The Break-Even Point 2026
The Break-Even Point: When Self-Hosting Becomes Cheaper Than SaaS
Self-hosting has upfront costs. SaaS has recurring costs. At some point, self-hosting wins. Here's exactly when.
The Break-Even Formula
Break-Even (months) = Migration Cost / (Monthly SaaS Cost - Monthly OSS Cost)
Where:
- Migration Cost = setup time + data migration + training
- Monthly SaaS Cost = per-user price × users
- Monthly OSS Cost = server + maintenance time
Break-Even by Tool Category
Simple Tools (Low migration cost)
| Switch | SaaS Monthly (10 users) | OSS Monthly | Migration Cost | Break-Even |
|---|---|---|---|---|
| Calendly → Cal.com | $120 | $7 | $500 | 4.4 months |
| 1Password → Vaultwarden | $40 | $5 | $300 | 8.6 months |
| Uptime monitoring → Uptime Kuma | $25 | $4 | $100 | 4.8 months |
| Bitly → Dub | $35 | $4 | $200 | 6.5 months |
| Typeform → Formbricks | $59 | $5 | $400 | 7.4 months |
Average break-even for simple tools: 4-9 months
Medium Tools (Moderate migration)
| Switch | SaaS Monthly (25 users) | OSS Monthly | Migration Cost | Break-Even |
|---|---|---|---|---|
| Slack → Mattermost | $219 | $15 | $3,000 | 14.7 months |
| Jira → Plane | $204 | $12 | $2,500 | 13 months |
| Notion → Outline | $300 | $10 | $4,000 | 13.8 months |
| Mailchimp → Listmonk | $100 | $8 | $1,500 | 16.3 months |
Average break-even for medium tools: 13-17 months
Complex Tools (High migration)
| Switch | SaaS Monthly (50 users) | OSS Monthly | Migration Cost | Break-Even |
|---|---|---|---|---|
| Intercom → Chatwoot | $790 | $25 | $8,000 | 10.5 months |
| Salesforce → Twenty | $1,250 | $20 | $15,000 | 12.2 months |
| Auth0 → Keycloak | $230 | $15 | $5,000 | 23.3 months |
Average break-even for complex tools: 10-24 months
Break-Even by Team Size
The bigger your team, the faster you break even (SaaS = per-seat, OSS = flat):
Slack → Mattermost
| Team Size | SaaS Monthly | OSS Monthly | Migration Cost | Break-Even |
|---|---|---|---|---|
| 5 | $44 | $7 | $1,500 | 40.5 months |
| 10 | $88 | $7 | $2,000 | 24.7 months |
| 25 | $219 | $10 | $3,000 | 14.4 months |
| 50 | $438 | $12 | $5,000 | 11.7 months |
| 100 | $875 | $15 | $8,000 | 9.3 months |
| 250 | $2,188 | $20 | $12,000 | 5.5 months |
Key insight: At 5 users, it takes 3+ years. At 100 users, under 10 months.
The Magic Numbers
| Tool Category | Minimum Team Size for <12 Month Break-Even |
|---|---|
| Simple tools | 3-5 users |
| Communication | 15-20 users |
| Project management | 15-25 users |
| Customer support | 10-15 users |
| CRM | 20-30 users |
| Authentication | 30-50 users |
Break-Even for Full Stack Migration
10-Person Team (12 tools)
Total SaaS Monthly: $1,200
Total OSS Monthly: $85 (server + 3hr maintenance)
Total Migration Cost: $12,000
Break-Even = $12,000 / ($1,200 - $85) = 10.8 months
50-Person Team (12 tools)
Total SaaS Monthly: $5,100
Total OSS Monthly: $125 (server + 4hr maintenance)
Total Migration Cost: $25,000
Break-Even = $25,000 / ($5,100 - $125) = 5 months
100-Person Team (12 tools)
Total SaaS Monthly: $10,200
Total OSS Monthly: $165 (server + 4hr maintenance)
Total Migration Cost: $35,000
Break-Even = $35,000 / ($10,200 - $165) = 3.5 months
Factors That Accelerate Break-Even
1. SaaS Price Increases
A 10% annual increase means your SaaS cost is higher than projected:
Year 1 Slack (50 users): $5,250
Year 2 (at 10% increase): $5,775
Year 3: $6,353
This makes OSS break-even happen sooner than the static calculation shows.
