Flat-fee SaaS development in 2026: what it actually costs and why

Why the 12-week build still gets quoted

Traditional agencies quote eight to sixteen weeks for a custom application because that is how long it takes a team of three to five engineers, working sequentially, to ship a new system. The number is a function of how many humans touch each file, not how complex the system actually is. Account manager hands the brief to the project manager. Project manager runs a discovery phase. Designer mocks the screens. Frontend engineer builds against the mocks. Backend engineer builds against the spec. QA tests at the end. Each handoff is a week, and there are at least six of them.

AI-assisted delivery breaks the handoff bottleneck. Code generation handles the boilerplate. Layout exploration runs in parallel against a single brief. Senior engineers focus on architecture, security review, and the regulated- compliance posture that AI cannot own. The same system ships in two to five weeks instead of eight to sixteen, because the surfaces are not waiting on each other and the handoffs are not waiting on each other either.

The shorter timeline is not a corner-cut. The work that used to happen in the handoff (the project manager translating between designer and engineer, the QA pass at the end, the discovery phase that produced a document nobody read) is real work, but most of it was overhead from team structure, not from the build itself. Strip the team structure to a single senior engineer plus AI-assisted scaffolding plus a security reviewer, and the calendar collapses on its own.

The agencies that still quote twelve weeks are not lying about how long their process takes. They are quoting their process, which still includes the handoffs. The price difference and the timeline difference are downstream of a structural difference, not a quality one.

What flat-fee actually means

Flat-fee means the number you see is the number you pay. Cardinal's Build & Run engagements quote a single fee against a written scope, with the scope nailed down inside two business days of a brief. No hourly billing. No retainer commitments to start. No statement-of-work theater.

If scope changes during delivery, Cardinal quotes the change up or down in writing before doing the work. The flat-fee number on the original engagement stays the contract for the original scope. A scope change is a separate small contract, quoted the same way (written, flat, two-business-day turnaround) before any work on it starts. The founder is never surprised by a line item.

What flat-fee is not: a discount. The number is the number because the scope was nailed before the work started, and the surfaces are predictable enough that a senior team can quote them with confidence. It is not a bargain version of an hourly engagement. For genuine R&D work, where the answer is unknowable in advance, hourly billing is honest and flat-fee is not. The full case for which model fits which engagement sits in the flat-fee versus hourly post; the short version is that flat-fee is correct when the shape of the work is known, and hourly is correct when the shape is the thing being figured out.

What flat-fee is also not: a fixed deadline with elastic scope. The deadline holds because the scope holds. If a founder mid-engagement decides the build needs a feature that was not in the written scope, that feature gets a written quote and a written timeline addendum. Cardinal does not absorb scope creep silently and then ask for a renegotiation at the end. The mechanic is durable because it is symmetric: scope changes can shrink the price as well as grow it.

The three engagement tiers and what they buy

Cardinal ships three new-build tiers and one rescue engagement. The three new-build tiers are ordered by what the founder is bringing to the conversation: an idea, a launch surface, or a production system.

Prototype Sprint, $1,800 flat, 5–7 days. An idea, a sketch, or a memo turned into a working prototype on a temporary domain. Real interactions, real data, real flow. The founder gets a working surface they can put in front of three users, a partner, or a check- writer to find out whether the idea is worth building for real. Yours to keep, throw away, or upgrade into a Flagship Build with the prototype credited toward the larger fee.

Who it is for: a founder with a memo and no working artifact, or a product manager who needs a defensible prototype before asking for headcount. What is included: a working app on a temporary Cardinal-hosted URL, the source on a private repo, an intake-style design built against the brief. What is not included: a custom domain, a production-grade auth posture, ongoing hosting beyond the prototype window. Example fit: a two-paragraph idea for a B2B onboarding tool, turned into a five-screen working demo with a Supabase backend and seed data, hosted at a temporary URL for the founder to walk through with three design partners.

Signature Site, $3,200 flat, 7–10 days. Hand-built launch site at your own domain. Brand voice copywriting, custom design, on-page SEO with answer-engine and generative-engine baseline. No template kits, no bento grids, no stock photography. The site is the artifact a founder uses to introduce the business to the world: the press, the investor inbox, the cold-outbound landing page.

Who it is for: a founder launching a service, a studio, a consulting practice, or a software product whose primary sales motion is going to start with a real website. What is included: 5–8 pages of bespoke design and copy, on- page SEO that ranks for the founder's named search queries, structured data for AI answer engines, contact and intake forms wired to the founder's email or CRM. What is not included: a full app behind login, complex integrations, regulated-compliance posture. Example fit: a seven-page launch site for a boutique tax practice, with partner bios, service detail pages, an intake form that routes to the practice's case-management system, and structured data so the firm shows up in ChatGPT answers for its niche.

