $39/month. Projects relying on free tier had to migrate.

⚡

Vitess under the hood

Powered by Vitess (YouTube's MySQL sharding layer). Some MySQL features unavailable: no foreign keys enforced, no full-text search in some configs.

Positives

Standard MySQL — fully portable with mysqldumpHorizontal sharding via VitessSOC 2, HIPAA certified

LogRocket

Monitoring · Reviewed 2026-04

medium risk

⚠

Session replay creates PII risk

Records user sessions including keystrokes. Requires careful PII scrubbing configuration to avoid GDPR violations. Default settings may capture sensitive fields.

⚡

Proprietary — no self-host

Cloud-only SaaS. No self-hosted option. Raw session data not easily exportable.

⚡

Per-session pricing

Priced by monthly active sessions. High-traffic products can see significant costs. 1000 sessions/month free.

⚡

SDK required in frontend

JavaScript SDK must be bundled. Adds ~60-70KB gzipped. Cannot be used without SDK instrumentation.

Positives

Best session replay in classIntegrates with Sentry, Datadog, IntercomSOC 2 certified

Segment (Twilio)

Analytics · Reviewed 2026-04

medium risk

✓

Customer data portable via API

Segment stores events 30-180 days. Full replay and export via API. Moving to RudderStack (open source) is documented.

⚠

Expensive at scale

Free up to 1000 MTU/month. Team plan $120/month. Business plan pricing opaque — enterprise deals often $50k+/year.

⚡

Twilio acquisition quality concerns

Acquired by Twilio in 2020. Product investment reportedly declined. Some customers migrating to RudderStack or PostHog.

⚡

Destination connections are proprietary wiring

Segment's 450+ destination connections are a key differentiator but also coupling. Each must be reconfigured on migration.

Positives

Industry standard CDPData fully portable via API and replaySOC 2, ISO 27001 certified

Algolia

Search · Reviewed 2026-04

medium risk

✓

Index data fully exportable

Browse API returns all indexed records. Exporting to Typesense or MeiliSearch (both open source) is well-documented.

⚡

Search-record pricing model opaque

Pricing by search operations + records. Overly complex. Easy to underestimate costs when indexing deeply nested objects.

⚡

Proprietary ranking and relevance config

Algolia ranking, facets, and synonyms config is Algolia-specific. Recreating relevance tuning on another engine requires significant effort.

✓

Generous free tier

Free: 10k search requests/month, 1M records. Enough for small to medium projects.

Positives

Data fully exportable via Browse APIIndustry-leading search relevanceSOC 2, ISO 27001 certified

Mixpanel

Analytics · Reviewed 2026-04

medium risk

✓

Event data exportable

Raw event export via Data Export API. Events stored as JSON. Migration to Amplitude or PostHog feasible.

✓

Retroactive data processing

Lexicon and schema changes apply retroactively. Fixes bad tracking without reingesting. Competitor differentiator.

⚡

Free tier reduced

Free plan: 20M events/month as of 2023 (previously unlimited). Sufficient for most startups but a precedent for reduction.

⚡

EU data residency limited

EU data residency available on Enterprise plan only. GDPR compliance requires Enterprise for EU-hosted data.

Positives

Raw event data exportableGenerous free tierSOC 2 certifiedGDPR compliant

PagerDuty

Monitoring · Reviewed 2026-04

medium risk

✓

Per-user pricing — predictable

Fixed per-user pricing. No usage-based surprises. Free for up to 5 users with basic features.

✓

Incident and alert data exportable

Full API access to incidents, alerts, schedules. Migration to OpsGenie or incident.io is well-documented.

⚡

On-call schedule migration is manual

Complex on-call schedules, escalation policies, and team structures require manual recreation when switching vendors.

⚡

Proprietary routing and escalation logic

Event routing rules and ML-based noise reduction are PagerDuty-specific. Recreating these on another platform takes weeks.

Positives

Transparent per-user pricingFull API — data portableSOC 2, ISO 27001 certified

Elastic Cloud

Search/Logs · Reviewed 2026-04

medium risk

⚡

License changed twice (2021, 2024)

Apache 2.0 → SSPL+Elastic v2 (2021), then added AGPL-3.0 option (2024). Resulted in OpenSearch fork. Choose your license carefully.