2. Shared Infrastructure
Running multiple OSS tools on the same server:
1 tool: $7/month server
5 tools: $7/month server (same!)
10 tools: $14/month server
Per-tool cost drops from $7 to $1.40
3. Team Growth
Adding users to SaaS = more cost. Adding users to OSS = $0:
Start: 25 users, SaaS $219/month
Hire 10 more: SaaS $306/month (+$87)
OSS stays: $10/month
4. Already Have DevOps
If your team already manages servers:
- Setup time is lower
- Maintenance is marginal cost
- Break-even accelerates by 30-50%
Factors That Delay Break-Even
1. High Hourly Rate
If your time is worth $200/hr instead of $100/hr:
- Maintenance cost doubles
- Migration cost doubles
- Break-even extends 30-50%
2. Low Team Size
Under 5 users, most SaaS free tiers are sufficient:
- Break-even may never happen for some tools
- Focus on tools without free tiers
3. Complex Integrations
Heavy integration rewiring adds migration cost:
- Each integration: +$200-500 to migration
- 20 integrations: +$4,000-10,000
4. Compliance Requirements
If you need HIPAA/SOC2 compliance on self-hosted:
- Security audit: $5,000-20,000
- Ongoing compliance: $2,000-5,000/year
- May negate savings for small teams
Decision Framework
| Team Size | Recommendation |
|---|---|
| 1-5 | Use SaaS free tiers. Self-host only for privacy/learning |
| 5-15 | Self-host quick wins (passwords, scheduling, monitoring) |
| 15-50 | Self-host core stack (chat, PM, docs, analytics) |
| 50-100 | Self-host everything except design tools |
| 100+ | Self-host aggressively — savings are massive |
The Bottom Line
Break-even typically happens in:
- 3-6 months for large teams (50+) doing full-stack migration
- 10-15 months for medium teams (15-50) migrating core tools
- 12-24 months for small teams (5-15) migrating selectively
After break-even, every month is pure savings. Over 3-5 years, the cumulative savings are 5-20x the migration cost.
The question isn't whether self-hosting is cheaper — it's when.
Calculate your break-even point for any tool at OSSAlt.
Running the Numbers
The self-hosting break-even calculation depends on three variables: software licensing cost, infrastructure cost, and your time valuation. The economics change dramatically depending on team size.
For a 5-person team: A $20/month VPS running Nextcloud, Gitea, and Plausible Analytics replaces Google Workspace ($72/month for 5 users), GitHub Team ($20/month), and Plausible's $9/month plan — saving $81/month before the infrastructure cost. Net savings: $61/month ($732/year). Setup time: 6-8 hours. Break-even: under 2 months.
For a solo developer: Self-hosting the same stack saves $25-40/month but the operational overhead (updates, monitoring, backups) adds 1-2 hours/month. At $100/hour, that's $100-200/month of opportunity cost against $25-40 in savings. For solo developers without excess server capacity, SaaS is often cheaper when time is correctly valued.
The hidden costs: SSL certificates (free with Let's Encrypt), domain name ($10-15/year), backups ($3-6/month on B2), and monitoring (free with Uptime Kuma). These add $4-8/month to your infrastructure cost but are non-optional for any serious deployment.
Where self-hosting wins decisively: Per-seat SaaS pricing at 20+ seats. Services with high data egress costs (storage, analytics). Privacy-sensitive tools where data ownership is legally required. The calculation tilts toward self-hosting when the SaaS alternative is expensive per user and your infrastructure can absorb additional load at near-zero marginal cost.
Network Security and Hardening
Self-hosted services exposed to the internet require baseline hardening. The default Docker networking model exposes container ports directly — without additional configuration, any open port is accessible from anywhere.
