Playbook/Stage 02

Ship

Get it live

Sign Up & Payments

User accounts and charging money. Only matters once you have validated demand.

Your app is on the internet. Now make it so people can create their own accounts, have their own data, and pay you money. This section is for builders who are ready to charge -- if you're still validating whether anyone wants this, start with Customer Discovery first.

User Accounts -- Their Own Space

Right now, everyone who visits your app sees the same thing. You need each person to have their own account -- their own login, their own data, their own experience.

What this gives you:

  • People can sign up with their email (or sign in with Google -- one click)
  • Each person sees only their own stuff
  • They can log out and come back later -- their data is still there
  • You know who your users are (email addresses, when they signed up)

What to tell your AI:

"Add user accounts using Supabase Auth. Let people sign up with email and password, or sign in with Google. Protect the main pages so only logged-in users can see them. Make sure each user can only see their own data."

Don't build login yourself. It involves security, password encryption, email verification, "forgot password" flows -- things that are easy to get wrong and dangerous if you do. Services like Supabase Auth or Clerk handle all of this for you. Free to start.

Storing Each Person's Data

When someone creates an account and uses your app, their information needs to be saved somewhere -- a database. Think of it like spreadsheets in the cloud:

  • A "users" spreadsheet -- one row per person. Their name, email, when they signed up, what they've paid for.
  • A spreadsheet for your app's content -- whatever your users create. Projects, posts, assessments, orders -- depends on your idea.
  • They connect to each other -- each piece of content belongs to one user. User A sees their stuff, User B sees theirs.

What to tell your AI: "Create a Supabase database for my app. I need to store [describe what your users create]. Set up row-level security so each user can only see their own data."

This is critical -- and personal. I spent years at the FDIC examining banks for compliance failures. The most common finding wasn't fraud or theft. It was access controls that existed on paper but weren't enforced in practice. The policy manual said one thing; the system did another. A teller could pull up accounts they had no business seeing. When I found it, the consequence wasn't a bug fix -- it was a regulatory finding, sometimes a consent order. When I build apps now, I think about row-level security the way an examiner thinks about access controls: if you can't prove each user can only see their own data, you don't have security -- you have a policy document and a prayer. Always tell your AI to set it up. Say: "Add row-level security so users can only access their own rows." Your AI knows exactly what this means.

Accepting Payments

You want to charge money. Stripe handles the hard parts -- credit cards, subscriptions, receipts, taxes, refunds. You just connect it.

How it works:

  1. A customer clicks "Buy" or "Upgrade" on your site
  2. They're sent to a payment page that Stripe hosts (you never see their credit card)
  3. They pay
  4. Stripe notifies your app behind the scenes: "This person paid"
  5. Your app upgrades their account

What to tell your AI: "Set up Stripe Checkout so I can charge $[amount] per month. When someone pays, update their plan in Supabase to 'paid'. Also handle cancellations -- when someone cancels, set them back to 'free'."

Start with one price. Not three tiers. Not annual vs monthly. One price, one plan. You can add complexity later when you understand what people want. For now: free or paid. That's it.

Sending Emails

At minimum, you'll want to send a welcome email when someone signs up. Later, you might add receipts, notifications, or weekly updates.

What to tell your AI: "Add Resend to send a welcome email when a new user signs up. Keep it simple -- just a thank-you with one sentence about what to do next."

Knowing When Things Break

Real users will find problems you never did. You need to know about them before your users email you.

  • Sentry -- catches errors automatically and emails you. Tell your AI: "Add Sentry error tracking." Free to start.
  • A simple check -- ask your AI: "Create a health check page at /api/health that returns 'ok'. If it ever stops working, the whole app is down."

Before You Share It -- Checklist

  • Open your app in a private/incognito window. Can a brand new person sign up?
  • Can they log in, log out, and log back in?
  • Can they do the main thing your app is for?
  • Does their data show up only for them (not for other users)?
  • Can they pay? (Test with Stripe's test mode -- no real money moves)
  • Do you get an email when someone signs up? When they pay?
  • Does it work on a phone?
  • Is there a loading indicator when things are loading? (No blank screens)

What This Actually Costs (as of mid-2026)

Every guide says "free to start." Here's what it actually costs as you grow:

ServiceAt 0-10 usersAt 100 usersAt 1,000 users
Vercel (hosting)$0$0$20/mo
Supabase (database + auth)$0$0$25/mo
Stripe (payments)2.9% + 30¢/txnSameSame
Domain$10-15/yrSameSame
Resend (email)$0$0$20/mo
Sentry (error tracking)$0$0$26/mo
Total~$1/mo~$1/mo~$91/mo

At $19/month per customer and 100 paying users, you're making $1,900/mo with ~$1 in infrastructure costs. The margins are real. They stay real until you're big enough for it to be a good problem to have.

Do the napkin test. Three numbers on the back of an envelope: what does each user cost you per month (AI calls + infrastructure), what will you charge, and how many paying users do you need to cover your time? If one user costs you $1/month in AI and you charge $19, your margin is $18. You need 56 paying users to make $1,000/month. If you can't get to a number that makes sense on a napkin, no amount of building will fix that. Run the full calculation here.
You're ready. Once the checklist above passes, you have a real product. People can find it, sign up, use it, and pay you. The next step is getting people to show up.
Previous
Ship It
Next
Fix Things & Keep Going