✓

Snapshot/restore is portable

Snapshots write to S3-compatible storage. Restore to any Elasticsearch or OpenSearch cluster. Standard data portability.

⚡

Pricing per resource

Billed per RAM/storage allocated. Easy to over-provision. ML features (Platinum) and SIEM (Enterprise) gated behind higher tiers.

Positives

AGPL-3.0 option restoredSnapshot/restore for full data portabilitySOC 2, ISO 27001, HIPAA certified

ElevenLabs

AI · Reviewed 2026-04

medium risk

⚠

Voice cloning ToS restrictions

ToS prohibits cloning voices without explicit consent. Account termination for misuse. Generated audio may be watermarked for traceability.

⚡

Per-character pricing scales fast

Free 10k characters/month. Creator $22/mo for 100k. Pro $99/mo for 500k. Audiobook-scale usage hits enterprise pricing fast.

✓

Standard API — easy to switch

REST API for TTS. Migration to OpenAI TTS, PlayHT, or Cartesia is straightforward — voice IDs change but integration is simple.

⚡

Custom voices stay on platform

Cloned voices are not exportable. Switching providers means re-cloning voices on the new platform.

Positives

Best-in-class voice qualityStandard REST APISOC 2 Type II certified

Perplexity API

AI · Reviewed 2026-04

medium risk

✓

OpenAI-compatible API

API mirrors OpenAI's chat completions format. Switching to/from OpenAI requires only base URL change. Excellent portability.

⚡

Sonar model proprietary

Sonar online models (search-grounded) are Perplexity-specific. No equivalent at OpenAI/Anthropic — switching loses live web search capability.

⚡

Citation format is custom

Citations returned in Perplexity-specific format. Apps relying on citation rendering need adapter when switching.

Positives

OpenAI-compatible chat APITransparent per-token pricingStandard REST integration

Groq

AI API · Reviewed 2026-04

medium risk

✓

No data retention on paid API by default

API requests and responses are not retained for training on paid plans. Clear zero-retention policy documented.

⚡

LPU hardware — vendor-specific hardware risk

Groq runs on proprietary LPU (Language Processing Unit) chips. If Groq closes or pivots, the specific hardware performance characteristics cannot be replicated elsewhere.

✓

API compatible with OpenAI SDK

Groq API is OpenAI-compatible. Switching to OpenAI, Together AI, or Fireworks requires changing only the base URL and API key.

⚡

Rate limits change frequently

Rate limits on free tier change often as Groq manages capacity. Production apps should not rely on free-tier limits staying constant.

Positives

OpenAI-compatible API — easy to switchNo training on paid API dataSOC 2 Type II certifiedTransparent pricing per 1M tokens

Temporal Cloud

Workflow Engine · Reviewed 2026-04

medium risk

⚠

SDK lock-in — deep integration

Temporal SDK penetrates every layer of your application code. Migrating away requires rewriting all workflow and activity code — not just config changes.

⚡

Workflow history is non-portable

Running workflow instances cannot be migrated live to another system. You must drain all workflows before switching. Can take days/weeks for long-running workflows.

✓

mTLS for all traffic

All worker-to-Temporal communication uses mutual TLS. No plaintext options on Cloud. Certificate rotation handled automatically.

⚡

Action-based pricing can spike

Pricing based on Workflow Actions (state transitions). Loops, retries, and signals all count. Buggy workflows can generate unexpected Action counts and bills.

✓

Open source self-host option

Temporal Server is Apache 2.0 licensed. Self-host on your own Kubernetes cluster as escape hatch. Temporal Cloud is convenience, not a requirement.

Positives

Apache 2.0 open-source serverSelf-host as exit strategyStrong mTLS security postureSOC 2 Type II certified

Segment (Twilio)

Analytics/CDP · Reviewed 2026-04

medium risk

⚡

Data forwarding to 400+ destinations

Segment forwards your customer data to every destination you enable. Each destination is an additional data processor — review all sub-processors in your DPA.

✓

Workspace data exportable

Full event replay to any destination. Historical data exportable via AWS S3 destination or direct API. Profiles API exports user trait data.