Firewall configuration: Use ufw (Uncomplicated Firewall) on Ubuntu/Debian or firewalld on RHEL-based systems. Allow only ports 22 (SSH), 80 (HTTP redirect), and 443 (HTTPS). Block all other inbound ports. Docker bypasses ufw's OUTPUT rules by default — install the ufw-docker package or configure Docker's iptables integration to prevent containers from opening ports that bypass your firewall rules.
SSH hardening: Disable password authentication and root login in /etc/ssh/sshd_config. Use key-based authentication only. Consider changing the default SSH port (22) to a non-standard port to reduce brute-force noise in your logs.
Fail2ban: Install fail2ban to automatically ban IPs that make repeated failed authentication attempts. Configure jails for SSH, Nginx, and any application-level authentication endpoints.
TLS/SSL: Use Let's Encrypt certificates via Certbot or Traefik's automatic ACME integration. Never expose services over HTTP in production. Configure HSTS headers to prevent protocol downgrade attacks. Check your SSL configuration with SSL Labs' server test — aim for an A or A+ rating.
Container isolation: Avoid running containers as root. Add user: "1000:1000" to your docker-compose.yml service definitions where the application supports non-root execution. Use read-only volumes (volumes: - /host/path:/container/path:ro) for configuration files the container only needs to read.
Secrets management: Never put passwords and API keys directly in docker-compose.yml files committed to version control. Use Docker secrets, environment files (.env), or a secrets manager like Vault for sensitive configuration. Add .env to your .gitignore before your first commit.
Production Deployment Checklist
Before treating any self-hosted service as production-ready, work through this checklist. Each item represents a class of failure that will eventually affect your service if left unaddressed.
Infrastructure
- Server OS is running latest security patches (
apt upgrade/dnf upgrade) - Firewall configured: only ports 22, 80, 443 open
- SSH key-only authentication (password auth disabled)
- Docker and Docker Compose are current stable versions
- Swap space configured (at minimum equal to RAM for <4GB servers)
Application
- Docker image version pinned (not
latest) in docker-compose.yml - Data directories backed by named volumes (not bind mounts to ephemeral paths)
- Environment variables stored in
.envfile (not hardcoded in compose) - Container restart policy set to
unless-stoppedoralways - Health check configured in Compose or Dockerfile
Networking
- SSL certificate issued and auto-renewal configured
- HTTP requests redirect to HTTPS
- Domain points to server IP (verify with
dig +short your.domain) - Reverse proxy (Nginx/Traefik) handles SSL termination
Monitoring and Backup
- Uptime monitoring configured with alerting
- Automated daily backup of Docker volumes to remote storage
- Backup tested with a successful restore drill
- Log retention configured (no unbounded log accumulation)
Access Control
- Default admin credentials changed
- Email confirmation configured if the app supports it
- User registration disabled if the service is private
- Authentication middleware added if the service lacks native login
Getting Started
The best time to set up monitoring and backups is before you need them. Deploy your service, configure it, and immediately add it to your monitoring stack and backup schedule. These three steps — deploy, monitor, backup — are the complete foundation of a reliable self-hosted service. Everything else is incremental improvement.
The break-even calculation becomes more favorable as your team grows. Fixed infrastructure costs (VPS, domain, backup storage) scale sub-linearly with users, while SaaS per-seat pricing scales linearly. At 5 users, self-hosting a $30/month SaaS equivalent might break even in 6 months. At 20 users, it breaks even in 6 weeks. The economies of self-hosting are strongest for team tools with high per-seat pricing and lowest for individual tools where the time cost of operation exceeds the license cost.
Track your actual time cost in the first three months of self-hosting. The initial setup time is real but one-time; ongoing maintenance time per service per month is the variable that determines long-term economics. Well-configured self-hosted services with monitoring and automated updates typically require 15-30 minutes per month per service. If your actual time cost exceeds this significantly, it usually indicates a configuration problem (missing automation, frequent manual updates, unmonitored failures) rather than an inherent characteristic of self-hosting.