Flagship Build, from $7,500, 2–5 weeks. Full custom build for established businesses, regulated firms, and growth-stage startups. Three sub-tiers tuned to page count and compliance posture: Basic from $7,500 (5–10 pages), Advanced from $12,000 (10–25 pages), Enterprise / regulated from $28,000 (25–40+ pages). Every Flagship Build includes the operating stack (Pulse for monitoring, Triage for feedback, Bug Catcher for runtime errors, Scout for telemetry) wired in at launch.

Who it is for: a business with a real product, real users, and a need for software that survives a regulator, counsel, or an actual operating team. What is included: full custom application, written compliance posture where applicable, the Cardinal operating stack, 30 days of free fixes after handoff, a written runbook, and a deploy on the founder's own domain with rollback rehearsed. What is not included: ongoing development past the 30-day window (handled by retainers, see below), product strategy outside the brief, or marketing that the Signature Site tier handles. Example fit: a HIPAA-grade intake system for a fifteen-clinician therapy practice, with provider workflows, audit logging, BAA-ready data handling, and written compliance posture for the practice's attorney to review before launch.

What actually drives the price

Five variables move the number on a Flagship Build, in descending order of how much they shift the quote.

Page count and surface area. The loudest variable. A 5–10 page Basic build at $7,500 is a different engagement from a 25–40 page Enterprise build at $28,000. Page count is a proxy for the number of distinct screens, states, and data shapes the build has to support, and each new shape is a new place where decisions have to be made and verified. Doubling page count does not double the price (the operating-stack work amortizes across the project), but it shifts the engagement to a higher tier.

Regulatory posture.The next loudest. HIPAA, attorney-client privilege, SEC EDGAR compliance, and audit-trailed document workflows all add architecture work that has to be right before launch, not after. A non-regulated 10–25 page build is an Advanced Flagship at $12,000. The same build under HIPAA usually moves to Enterprise because the auth posture, audit logging, BAA- ready data handling, and PII redaction layer are non-optional. Cardinal's leadership team has shipped production software under HIPAA (mental health, anesthesia), SEC compliance (EDGAR filings), and attorney-client privilege (plaintiff-side legal technology), so the posture is priced from experience rather than guesswork.

Custom integrations. Third-party APIs the build has to talk to: payments, scheduling, email, CRM, specialty tools per industry. Each integration is a small engagement of its own (auth, error handling, retry logic, webhook verification, a written posture for what happens when the third party goes down). Two or three integrations are routine and built into the tier price. Five or more on a single build usually moves the quote up a sub-tier because the integration surface starts to dominate the calendar.

Brand voice copywriting. Included by default in Signature Site and every Flagship Build above it. Most agencies bill copywriting separately at $0.50 to $2.00 per word, which on a 25-page site is a four-figure line item that nobody priced in advance. Cardinal includes it because the alternative (a founder writing their own copy on a deadline, or pasting AI-generated marketing text into custom design) is the failure mode that kills launch sites.

Compliance review and runbook depth.For regulated builds, the deliverable includes a written compliance posture and a runbook the founder's attorney or auditor can read. That writeup work is non- trivial and lives at the Enterprise tier. Non-regulated builds get a runbook too, but the depth required is much shorter.

What does not drive the price: discovery calls, statement-of-work theater, account manager layers, or junior-to-senior handoffs. Cardinal is a senior team. Every engagement is led by a named senior engineer from scoping through handoff, and the per-hour cost of the people on the project is roughly the same regardless of tier. The tier sets the scope and the depth, not the staffing level.

The gross-margin math, in plain English

The honest reason Cardinal can ship at flat fees a legacy agency cannot match is that the underlying delivery economics changed, and most of the industry has not yet re-priced. The math is unglamorous and worth doing explicitly.

A legacy agency on a 10–25 page custom build runs a team of roughly five: an account manager, a project manager, a senior engineer, a junior engineer, and a designer. Most US-market studios bill those roles at a blended rate of $150 to $200 per hour. Over eight to sixteen weeks at, say, twenty billable hours per week per person, the agency's gross revenue on a single engagement lands between $60,000 and $190,000. After role-loaded labor cost (salary plus the roughly 35% load for taxes, benefits, and overhead) the studio is clearing 30–50% gross margin on a successful engagement. That is the math behind a $75,000 to $150,000 quote for a 10–25 page build, and the math holds as long as the engagement does not run long. Half the time it does.

