mikkel/pokertrip
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
pokertrip/docs/saas-considerations.md
Mikkel Georgsen fef6f5318e Initial project docs — design spec, reference JSX, and GSD kickoff 
Personal poker tracker: Go + React + PostgreSQL PWA for tracking
home sessions and poker trips with AI-powered schedule research.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 09:36:56 +00:00

2.6 KiB
Raw Blame History

SaaS Considerations

A running list of switches to flip and features to add when transitioning from personal tool to multi-tenant SaaS.

Auth & User Management

  • Email verification flow (send verification link on registration)
  • Password reset flow (forgot password → email → reset)
  • Rate limiting on auth endpoints (5 attempts/min/IP)
  • OAuth providers (Google, Discord — poker community lives on Discord)
  • Terms of service acceptance on registration
  • Account deletion / data export (GDPR)

Access Control

  • Admin role for managing shared venue data, global events curation
  • Friends system: mutual opt-in to share trip plans and compare results
  • Trip sharing: private by default, shareable with friends
  • Location knowledge gating: require at least one research run before accessing community-contributed data (give-to-get model)

Image Uploads

  • Max file size limit (e.g. 10MB per image)
  • Rate limiting on uploads (e.g. 50/day per user)
  • Per-user storage quota (e.g. 500MB free, 5GB paid)
  • File type validation (accept only image/jpeg, image/png, image/webp)
  • Image resizing/compression on upload (keep originals, serve optimized)
  • Virus/malware scanning (ClamAV or similar)
  • Switch storage backend from local filesystem to Garage (S3-compatible)
  • Signed URLs for image access (don't serve uploads directly)

AI / Research

  • Tiered access: Free (no AI) → BYO Key (bring your own OpenRouter/Requesty key) → Paid (use our key)
  • Usage tracking per user (research jobs, tokens consumed)
  • Cost estimation before starting research job
  • Rate limiting on research jobs (e.g. 10/day for BYO key, 3/day for paid tier)
  • Model allowlisting (prevent abuse of expensive models on paid tier)

Infrastructure

  • Connection pooling (PgBouncer) if user count warrants it
  • CDN for static frontend assets
  • Horizontal scaling: separate API instances behind load balancer
  • Monitoring / alerting (Grafana, Prometheus)
  • Structured logging for multi-tenant debugging

Payments

  • Stripe integration for paid AI tier
  • Subscription management (monthly/yearly)
  • Usage-based billing option for heavy AI users

Legal

  • Privacy policy
  • Terms of service
  • Cookie consent (if applicable)
  • GDPR compliance (data export, right to deletion, data processing agreements)

Community

  • Public venue data moderation (flag/report incorrect info)
  • Global events data quality review pipeline
  • Leaderboards / opt-in public stats (careful — gambling-adjacent, consider regulations)