The economics of free: how receipts.you survives on Cloudflare's free tier

What runs the service

• Cloudflare Pages serves the marketing site (static export of Next.js). Free tier: unlimited bandwidth, unlimited requests.
• Cloudflare Workers runs the API (sealing, verification, OTS anchoring cron). Free tier: 100k requests/day per worker.
• Cloudflare D1 stores the receipt records (~400 bytes each). Free tier: 5 GB total.
• OpenTimestamps calendar servers handle the external timestamp anchoring. Operated by the OTS project; free at protocol level.
• Bitcoin blockchain is the anchor of trust. Free at protocol level (OTS aggregates many submissions into single transactions; per-receipt anchor cost is effectively zero).

We also pay for a domain renewal (~$20/year). That's the full cost stack.

The hash-only architecture is the reason

Most services that handle media files pay for storage. Receipts.you doesn't store media. We store SHA-256 hashes, ECDSA signatures, timestamps, and OTS proofs — about 400 bytes per receipt. A million receipts is 400 MB; ten million is 4 GB. Cloudflare D1's 5 GB free tier covers ~12 million receipts before any cost discussion.

Worker requests scale with usage, but per-receipt CPU is tiny: one ECDSA sign, one D1 row insert, one return. The 100k/day free tier covers significant traffic; even at full saturation the paid tier ($5/month for 10M requests) is cheap.

Bandwidth is the third dimension of typical SaaS cost. We serve static HTML/CSS/JS via Pages (free, unlimited). Image uploads are zero bandwidth because we don't accept them. Image stamping happens server-side once (the QR composite is the only image we generate), but we serve the bytes back to the user's browser only once — no permanent CDN storage, no repeated bandwidth.

Why doesn't this break at scale?

Three structural reasons:

1. The architecture is inherently cheap per unit. Storage is bytes-per-receipt; CPU is microseconds-per-receipt; bandwidth is zero for the hot path. Linear scale costs remain low.
2. Cloudflare's free tier is generous. Cloudflare deliberately offers a usable free tier as a customer-acquisition strategy for paid tiers. We benefit from this without ever needing to move to paid.
3. OpenTimestamps amortizes the most expensive primitive. Anchoring to Bitcoin would be expensive per-hash; OTS aggregates submissions into a Merkle tree and anchors the root, so per-hash cost approaches zero asymptotically.

Where would costs appear?

The realistic scenarios where receipts.you would start costing us material money:

• Sustained abuse / DDoS. If someone wanted to grief us, sustained worker requests would push past the free tier. Cloudflare's standard DDoS protection handles trivial cases; sustained sophisticated abuse would require paid mitigation. The current rate limits (1000/min/IP, 10000/day/IP) are calibrated to let real usage through while making cheap abuse uneconomic.
• Massive organic growth. If the service hit ten million receipts per day, the worker request count would push into paid-tier territory ($5-50/month range). Still tractable.
• Feature creep into expensive territory. Adding image storage, video support, account systems with email infrastructure — all things we've specifically chosen not to add. The free architecture survives because the scope stays narrow.

What “sustainable free” actually means

We don't intend to become a paid service. The product scope is tightly bounded around what cheap-by-construction primitives can do well. The day we'd need a paid tier is the day we'd be doing something we explicitly don't want to do — storing images, building monitoring SaaS, becoming a regulated qualified-timestamp provider.

If the costs ever did materially exceed the value of running the service for us, the right move would be:

1. Open-source the entire stack (some parts already are).
2. Document the deploy process so any willing party can stand up a successor.
3. Publish the signing key's history so existing receipts remain verifiable.

The receipts already issued remain valid independently of us — that's the point of the OpenTimestamps anchor and the published public key.

Why this matters to you

The economics matter because they answer the question users always ask about free services: “what's the catch?” The catch is that we're bounded in scope — we won't store your image, won't monitor leak sites for you, won't file DMCAs on your behalf, won't become a Pro tier with the workflow you wanted us to add. The flip side is that the cryptographic primitives we do provide are durable, well-maintained, and free at any plausible volume of personal or professional use.

If you want the leak-monitoring + DMCA-filing workflow, we've compared the SaaS bundles honestly at vs. Privly / Ovarra — they do that part well and charge for it.