Migrating off Front — phase by phase.
We don't have a Front-specific runbook published yet — but the playbook below is the one we'd use, contextualised on the first scoping call. Front migrations follow the same seven phases, with the data-extraction and parallel-run details tuned to Front's APIs.
Our seven-phase playbook
The same playbook we've documented on the process page — applied with Front-shaped specifics on the first scoping call.
Discovery workshop
1–2 weeksWe sit with your sales, ops and engineering leads and turn the SaaS you're paying for into a list of the workflows you actually run. Most teams discover they use 10–20% of what they're billed for.
✓Shadow real users on real tasks (Zoom + screen share)✓Pull a 90-day usage report from your current SaaS (logins, features touched, integrations called)✓Map the data model: tables, custom fields, what's actually populated✓Identify the 'shelfware' — features you pay for and nobody uses✓Surface the integrations and exports your team depends on✓Document the security, compliance and audit constraintsYou walk away withA 6–10 page Usage & Scope Audit naming every workflow that stays, every feature that goes, and the cost line each one currently lives on.
Scope + fixed-price quote
1 weekWe turn the audit into a fixed-price scope. No T&M, no scope creep, no day-rate surprises. You see the build cost, the annual maintenance, and a 3-year and 5-year savings projection before signing anything.
✓Translate workflows into a feature list with effort estimates✓Pick the stack (Next.js, Postgres, Inngest, Resend — boring on purpose)✓Model the savings against your current SaaS contract + projected growth✓Lock the in-scope and out-of-scope features in writing✓Decide what gets migrated, what gets archived, what gets droppedYou walk away withA signed Statement of Work with a fixed price, a delivery timeline, and a 5-year TCO comparison vs your current SaaS contract.
Architecture + DPA
1 weekBefore we write feature code we get the foundations right. Hosting region, data ownership, encryption, RBAC and the GDPR posture are documented and agreed — the same artefacts we'd hand your auditor on day one.
✓Decide hosting region (UK or EU — your call)✓Provision Postgres (Neon or AWS RDS), Vercel project, S3 / R2 bucket✓Set up SSO (Google / Microsoft) with WebAuthn 2FA✓Wire observability: Sentry, log aggregation, audit table✓Sign the DPA and the sub-processor list✓Run a threat-model session against the in-scope dataYou walk away withAn Architecture Decision Record + a signed Data Processing Agreement + a security questionnaire ready to send to your CISO or auditor.
Build with weekly demos
4–12 weeks (scope-dependent)We ship working software every week and demo it on a Friday call. Your team uses it, breaks it, gives feedback. By the end you've used the product more than you'd used the SaaS we're replacing.
✓Weekly demo + retro — every Friday, 30 minutes✓Continuous deploys to a staging environment your team logs into✓Issue tracker is shared — you see the burn-down in real time✓Code review pairs with one of your engineers if you want a knowledge-transfer path✓Pen-test fixtures built in from day one (gitleaks, Dependabot, OWASP ASVS L2 checks)You walk away withA production-grade application running on your own infrastructure, with you as the GitHub owner. No 'agency owns the code' nonsense.
Data migration + parallel run
2–4 weeksWe extract your historical data from the SaaS, map it into the new schema, and run both systems side-by-side. Your team works in the new product; the old SaaS stays live as a read-only fallback for a defined window.
✓Build extract scripts against the SaaS API (we keep them — they're useful again at renewal)✓Map foreign keys and IDs so historical search keeps working✓Backfill audit trails so 'who changed what when' is preserved✓Daily reconciliation reports compare old and new during the parallel run✓Train your team in two 60-minute sessions, recorded for the restYou walk away withA Migration Runbook (rerunnable), a reconciliation dashboard, and a signed sign-off from each team that the new system is the system of record.
Cutover
1 dayOn the day, DNS flips, SSO redirects, the SaaS goes read-only. We sit on a war-room call with your ops lead. Most cutovers are anti-climactic — which is the point.
✓DNS + SSO cutover with a 5-minute window of dual-write✓Run smoke tests against every critical workflow✓Notify all users via Slack + email with the new login link✓Lock the SaaS to read-only — kept for 90 days as a safety net✓Cancel auto-renewal on the SaaS contract (a quiet pleasure)You walk away withA Cutover Runbook + a Day-1 Status Report showing every workflow green. The SaaS stays read-only for 90 days, no longer charging full seat price.
Operate, evolve, own
OngoingWe host it, monitor it, fix it. You own the code, the data and the keys. New features ship as PRs your team reviews; SLAs are real numbers in a contract; renewal increases are zero, forever.
✓24/7 uptime monitoring with a public status page✓Quarterly architecture review + a 6-month roadmap conversation✓RPO ≤ 5 minutes, RTO ≤ 4 hours; DR tested twice a year✓Annual third-party pen test, findings shared✓Dependabot CVE triage in 72 hours; criticals in 24You walk away withA flat-fee SLA with a named on-call engineer, a quarterly product roadmap, and zero per-seat tax forever. The contract is exit-friendly: you own the code, your repo, your infra, your keys.
Get a Front-shaped migration plan.
Tell us your seat count, contract end date, and the integrations you can't lose. We'll come back within a business day with a fixed-price scope and a timeline tuned to your renewal.
Scope a Front migration
One business day. NDA + DPA on request.