Cardinal on the same 10–25 page Advanced Flagship runs a team of one or two: a named senior engineer leading the build, plus a security reviewer for the compliance posture. AI-assisted scaffolding handles the boilerplate that used to require the junior engineer. Parallel-agent orchestration handles the design exploration that used to require a separate designer. At a loaded senior cost of roughly $100 per productive hour and a two-to-four week build with maybe 60–100 productive hours total, the internal cost stack lands around $6,000 to $10,000. Pricing the build at $12,000 flat clears a healthy gross margin without the agency overhead, and the founder pays a fraction of the legacy quote on the same scope.

The cost gap is not a quality gap. It is an economics gap. AI-assisted delivery raises gross margin enough that a senior team can ship at flat fees a legacy agency cannot match.

The math is not a trick and it is not sustainable for every studio. It only works if the team is genuinely senior (junior engineers using AI generate code faster than they can review it, which is how vibe-coded apps end up in a Vibe Rescue), the scope is genuinely nailed (scope creep on flat-fee is how studios go out of business), and the operating stack is mature enough to amortize across engagements (Pulse, Triage, Bug Catcher, Redactor, Worktree, and Scout were built once and ship into every project at zero marginal cost).

The reason the rest of the industry has not re-priced yet is mostly inertia. Account-manager-and-project- manager team structures are how agencies are organized, and the people in those roles are the people the agency cannot remove without tearing down its own org chart. The studios that have re-priced are mostly new (Cardinal is one), mostly small, and mostly led by senior engineers who were the ones using AI assistance on their own anyway. That gap closes over time. Until it does, flat-fee at this price is genuinely available and the legacy quotes are genuinely correct for the way those teams still ship.

What happens after launch

Every engagement ships with 30 days of free fixes after handoff. The fix window is for the scope that was delivered: if something Cardinal built breaks, Cardinal fixes it at no charge. New features, new pages, or new integrations are scope changes and get quoted in writing the same way the original engagement was.

After day 30, most clients onboard into one of three Cardinal retainers:

• Foundation, $1,400–$2,200/month. Hosting, monitoring, security patching, the operating stack kept current, light copy and content updates. The right tier for a Signature Site or a small Flagship that is not actively under development.
• Accelerator, $5,200–$7,800/month. Everything in Foundation, plus a budget of senior engineering hours per month for ongoing feature work, AI search visibility optimization, and content. The right tier for an Advanced Flagship Build that keeps shipping new surfaces post- launch.
• Apex, $11,000–$18,000/month. Everything in Accelerator at a larger engineering allocation, plus regulatory posture maintenance and incident response. The right tier for an Enterprise Flagship under HIPAA, SEC, or attorney-client privilege.

The retainers are flat monthly fees on a month-to-month commitment. No annual contract to start. The hours and scope per tier are written into the retainer agreement, so the founder can see exactly what each tier buys before opting in.

Or you take the keys and run. Cardinal does not lock-in ownership. Code, deploy, data, and bills are yours from handoff forward, and a founder who decides to bring ongoing work in-house, hand it to another studio, or hold the project where it is can do so without any extraction work on their end.

Compare it fairly to the legacy alternative

A comparable traditional-agency build for a 10-to-25-page production application runs $40,000 to $90,000 and takes eight to sixteen weeks. Cardinal's Advanced Flagship is $12,000 and ships in two to four weeks. Same engineering standards. Same regulated-industry posture where required. Fraction of the timeline and budget.

The honest side-by-side on a single example: a 15-page HIPAA-grade intake and scheduling system for a mental health practice.

• Legacy agency. 12-week timeline, team of five, $75,000 quote with a 20% deposit and quarterly milestone billing. Discovery phase of two weeks producing a 40-page spec document. Design phase of three weeks. Build phase of five weeks. QA and deploy phase of two weeks. Founder time required: a weekly two-hour status meeting plus async approvals at each milestone. Total founder time across the engagement: roughly forty hours.
• Cardinal Flagship (Enterprise tier for HIPAA). 4–5 week timeline, named senior engineer plus a security reviewer, $28,000 flat fee. Written scope back in two business days, no discovery phase, no statement-of-work theater. Compliance posture written into the deliverable. Founder time required: the intake, an async daily update, the day-7 checkpoint, and the day-final handoff. Total founder time across the engagement: roughly six hours.

The price gap is roughly 3:1. The timeline gap is roughly 3:1. The founder-time gap is roughly 6:1. None of those ratios is the result of cutting a corner. They are the result of cutting the parts of the engagement that did not produce code the user actually touches.

For a founder evaluating both options, the right question is not whether Cardinal is cheaper (it is) but whether the engineering and compliance posture are equivalent. The answer is yes, with the same caveat that applies to the agency: the posture is only as good as the senior people on the project, and a founder should always ask to meet the named senior engineer before signing.

Next step: send a brief

Two paragraphs, a Loom walkthrough, a sketch, or a finished PRD. We send back a written scope and a flat number inside two business days. No discovery call required. Start at the Cardinal Stacks intake page.