⚠

Price increases post-Twilio acquisition

Segment pricing increased significantly after Twilio acquisition (2020). Growth plan costs scaled with MTU count in ways that surprised many startups post-viral-growth.

⚡

GDPR deletion propagation delay

Deleting a user in Segment can take up to 30 days to propagate to all connected destinations. Ensure downstream destinations also implement deletion for GDPR compliance.

Positives

Comprehensive DPA with sub-processor listHIPAA BAA available on Business planSOC 2 Type II certified

Mistral AI

AI API · Reviewed 2026-04

medium risk

✓

EU-hosted — strong data residency story

Mistral's La Plateforme is hosted in EU (OVH/Azure Europe). Data stays in EU by default. Good for GDPR-sensitive applications.

⚠

Free tier data used for training

Free API tier inputs/outputs may be used to improve Mistral models. Paid tier excludes training. Always use paid tier for production and sensitive use cases.

⚡

Le Chat consumer product has separate terms

Le Chat (consumer app) has different data terms than La Plateforme (API). Ensure your integration uses the API terms, not Le Chat terms.

✓

Open weights models — ultimate escape hatch

Mistral releases open-weights versions of their models (Mistral 7B, Mixtral 8x7B, etc.). Run locally via Ollama or LM Studio without any API dependency.

Positives

EU-hosted infrastructureOpen weights models available for self-hostingOpenAI-compatible APITransparent pricing

Cloudflare Workers

Edge Hosting · Reviewed 2026-04

medium risk

⚡

Non-standard runtime — V8 isolates not Node.js

Cloudflare Workers runs V8 isolates, not Node.js. Many Node.js APIs are unavailable. Code written for Workers often needs polyfills or rewrites for other runtimes.

✓

Free tier is genuinely free with 100K req/day

Workers free tier: 100,000 requests/day, 10ms CPU time per invocation. No credit card required. Higher limits on $5/month Workers Paid.

⚡

KV, R2, D1 vendor lock-in

Workers KV, R2, and D1 are proprietary to Cloudflare. Code using these services needs significant rework to run on AWS Lambda, Deno Deploy, or Vercel Edge.

⚠

Durable Objects — strong lock-in

Durable Objects provide stateful coordination uniquely on Cloudflare's network. No equivalent exists elsewhere. Code using Durable Objects cannot be migrated without a full rewrite.

✓

No bill spikes — CPU-time billing

Billed on CPU time (ms), not wall-clock time. Idle time during I/O is free. This prevents the surprise bills common with Lambda or Cloud Functions.

Positives

CPU-time billing avoids I/O cost surprisesGlobal edge network includedR2 has zero egress feesWrangler CLI for local dev

Convex

BaaS · Reviewed 2026-04

medium risk

⚠

Proprietary runtime — high lock-in

Convex functions run in a proprietary runtime. No self-hosting. Migrating away requires rewriting entire backend.

✓

Data export available

Snapshot export to JSON. Streaming export for ongoing sync. Data is recoverable but format is Convex-specific.

⚡

Pricing tied to function calls + storage

Pay per function call, database storage, bandwidth. Costs can spike with traffic. No spend caps by default.

Database · Reviewed 2026-04

low risk

✓

Open source — Postgres compatible

Neon is open source (Apache 2.0). Uses standard Postgres — pg_dump works. Zero proprietary query language.

⚡

Branching creates storage costs

Database branching is a killer feature but each branch consumes storage. Heavy branching workflows can spike bills.

⚡

Autoscaling can surprise

Compute scales to zero on free tier (cold starts ~500ms). Pro plan autoscaling can overshoot if not capped.

⚡

Startup risk

VC-backed startup. If acquired or shut down, data is standard Postgres — migrate with pg_dump anywhere.

Positives

Fully open source core (Apache 2.0)Standard Postgres — zero lock-inGenerous free tier with 0.5GB storage

Turso

Database · Reviewed 2026-04

low risk

✓

Open source — libSQL fork of SQLite

Based on libSQL, an open fork of SQLite. Data is portable — export as standard SQLite database file.

⚡

Edge replication adds complexity

Multi-region replication is automatic but adds latency for writes. Consistency model requires understanding.

⚡

Embedded replicas lock to SDK

Embedded replicas feature requires Turso's SDK. Moving away means rewriting the local sync layer.

