Stop building the same SaaS setup for the seventh time.
FastStaq is the production-ready SaaS starter with real sign-in, real billing, real customer support, and real privacy compliance. Spend your first month building your actual product, not invoices and two-factor auth.
14-day refund · One-time payment · Lifetime updates
What you don't have to rebuild
150+ hours of setup work you never have to do
These are the tasks that eat a sprint on every SaaS we have seen built from scratch. FastStaq ships them already built and tested.
- 20hnormally costs you
Building sign-in with email verification, two-factor codes, magic links, Google sign-in, and passkeys, without leaving anything sketchy on a security review.
Hashed-token tables, two-factor (authenticator apps), magic-link flow, Google sign-in, passkeys. Rate-limited, tracked in an audit log, and red-team tested. - 16hnormally costs you
Wiring up Stripe for subscriptions, one-time payments, and lifetime deals. Plus webhooks, retry-safe billing events, and a customer portal that does not double-charge.
Checkout for subscriptions, one-time payments, and lifetime plans. Promo codes managed inside Stripe. Replay-safe webhook handling. Fail-closed plan changes so packages do not change before Stripe accepts payment. - 28hnormally costs you
A support desk your agents actually use: ticket queue, live chat, response-time targets, canned replies, satisfaction surveys, help articles.
Support inbox with assignment + priority. Live chat with an agent console. Response-time rules with business hours and holidays. Canned replies. Customer-satisfaction survey. Help-article library with voting. - 12hnormally costs you
A blog you can actually keep updated, with tags, drafts, search-friendly metadata, version history, scheduled posts, sitemap, and RSS.
Blog editor with rich text, categories, tags, version history, scheduled posts, social-share previews, sitemap.xml + RSS, related-posts. - 16hnormally costs you
Privacy compliance: data export, account deletion, retention rules, an audit log that hides personal details, a cookie banner, a subprocessor page. The stuff a procurement review asks for on day 30.
Privacy export and verified two-step delete (background-job driven). Retention rules per data type. Audit log with personal-data redaction. Cookie banner with per-category opt-in. Subprocessor list and a legal-page generator. - 16hnormally costs you
An affiliate program that actually pays out, a waitlist with invite acceptance, live in-app notifications, and a public status page.
Affiliate program with commission tracking and a payout queue. Waitlist with invite acceptance. Live in-app notifications. Hosted status page integration. - 14hnormally costs you
An admin console your team can use without poking the database: user moderation, role assignment, analytics, fine-grained permissions.
Admin dashboard with user moderation and suspension. Role-based permissions (single source of truth, shared between front-end and back-end). Analytics across tickets and chat. A settings hub with search. - 10hnormally costs you
Background jobs that survive a server restart: email delivery with retries, retention sweeps, outgoing webhook delivery with backoff, scheduled blog posts.
Background workers for email, retention, outgoing webhooks, scheduled publishing. Queues backed by Redis. Performance metrics and health checks. - 12hnormally costs you
Multi-customer workspaces: scoping every database query, invites, role per workspace, a switcher that does not leak data between customers.
Workspace model with role-based memberships. Invite flow with single-use tokens. Database layer that automatically scopes by workspace (defence-in-depth). Workspace switcher. Off by default — turn it on when your second business customer shows up. - 8hnormally costs you
A programmable surface your customers can build against: API keys, signed outgoing webhooks, per-key rate limits, a dashboard to rotate and revoke.
`sk_*` API keys with hashed storage and per-key rate buckets. Outgoing webhooks signed with HMAC and retried on failure. Dashboards for both, with revoke and rotate flows.
Six modules. Six sprints you get back.
Every card below is a real, wired-up part of the codebase, not a coming-soon checkbox.
Sign-in built to pass a SOC 2 audit
Sessions, two-factor, magic links, Google sign-in, passkeys. Every flow rate-limited and tracked.
- Rotating refresh tokens + short-lived access tokens
- Authenticator-app two-factor, Google sign-in, passkeys
- Magic links with single-use tokens
- Admins can require two-factor for staff
Billing: subscriptions, one-time, lifetime
Stripe Checkout, replay-safe webhooks, promo codes managed in Stripe, and a plan switcher that does not double-charge.
- Subscription, one-time, and lifetime plan modes
- Promo codes managed inside Stripe (no config edits)
- Full-price upgrades + renewal-scheduled downgrades
- Invoice history + customer portal
Support desk, not just a contact form
Ticket queue, live chat with an agent console, response-time rules, satisfaction surveys, canned replies.
- Ticket inbox with assignment + priority
- Live chat with queue + agent status
- Response-time rules, business hours, holiday calendar
- Help-article library with voting + analytics
Compliance-ready out of the box
Privacy data export and delete, retention sweeps, a cookie banner, a subprocessor page generator.
- Audit log that hides personal data
- Privacy export + verified two-step account delete
- Retention rules per data type
- Legal-page generator with DRAFT banner
Realtime + background jobs
Live in-app notifications and background workers for email, outgoing webhooks, and retention.
- Live in-app notifications
- Email worker with templates and retries
- Retention, scheduled posts, webhook delivery
- Performance metrics + health checks
Growth surface: affiliates, waitlist, blog
Everything you need on the marketing side to start signing up the first 100 customers.
- Affiliate program with commission tracking
- Waitlist + invite-acceptance flow
- Blog editor with rich text + search-friendly metadata
- Feature-request voting board
One codebase. Your pricing. Yours to keep.
Subscriptions, one-time payments, or lifetime deals: all three billing modes ship pre-wired to Stripe. Run any launch discount you want straight from the Stripe dashboard, no config files to edit.
What is included
Every module. Every file. Every test.
See the live price and any active promo on the pricing page.
- Full source code. Yours to modify and ship
- Next.js front-end, Express API, background workers, one repo
- Sign-in, billing, support desk, blog, privacy, affiliate, all wired up
- 120+ tests + automated CI checks
- Lifetime updates on the main branch
- 14-day, no-questions-asked refund window
Stripe Checkout · subscription, one-time, or lifetime · refund inside 14 days
Questions we have actually been asked
If yours isn't here, email hello@faststaq.com.
Is this a template, or a starter I actually own?
You own it. One-time payment, full source, no per-seat fees, no phoning home. The license lets you ship commercial products. It only stops you from reselling FastStaq itself as a competing starter.
What stack runs this?
Next.js 14 on the front-end. Express + Postgres on the back-end. Redis for queues and realtime. Stripe for billing. S3 (or any S3-compatible storage) for files. Node 20+. TypeScript everywhere.
Can I self-host, or do I need a specific cloud?
Self-host anywhere Node and Postgres run. We ship a Docker Compose file for a VPS and blueprint files for Railway, Render, and Fly (see deploy/). No edge-runtime lock-in.
How fresh is the code? Will it rot in six months?
Ongoing updates ship on the main branch. The repo has monthly dependency upgrades, a CI lint-and-test workflow, a security-audit workflow, and a 120+ test suite that gates changes.
Do you handle GDPR and SOC 2 foundations?
We ship the operational pieces: audit logging that hides personal data, privacy export and verified two-step delete, retention workers, a cookie banner, a cookie policy, a subprocessor page. Your counsel still owns the legal review.
What about serving multiple customers (multi-tenancy)?
Single-customer by default. Multi-customer workspaces sit behind a feature flag. Turn it on when your second business customer shows up, not on day one.
Refund policy?
Full refund inside 14 days, for any reason. After that, lifetime purchases are non-refundable, but you keep the code regardless.
Stop building the same setup again.
Pay once. Get the full code. Ship your actual product this week.