The hidden cost of "small" tech choices three years in

Pick any early-stage startup and look at the vendor stack from year one. Auth0 for authentication. Algolia for search. Stripe for payments. SendGrid or Mailgun for transactional email. Each choice was obvious at the time: best developer experience, fastest integration, cheapest entry point. The team was moving fast, and these tools let them move faster.

Three years later, that same stack is a trap. The team is spending months migrating off vendors whose pricing has multiplied, whose APIs have shifted, or whose architecture no longer fits. The time they spend on these migrations is time they cannot spend on product. Joel Spolsky described this dynamic in his essay “Fire and Motion,” published January 6, 2002 on joelonsoftware.com: competitors pin you down by forcing you to react to their changes instead of advancing your own work. What Spolsky did not fully anticipate is that your own vendors would pin you down just as effectively. The auth provider you chose for its five-line setup guide now owns your password hashes. As one Hacker News commenter observed in a 2021 thread on auth lock-in, passwords are hashed and the only way off without a mass password reset is a silent migration that can take months and will never reach 100% of users. The search provider with the generous startup credit now charges per-record fees that grow faster than your revenue, according to Algolia’s Grow plan pricing documented by Vendr. The payment processor whose 2.9% rate felt standard now takes 5.4% on international transactions with currency conversion, according to payment fee analysis published by CheckThat.ai.

These are not failures of execution. They are failures of evaluation. Teams optimize for day-one developer experience and ignore exit cost entirely. By the time exit cost matters, it is too late to evaluate it objectively.

Three documented migrations and the actual person-months consumed

The engineering blog posts of successful companies are, read together, a catalog of this pattern. Notion, Figma, and Linear each undertook major infrastructure migrations driven by choices that seemed small at the start. The actual effort consumed months of engineering time and required complex, risky operations.

Notion ran its entire product on a single Postgres monolith through five years and four orders of magnitude of growth, according to Notion’s engineering blog post “Herding elephants: lessons learned from sharding Postgres at Notion.” By mid-2020, that database was heavily strained. Engineers on-call routinely woke up to CPU spikes. Simple catalog-only migrations became unsafe because, as Notion’s own retrospective states, the team had to be very frugal with migrations lest they add even more load. The team’s explicit lesson was “Shard earlier.” The solution was a sharding project that moved data across 480 logical shards on 32 physical databases. The migration required a machine with 96 CPUs, an AWS m5.24xlarge instance, and took three days to complete, as documented in the same Notion engineering post. That was 2021. By 2022, the infrastructure was straining again. In July 2023, Notion published “The Great Re-shard,” describing how they expanded from 32 to 96 physical shards with zero downtime. According to a post-migration analysis published by chenten.me, CPU and IOPS utilization dropped from roughly 90% to around 20% during peak traffic after the project completed.

Figma’s trajectory followed the same arc. In 2020, they ran a single Postgres database on AWS’s largest physical instance. By the end of 2022, they had built a distributed architecture with caching, read replicas, and a dozen vertically partitioned databases, as documented in Figma’s engineering blog post “How Figma’s Databases Team Lived to Tell the Scale.” The final vertical partitioning operation in October 2022 moved 50 tables and caused a 30-second period of partial availability impact, dropping about 2% of requests, according to Figma’s blog post “The growing pains of database architecture.” Figma considered horizontal sharding but ruled out backfilling large tables because, as the team noted in their engineering blog, the operation would have taken months given Postgres throughput constraints. Meanwhile, their legacy data synchronization pipeline, built in 2020 as a simple daily cron job, had by 2023 grown so unwieldy that daily tasks took around six hours, and the largest tables took several days. Maintaining extra database replicas to support daily exports resulted in millions of dollars in unnecessary costs every year, according to Figma’s blog post “From Multi-Day Latency to Near Real-Time Insights: Figma’s Data Pipeline Upgrade.” Notion’s data under management had grown 10x in just three years, according to a December 2023 presentation by Thomas Chow and Nathan Louie, software engineers on Notion’s Data Platform team, summarized by Onehouse.

Linear’s migration was different in kind but similar in cost. They built multi-region support by extracting authentication into a global service and creating a Cloudflare Workers proxy to route requests to the correct regional deployment, as described in Linear’s engineering blog post “How we built multi-region support for Linear.” The project touched authentication logic, which the team explicitly noted is “always a sensitive part of any codebase.” It required three distinct phases: terraforming infrastructure, extracting authentication to a global service, and creating the routing proxy. The proxy layer queries the auth service on every request to determine workspace region and obtain a signed JWT before forwarding traffic.

The common thread is not that these teams made bad choices. It is that each migration was not a single event but a multi-year sequence of escalating effort, with each phase more complex than the last. Notion sharded once, then re-sharded. Figma partitioned, then built a new data pipeline. Linear rebuilt their entire auth architecture. None of these projects were visible on the roadmap in year one.

Why teams over-index on day-one DX and under-index on exit cost

The pricing models of popular vendors create a “growth penalty” that can multiply costs dramatically with only modest user growth. Auth0 provides the clearest example. In late 2023, Auth0 implemented a 300% increase in overage costs for the B2C Essentials plan, jumping from $0.023 per monthly active user to $0.07 per MAU. Simultaneously, the base plan was adjusted from covering 1,000 MAUs for $23 per month to 500 MAUs for $35 per month, according to SSOJet’s analysis of Auth0 pricing. One company profiled by SSOJet experienced a 15.54x increase in their monthly Auth0 bill, from $240 to $3,729, after only a 1.67x growth in MAUs. Since Okta completed its acquisition of Auth0 in May 2021, most pricing adjustments have resulted in rate increases for enterprise and startup customers, according to Stytch’s analysis of Auth0’s 2024 pricing update.