Positives

Open source libSQL coreSQLite-compatible — data fully portableGenerous free tier (9GB storage, 500 databases)

Resend

Email · Reviewed 2026-04

low risk

✓

Simple API — easy to switch

REST API for sending email. Standard SMTP also supported. Switching to SendGrid/Postmark takes hours.

⚡

No email receiving

Send-only service. If you need inbound email processing, you'll need a second provider.

⚡

Young product — limited features

No built-in email templates editor, limited analytics compared to Mailgun or SendGrid.

✓

React Email integration

First-class React Email support. Templates as React components — fully portable.

Positives

Standard REST + SMTP — zero lock-inReact Email integrationTransparent pricing with generous free tier

PostHog

Analytics · Reviewed 2026-04

low risk

✓

Open source — self-host available

MIT licensed. Full self-hosted version available. No feature gating between cloud and self-hosted.

⚡

Event-based pricing can spike

Free up to 1M events/month. After that, per-event pricing. High-traffic sites can see unexpected bills.

✓

Data warehouse export

Export raw event data to S3, BigQuery, or Snowflake. ClickHouse-based — data is queryable.

Positives

Fully open source (MIT)Self-hostable — complete data controlAll-in-one: analytics, feature flags, session replay

Linear

DevTools · Reviewed 2026-04

low risk

⚡

Proprietary — no self-host

Closed source, cloud-only. No self-hosted option. If Linear shuts down, you lose your project management tool.

✓

Good data export

CSV export for issues. Full API access. Bulk export available. Migration to Jira or GitHub Issues feasible.

✓

Per-seat pricing — predictable

$8/user/month (Standard). No usage-based surprises. Free tier for small teams.

⚡

Limited customization

Opinionated workflow. If you need heavy customization, Jira is more flexible (but more complex).

Positives

Transparent per-seat pricingFull API and CSV exportSOC 2 certified

Inngest

Background Jobs · Reviewed 2026-04

low risk

✓

Open source — self-host available

Inngest server is open source (Apache 2.0). Self-host as a fallback. Functions are just your code.

⚡

SDK coupling

Inngest SDK wraps your functions. Removing it means refactoring to a standard queue system (BullMQ, SQS).

⚡

Startup risk

VC-backed startup. Open-source core mitigates shutdown risk — you can self-host.

Positives

Open source server (Apache 2.0)Functions are your own codeSelf-host fallback available

Trigger.dev

Background Jobs · Reviewed 2026-04

low risk

✓

Open source — self-host available

Fully open source (Apache 2.0). Self-hosted version available with Docker Compose.

⚡

v3 breaking changes

v3 was a major rewrite from v2. SDK and task definitions changed significantly. Expect continued evolution.

⚡

Young ecosystem

Smaller community than established job queues. Fewer integrations and examples available.

Positives

Fully open source (Apache 2.0)Self-hostableTypeScript-nativeGenerous free tier

Appwrite

BaaS · Reviewed 2026-04

low risk

✓

Open source — self-host available

Fully open source (BSD 3-Clause). Docker-based self-hosting. No proprietary cloud-only features.

⚡

Smaller ecosystem than Firebase

Fewer SDKs, integrations, and community resources compared to Firebase or Supabase.

✓

Data export via REST API

Full data export via API. Databases backed by MariaDB — standard SQL dump works on self-hosted.

Positives

Fully open source (BSD 3-Clause)Self-hostable with DockerNo vendor lock-inData fully portable

Strapi

CMS · Reviewed 2026-04

low risk

✓

Open source — self-host anywhere

MIT licensed. Self-host on any Node.js server. Uses standard databases (PostgreSQL, MySQL, SQLite).

⚡

Strapi Cloud adds managed features

Strapi Cloud has features not in self-hosted (analytics, team management). But core CMS is identical.

⚡

Plugin ecosystem fragmented

v4→v5 broke many community plugins. Plugin quality varies. May need to maintain custom plugins.

Positives

Fully open source (MIT)Standard database — pg_dump worksSelf-hostable anywhereNo content lock-in

DigitalOcean

Cloud · Reviewed 2026-04

low risk

✓

Predictable pricing

Fixed monthly pricing for Droplets. $4/mo for smallest VM. No surprise bills from hidden dimensions.

