There’s a number that keeps coming up in our conversations with engineering leaders at Series A and B SaaS companies: 20-40% of engineering time goes to infrastructure that isn’t their product.
Not infrastructure in the “servers and deployment” sense — most teams have that sorted with managed Kubernetes or Vercel or Railway. We’re talking about the application-level plumbing: permissions, multi-tenancy, validation, audit logging, GDPR compliance, form generation, and the sprawling middleware that ties it all together.
This post puts real numbers on that cost and examines whether it’s a good investment.
The inventory
Let’s enumerate the enterprise SaaS features that every multi-tenant B2B product eventually needs. Not the first year — but by the time you have enterprise customers demanding SOC 2 compliance, these are on your roadmap:
| Capability | Typical build time | Typical maintenance |
|---|---|---|
| Multi-tenant isolation | 2-4 weeks | Ongoing (every new query) |
| Role-based access control | 2-4 weeks | Ongoing (every new feature) |
| Field-level permissions | 4-8 weeks | High (every schema change) |
| Server-side validation | 2-4 weeks | Ongoing |
| Audit logging | 4-6 weeks | Moderate |
| PII classification & masking | 4-8 weeks | High (regulatory changes) |
| GDPR erasure endpoints | 2-4 weeks | Moderate |
| Form metadata generation | 4-8 weeks | High (schema changes) |
| CDC / event streaming | 4-8 weeks | Moderate |
| Admin console | 8-12 weeks | High |
Conservative total: 36-66 weeks of engineering effort to build the first version. That’s roughly 2-3 engineers for 6 months.
The dollar cost
At fully-loaded costs (salary + benefits + overhead + opportunity cost) for a mid-level engineer in the US, you’re looking at roughly $12,000-15,000 per engineer per month. Two engineers for six months:
$144,000 - $180,000 to build version 1.
But version 1 is the cheap part.
Maintenance compounds
Every new object in your schema needs tenant isolation. Every new field needs FLS rules. Every new endpoint needs validation. Every new PII field needs classification, masking rules, and erasure handling. Every compliance audit requires documentation that your homegrown system probably doesn’t generate automatically.
Teams we’ve spoken to estimate that maintenance of enterprise infrastructure consumes 15-25% of an engineer’s time on an ongoing basis. For a 10-person engineering team, that’s 1.5 to 2.5 full-time-equivalent engineers permanently allocated to plumbing maintenance.
Annual cost of maintenance: $180,000 - $375,000.
The opportunity cost
This is the number that doesn’t show up on any balance sheet but dominates every roadmap conversation. Every sprint that includes “add audit logging to the new module” or “update field permissions for the enterprise role” is a sprint that doesn’t include the feature your competitor shipped last month.
For a seed-to-Series B company, engineering velocity is the product strategy. Every week spent on undifferentiated plumbing is a week your competitors spent on their actual product.
The alternative
ToasterDB’s Pro tier costs $159/month billed annually. The Team tier — which includes RBAC, audit logging, and priority support — costs $639/month.
For the cost of the Team tier over a year ($7,668), you get:
- Multi-tenant isolation enforced at the query engine level
- Field-level security declared in schema, enforced automatically
- Row-level security with CEL expressions
- Server-side validation with cross-field rules
- PII classification, masking, purpose-based access, and field encryption
- GDPR/CCPA erasure endpoints
- Audit logging on every mutation
- Change data capture for event streaming
- Auto-generated form metadata
- A full admin console
Compare that to the $144,000-$180,000 build cost plus $180,000-$375,000 annual maintenance.
Even if you’re sceptical of our engineering estimates (and you should be — every team is different), the ratio is striking. The question isn’t whether ToasterDB is cheaper. It’s whether building it yourself is 18-45x more expensive or merely 10x more expensive.
”But we need customisation”
The most common objection. And it’s a good one.
Here’s our answer: yes, you need customisation — for your product. You don’t need customisation for WHERE tenant_id = ?. You don’t need a bespoke approach to field-level permissions. You don’t need a unique snowflake implementation of GDPR erasure.
These are solved problems. They’re just solved problems that every team independently re-solves, because no platform existed that handled them at the data layer without locking you in.
ToasterDB is customisable where it matters. Validation uses CEL expressions — a Turing-incomplete, side-effect-free expression language that can express any business rule. RLS uses CEL too. FLS is declarative. Privacy rules are declarative. Events fire webhooks to your code. And if you outgrow the platform, you eject to real code and keep going.
The infrastructure layer should be a commodity. Your product should be where you spend your engineering time.
When not to use ToasterDB
We want to be honest about the cases where building it yourself makes more sense:
- You’re pre-product-market-fit and your schema changes daily. ToasterDB works best when your data model is at least partially stable. If you’re still figuring out what you’re building, raw SQL and fast iteration might be more appropriate.
- You have a dedicated platform team with existing infrastructure that works. If you’ve already built and maintained this plumbing for years and it’s working well, the migration cost may not be worth it.
- Your access control model is genuinely novel. FLS and RLS cover the vast majority of enterprise permission models, but if yours requires something fundamentally different — graph-based permissions, for example — you may need a custom solution.
For everyone else — the 3-30 person engineering team building multi-tenant B2B SaaS on PostgreSQL, spending a quarter of their time on plumbing they wish didn’t exist — the math is pretty clear.
Ready to do the math for your team? Start with the free tier — 10 objects, 50K queries, no credit card. Or if you want to see the numbers for self-hosted enterprise, talk to our team.
Want to try ToasterDB?
Get Started Free