Algolia’s pricing creates a different but equally dangerous lock-in. Their Grow plan charges approximately $0.50 per 1,000 search requests and $0.40 per 1,000 records, according to Vendr’s pricing documentation. Enterprise contracts typically start in the $20,000 to $50,000 range for mid-market deployments. The startup credit program creates a timing trap: a pre-revenue startup that set up Algolia in summer 2024 and launched in January 2025 had used only about $300 of the $10,000 in startup credits, but lost the remaining credits because Algolia’s one-year clock starts at acceptance, not at product launch, according to a verified G2 reviewer. That reviewer concluded they were “locked in to paying Algolia’s expensive rates until we have the engineering bandwidth to switch.”

Stripe’s pricing is more predictable but still carries hidden costs. The standard rate for online card transactions has remained 2.9% plus $0.30 per successful charge. But Stripe Billing’s fee increased from 0.5% to 0.7% of subscription volume effective July 10, 2024 for new customers, with existing customers grandfathered at 0.5% until June 30, 2025, according to Wingback’s analysis of the Stripe Billing price increase. The effective rate for international transactions with currency conversion can reach 5.4% plus $0.30 per transaction, an 86% cost increase over domestic processing, due to fee stacking: 2.9% base plus 1.5% international card fee plus 1.0% currency conversion, according to CheckThat.ai’s Stripe pricing analysis.

The time spent reacting to vendor pricing changes is time spent not advancing your product. That is the true cost of a “small” vendor choice.

The pattern is consistent. The pricing review cadence at a startup accelerates when revenue exposure crosses a meaningful threshold. But by then the technical debt of integration is already sunk. The cost of leaving is higher than the cost of staying, even when staying means accepting 300% price hikes. The auth provider cannot be left without a mass password reset because the passwords are hashed. As noted in the 2021 Hacker News thread on auth lock-in, a silent migration is technically difficult and will never reach 100% of users during the transition period. The search provider requires rebuilding every index. The payment processor requires re-engineering the entire checkout flow.

A pre-commitment checklist for any vendor over $5k per year

Before signing any vendor contract over $5,000 per year, teams should evaluate three things.

First, the cost of a silent migration. Can you export your data without a mass password reset? For auth providers, the answer is almost always no, because passwords are hashed and the migration requires users to re-authenticate during a transition period, as documented in the 2021 Hacker News thread on auth lock-in. For search providers, the answer depends on whether the vendor supports index export in a standard format. For payment processors, the answer depends on whether subscription data and customer payment methods can be exported without manual intervention.

Second, the vendor’s pricing history. Has the vendor raised prices in the last two years? Auth0 has raised prices twice within a year, according to Stytch’s analysis of Auth0’s 2024 pricing update. Stripe raised Billing fees by 40%, from 0.5% to 0.7%, effective July 2024, according to Wingback’s reporting on the change. Algolia’s pricing structure has remained relatively stable, but the startup credit timing trap is a form of pricing risk, as documented by the G2 reviewer cited above. A vendor with a history of price increases is a vendor that will raise prices again. The question is whether your growth rate exceeds their price increase rate.

Third, whether the vendor’s business model aligns with your growth trajectory. Vendors that charge per active user, per search request, or per transaction create a direct tax on your growth. Vendors that charge a flat fee or a percentage of revenue create alignment. Figma considered buying a proprietary end-to-end data pipeline solution but found no option that met their needs in terms of flexibility, cost, and scale. They chose to build their own incremental synchronization system because, as Figma’s engineering blog notes, a vendor solution would not have given them the flexibility to optimize their workflow based on existing technology. That decision was expensive in the short term but eliminated a vendor lock-in risk that would have compounded over time.

The vendors least likely to lock you in

Vendors with open data formats, transparent pricing, and no proprietary protocols are less likely to lock you in. Vendors with opaque pricing, data export barriers, and aggressive credit programs are the most dangerous.

Auth0 and Algolia exhibit the highest lock-in risk. Auth0’s pricing opacity has historically misled developers, and the 300% overage cost increase demonstrates that the vendor’s incentives are misaligned with customer growth, as documented by SSOJet’s pricing analysis. The data export barrier for auth providers is structural: password hashes cannot be exported, and a silent migration is technically difficult, as noted in the 2021 Hacker News thread on auth lock-in. Algolia’s lock-in is driven by the cost of rebuilding indexes and the timing trap of startup credits, as documented by the G2 reviewer cited above. Their pricing charges for both search requests and records, creating a double tax on growth, according to Vendr’s Algolia pricing documentation.

Stripe’s pricing is more predictable but still carries risk. The international fee stacking can increase effective rates by 86%, according to CheckThat.ai’s analysis. The Billing fee increase shows that even Stripe will raise prices when they can, as reported by Wingback. However, Stripe’s data export capabilities are relatively good, and payment processing is a commodity market with alternatives like Adyen and Paddle that offer comparable services.

The honest summary is that every vendor will eventually raise prices or change their terms. The question is not whether it will happen, but how much it will cost you to leave when it does. A vendor whose data format is open, whose pricing is transparent, and whose contract has no minimum commitment is a vendor you can leave. A vendor whose data is locked in, whose pricing is opaque, and whose startup credits create a switching cost is a vendor that owns your roadmap.

The teams at Notion, Figma, and Linear spent months on migrations that were invisible in year one. The teams that chose Auth0 and Algolia are spending months on migrations that were invisible in year one. The pattern will repeat for every startup that optimizes for day-one developer experience and ignores exit cost. The only way to break it is to evaluate the cost of leaving before you sign.