⚡

Smaller service catalog than AWS

Limited managed services compared to AWS/GCP. May outgrow DO and need multi-cloud or migration.

✓

Reasonable egress fees

1TB free outbound transfer per Droplet. Overages at $0.01/GB — 9x cheaper than AWS.

Positives

Predictable flat pricingLow egress feesSimple billingSOC 2, ISO 27001 certified

Mailgun

Email · Reviewed 2026-04

low risk

✓

Standard SMTP and API

Standard SMTP relay and REST API. Migration to any other email provider is straightforward.

⚡

Free tier reduced

Was 10k/month free. Now just a trial period. Flex plan starts at $0.80/1k emails after trial.

✓

Inbound email processing

Supports inbound email routing and parsing. Not all providers offer this — adds migration friction if used.

Positives

Standard SMTP — fully portableInbound email processingGood deliverabilityTransparent per-email pricing

GitLab

DevTools · Reviewed 2026-04

low risk

✓

Git-based — inherently portable

Standard Git. Clone and push to GitHub, Bitbucket, or self-hosted Gitea. Code never locked in.

✓

Self-hosted option available

GitLab CE is open source (MIT). Full self-hosted deployment. Complete data sovereignty.

⚡

CI/CD is GitLab-specific YAML

.gitlab-ci.yml format is GitLab-specific. Migrating CI pipelines to GitHub Actions or CircleCI requires rewriting.

⚡

Free tier reduced over time

Free tier reduced from unlimited to 5GB storage, 400 CI minutes/month. May reduce further.

Positives

Open source CE edition (MIT)Self-hostable — full data controlStandard Git — code always portableAll-in-one DevOps platform

Doppler

Security · Reviewed 2026-04

low risk

✓

Secrets fully exportable

Export all secrets as .env, JSON, YAML. No proprietary format. Migration to Vault or Infisical straightforward.

⚡

Proprietary — no self-host

Cloud-only SaaS. No self-hosted option. But secrets format is standard — switching is easy.

✓

Per-seat pricing — predictable

Free for 5 users. $4/user/month for Team. No usage-based surprises.

Positives

Standard secret formats — zero lock-inSimple per-seat pricingSOC 2 Type II certifiedGood CLI and integrations

Infisical

Security · Reviewed 2026-04

low risk

✓

Open source — self-host available

MIT licensed. Full self-hosted version with Docker. No feature gating between cloud and self-hosted.

⚡

Young product — evolving rapidly

API and SDK breaking changes between versions. Fast iteration means migration guides sometimes lag.

✓

Standard secret formats

Export as .env, JSON. Standard formats. Migration to Vault or Doppler straightforward.

Positives

Fully open source (MIT)Self-hostable with DockerStandard export formatsE2E encryption

BetterStack

Monitoring · Reviewed 2026-04

low risk

✓

Uptime monitoring is straightforward

HTTP checks, heartbeats, status pages. Standard monitoring — switching to Checkly or UptimeRobot is easy.

✓

Log management uses ClickHouse

Logs searchable via SQL-like queries. Data exportable. Not deeply proprietary.

⚡

Pricing per-seat + per-data

Logs pricing based on retention and volume. Can escalate with high-volume services.

Positives

Simple uptime monitoring — easy to switchTransparent pricingGood status page featureSOC 2 certified

Sentry

Monitoring · Reviewed 2026-04

low risk

✓

Open source — self-host available

Sentry is open source (FSL-1.1 for new code, Apache 2.0 for older). Full self-hosted Docker Compose setup. Feature-parity with cloud.

⚡

Event-volume pricing can spike

Priced per error event. A new bug hitting production can send 100k events in minutes, burning through monthly quota.

⚡

FSL license for newer features

New Sentry features ship under Functional Source License (non-compete for 2 years, then Apache 2.0). Competitors cannot use newer code immediately.

⚡

Data residency limited

Cloud hosted in US by default. EU data residency available on Business+ plans. Self-host for full control.

Positives

Self-hostable with full feature parityStrong data portability via APISOC 2, ISO 27001 certified

Upstash

Database · Reviewed 2026-04

low risk

✓

Redis-compatible — highly portable

Standard Redis protocol. Switch to self-hosted Redis or other Redis-compatible services with zero code changes.

