P2. SaaS web app path

What this page helps you do

Follow the safest default launch path for a normal modern web app.

Why it matters

This is the most common app shape people call “just a website” even though it has login, user data, billing, or admin access. Those features raise the cost of sloppy launches fast.

You should already have

• a web app with some mix of login, database, user data, admin features, billing, or private workflows

Skip this page if

• the app is only public content pages
• the app’s main risk is AI model behavior rather than standard web app behavior

Then go to P1. Simple website path or P3. AI app path.

What to do

Use this path:

1. F1. Put your code on GitHub
2. F3. Environment settings
3. F4. Run your app locally
4. F5. Database basics
5. H1. Choose hosting
6. H6. Deploy your app
7. D2. Set up Cloudflare
8. R1. Backups
9. R2. Secrets
10. R8. Launch checklist

Add security basics before real traffic:

• C1. Login basics
• C2. Protect admin pages
• C3. Validate user input

Recommended default

Use managed hosting first unless you already know why you need a VPS or self-hosted platform.

You want a setup where:

• deploys are repeatable
• secrets are stored outside the code
• logs and error tracking are easy to find
• rollback is possible

Common mistakes

• storing production credentials in the repo
• treating the database like it does not need backups yet
• launching admin pages without extra protection
• having no answer for “what happens if this deploy breaks the app?”

Next step

Go to F1. Put your code on GitHub or jump straight to H1. Choose hosting if the basics are already done.

Related pages

• B7. Need payments
• B10. Need login
• R3. Safer deploys

Advanced notes

If your SaaS app also depends heavily on model behavior, rate limits, or prompt handling, layer in P3. AI app path before launch.