⚡

Per-request pricing at small scale

Free tier: 10k commands/day. Pay-per-request after that. High-traffic apps should calculate carefully vs fixed-price Redis.

⚡

Startup risk

VC-backed startup. But Redis compatibility means migration risk is very low — standard Redis client code runs anywhere.

✓

Global replication option

Global database replicates to multiple regions. Reads served from nearest region. No other managed Redis offers this at startup-friendly pricing.

Positives

Standard Redis protocol — zero lock-inTransparent per-request pricingSOC 2 certifiedGlobal replication available

Coolify

Hosting · Reviewed 2026-04

low risk

✓

Open source — self-host on your VPS

Fully open source (Apache 2.0). Deploy on any VPS. You own the infrastructure — no vendor can shut you down.

✓

Cloud option available

Coolify Cloud (managed) available for those who don't want to manage the control plane. But self-host is always an option.

⚡

Smaller ecosystem

Fewer integrations and marketplace templates than Railway or Render. May need more manual configuration.

⚡

No built-in SLA

Self-hosted means your own uptime responsibility. Coolify Cloud offers basic SLA. Not suitable for enterprises needing 99.99%.

Positives

Fully open source (Apache 2.0)Run on your own VPS — complete controlDocker and Docker Compose nativeNo vendor lock-in by design

1Password Teams

Security · Reviewed 2026-04

low risk

✓

Data export in standard formats

Export vault as 1PIF or CSV. Items migratable to Bitwarden or KeePass. No meaningful lock-in for credential data.

✓

Secret Key architecture

Two-secret model (master password + Secret Key) means even 1Password cannot decrypt your vault. Zero-knowledge design.

✓

Per-seat pricing — predictable

$7.99/user/month (Teams). $19.95/user/month (Business). No usage-based surprises.

⚡

Proprietary — no self-host

Cloud-only. No self-hosted option. But export is straightforward, and credential formats are standard.

Positives

Standard export formats — easy to switchZero-knowledge encryptionSOC 2, ISO 27001 certifiedGDPR compliant

Cloudflare R2

Object Storage · Reviewed 2026-04

low risk

✓

Zero egress fees

No data transfer out fees, ever. AWS S3 charges $0.09/GB egress — R2 charges $0. Massive cost difference for read-heavy workloads.

✓

S3-compatible API

Standard S3 API. aws-cli, boto3, rclone all work. Migration to or from S3 is straightforward.

⚡

Class A operations cost more

Writes (Class A) at $4.50/M, reads (Class B) at $0.36/M. Heavy write workloads can be more expensive than S3.

⚡

Newer service — fewer regions

Launched 2022. Fewer geographic regions than S3. Object Lifecycle and replication features still maturing.

Positives

Zero egress fees by designS3-compatible — no lock-inSOC 2, ISO 27001, PCI DSS certified

Supabase (Enterprise)

BaaS · Reviewed 2026-04

low risk

⚡

Read replicas Pro+

Read replicas, point-in-time recovery, and HIPAA BAA require Team or higher tiers ($599+/mo).

⚡

Edge Functions Deno-based

Edge Functions run on Deno, not Node.js. Some npm packages don't work. Migration to Vercel Functions or Cloudflare Workers requires rewrites.

✓

Standard Postgres data

Fully open Postgres. pg_dump/pg_restore work. RLS policies are standard SQL — portable to any Postgres host.

Positives

Open source core (Apache 2.0/MIT)Standard Postgres — no lock-inEU data residency availableSOC 2, HIPAA available

Wasabi Hot Cloud Storage

Object Storage · Reviewed 2026-04

low risk

✓

No egress or API fees

Flat $6.99/TB/month. No egress charges, no API request fees. 80% cheaper than AWS S3 for typical workloads.

⚡

90-day minimum storage duration

Objects deleted before 90 days still billed for the full 90 days. Discourages frequent delete/replace cycles.

✓

S3-compatible API

Standard S3 API works with all S3 tools and SDKs. Migration via rclone or aws-cli is trivial.

⚡

Acceptable use policy on egress

Free egress is capped at 100% of stored data per month. Above that, Wasabi may throttle or require an enterprise contract.

Positives

Flat predictable pricingS3-compatible — fully portableSOC 2, HIPAA, GDPR compliant

Backblaze B2

Object Storage · Reviewed 2026-04

low risk

✓

Cheap storage, free Cloudflare egress

$6/TB/month storage. Free egress to Cloudflare via Bandwidth Alliance. ~5x cheaper than S3 for static asset workloads.

✓

S3-compatible since 2020

Standard S3 API. Native B2 API also available. rclone, aws-cli, terraform all work out-of-box.

⚡

Some enterprise features missing

No native AWS-style IAM. Application Keys are simpler but less granular. No KMS, no event notifications.

Positives

S3-compatible — no lock-inFree Cloudflare egress (Bandwidth Alliance)SOC 2, ISO 27001 certifiedGDPR compliant

Tigris Data

Object Storage · Reviewed 2026-04

low risk

✓

Globally distributed S3-compatible

Single bucket, multi-region with strong consistency. S3-compatible API. Fly.io's recommended object storage.

✓

Zero egress fees

No egress charges. Pricing by storage and operations. Cost-effective vs AWS for read-heavy workloads.

⚡

Smaller company — startup risk

Smaller team than AWS or Cloudflare. S3 compatibility means migration risk is low — standard tools work for export.

Positives

S3-compatible — fully portableZero egress feesStrong consistency across regionsSOC 2 Type II certified

Supabase Vector (pgvector)

Vector DB · Reviewed 2026-04

low risk

✓

pgvector — open source

Built on pgvector Postgres extension. PostgreSQL License (BSD-style). Self-host or migrate to any Postgres with pgvector enabled.

✓

Standard SQL queries

Vector search via standard SQL (ORDER BY embedding <=> query). No proprietary query language. Migration to Neon, Crunchy Bridge, or self-hosted is trivial.

⚡

HNSW index limitations

pgvector HNSW indexes are slower at billion-scale than dedicated vector DBs (Pinecone, Qdrant). Best for under 100M vectors.

Positives

pgvector is open source (BSD-style)Standard PostgreSQL — zero lock-inSQL-native vector queriesData fully portable via pg_dump

Plausible Analytics

Analytics · Reviewed 2026-04

low risk

✓

No personal data collected — GDPR by design

Plausible does not collect IP addresses, cookies, or device fingerprints. No personal data means no GDPR consent banners required for analytics.

✓

Data exportable as CSV/JSON

All stats and raw data exportable via API or CSV. Self-host on your own infra using the same open-source codebase.

✓

EU hosting by default

Plausible Cloud is hosted in EU (Hetzner, Germany and France). GDPR-friendly by default. EU SCCs not needed as data stays in EU.

⚡

Aggregated data only — no per-user events

Unlike Mixpanel or PostHog, Plausible does not provide per-user event streams or session replay. Not suitable for product analytics requiring individual user journeys.

Positives

Privacy-first — no personal data collectedAGPL open source — self-host for zero lock-inEU hosting included by defaultNo cookie consent banner needed

Resend

Email · Reviewed 2026-04

low risk

✓

No spam filtering lock-in

You bring your own domain and DNS records. IP reputation tied to your domain, not Resend's shared IPs on paid plans.

✓

React Email templates are code in your repo

Templates are React components in your codebase. No vendor format. Works with any email provider that accepts HTML.

⚡

No SOC 2 yet (as of 2026)

Resend is growing fast but hasn't published SOC 2 Type II report as of early 2026. Not suitable for healthcare or heavily regulated industries without this.

✓

Audience data exportable

Contact lists exportable as CSV. Suppression lists accessible via API. Domain verification DNS records transfer to any provider.

Positives

React Email templates in your codebaseStandard SMTP fallback availableDomain reputation stays with youSimple per-email pricing

Mailgun (Sinch)

Email · Reviewed 2026-04

low risk

⚡

Acquired by Sinch — pricing changes followed

Mailgun was acquired by Sinch in 2021. Free tier was subsequently reduced from 5,000 to 1,000 emails/month. Prices for paid plans increased in 2022.

⚡

Log retention limited on lower tiers

Email logs retained for only 3 days on Foundation plan, 30 days on Scale. Important for debugging — ensure your plan has sufficient retention.

✓

Standard SMTP and API

Standard SMTP port 587 supported. API format is simple HTTP. Switching to SendGrid, Postmark, or Resend requires only endpoint and key changes.

✓

EU data residency available

EU region available (Frankfurt). Data stays in EU for compliance. Select region during signup or via API base URL.

Positives

Industry-standard SMTP interfaceEU region availableSuppression list managementSPF/DKIM/DMARC configuration guides

PostHog

Analytics · Reviewed 2026-04

low risk

✓

Open source — self-host option is real

PostHog Community is MIT licensed and runs on your own infrastructure. Full feature parity with Cloud for product analytics.

✓

Event data fully exportable

Raw events queryable via SQL on self-hosted. Cloud exports to S3 or GCS. Historical data importable to ClickHouse, BigQuery, or any warehouse.

⚡

Session recordings contain PII risk

Session recordings capture network requests, form inputs, and DOM content by default. Enable autocapture with caution — mask sensitive fields explicitly.

⚡

Feature flags and experiments integrated

PostHog's feature flag SDK is woven into your frontend code. Migrating to LaunchDarkly or Split.io requires updating flag evaluation calls throughout the app.

Positives

MIT/AGPL open source — self-host or cloudEvents, recordings, feature flags in one productEU Cloud availableHIPAA BAA on paid plans

Better Auth

Auth · Reviewed 2026-04

low risk

✓

MIT — no vendor lock-in

Fully open source MIT license. Self-hosted by design. No SaaS dependency.

⚡

No managed service SLA

No hosted offering means no uptime guarantee. You are responsible for availability.

⚡

Community-driven maintenance

Single maintainer with growing community. Bus factor risk inherent to small OSS projects.

Database · Reviewed 2026-04

low risk

✓

Apache 2.0 — fully open source

Postgres compiled to WASM. Apache 2.0. No cloud dependency.

✓

Client-side only

Runs entirely in browser or Node.js. No SaaS vendor. No contracts needed.

Positives

Apache 2.0No vendor — runs locallyStandard PostgreSQL SQLNo cloud dependency

Langfuse

AI/ML · Reviewed 2026-04

low risk

✓

MIT — fully open source

MIT licensed. Self-host for complete data control. No prompts leave your infrastructure.

⚡

Cloud pricing by traces

Cloud version bills per trace/event. High-volume AI apps can accumulate costs.

✓

SOC2 on cloud

SOC2 Type II for cloud offering. Self-hosted = your own compliance.

Positives

MIT licenseSelf-hostable — full data controlSOC2 Type II (cloud)SSO on Teams plan

Unkey

API Security · Reviewed 2026-04

low risk

✓

Open source — self-hostable

Open source API key management. Self-host for full control.

⚡

No SOC2 yet

Early-stage company. No SOC2 certification. Self-host for compliance-sensitive environments.

Positives

Open sourceSelf-hostablePer-key usage audit logsRate limiting built-in

Biome

Tooling · Reviewed 2026-04

low risk

✓

MIT — fully open source

MIT licensed. CLI tool — no SaaS, no cloud dependency, no contracts.

⚡

Community-maintained

Forked from Rome after the company folded. Active community but no corporate sponsor.

Positives

MIT licenseNo cloud dependencyDrop-in ESLint + Prettier replacementRust-based — fast and reliable

Twenty

CRM · Reviewed 2026-04

low risk

⚡

AGPL 3.0 — copyleft

AGPL means modifications to Twenty itself must be shared. Using it as a service (SaaS) triggers source sharing requirement.

✓

Self-hosted — your data

Docker Compose deployment. PostgreSQL backend. Full data control.

Positives

Open source CRMSelf-hostablePostgreSQL — standard data formatNo per-user SaaS fees on self-hosted

Docmost

Documentation · Reviewed 2026-04

low risk

⚡

AGPL 3.0 — copyleft

AGPL copyleft applies. Self-hosted use for internal docs is fine. Offering as a service requires sharing source.

✓

No cloud offering

Self-hosted only. No vendor dependency. No contracts to negotiate.

Positives

Open sourceSelf-hosted only — full controlPostgreSQL storageNo SaaS fees