What It Costs to Keep Apps Running on Vibe Coding Platforms

← Back to Blog

June 5, 2026 20 min read AI Development

Vibe Coding Platform Cost Study · 2026

Lovable · Replit · Independent Stack · USD/INR ₹95 mid-market · June 2026

Indian Developer Perspective · Native Capabilities Focus

A comparative study of Lovable, Replit, and an independent stack — evaluated on their native, in-built capabilities for database, auth, security, and analytics. Costs are modelled from the perspective of an Indian indie developer keeping a production web app live after the build phase. Closed Fist (closedfist.site), an AI subscription tracker, is used throughout as a representative example app: a React/Vite SPA with auth, a PostgreSQL backend, and financial data.

3 platforms compared 7 sections USD + INR ₹95 mid-market Active dev + maintenance scenarios June 2026

Section 01

Native Capability Matrix

What each platform supplies from its own infrastructure — without the developer connecting an external service. “Bundled” means the external service is wired in by default at no extra platform cost. “External” means you configure and pay separately.

Capability	Lovable Pro · $25/mo	Replit Core · $20/mo	Independent Stack CF Pages + Supabase + Posthog
Hosting CDN · SSL · Custom domain	Native Lovable Cloud — static React/Vite SPA deployed to Lovable’s CDN. Custom domain and SSL on Pro. No SSR. Lovable controls the hosting layer; no direct infrastructure access. Suits any SPA-architecture app without modification.	Native Replit Deployments — Static, Autoscale, or Reserved VM options. Custom domain on all paid plans. Static is credit-light; Autoscale costs credits per request. Production apps need Reserved VM or Autoscale for always-on behavior, which draws from the shared credit pool.	Self-configured Cloudflare Pages — unlimited bandwidth, 500 builds/mo free. Global CDN. Custom domain + SSL included. Connect via GitHub Actions CI/CD. Full control over cache headers, WAF rules, and bot policies including AI Crawl Control configuration.
Database Schema · Migrations · RLS	Bundled (Supabase) Supabase is Lovable’s native backend. Every Lovable Cloud project ships with a Supabase PostgreSQL instance. Lovable’s AI auto-generates the schema, RLS policies, and migrations from plain-English prompts. You cannot swap this for another DB within the Lovable editor. The Supabase instance is managed for you — no Supabase subscription needed on the base Pro plan when using Lovable Cloud’s managed instance.	Native (Neon PG) Replit’s built-in PostgreSQL runs on Neon. Spins up in seconds, managed through the Replit UI. No external subscription needed. However, Neon’s Replit-managed instance lacks Supabase Auth’s Row Level Security integration — auth and DB policies must be wired manually. Replit also offers a key-value store for simpler use cases. All DB compute draws from the shared credit pool.	Supabase Pro · $25/mo Full Supabase Pro: 8 GB DB, 100 K MAU, 100 GB storage, 500 realtime connections, 2M edge function invocations. You control the project, region, backups, and compute tier. Migrate or export at any time. The $10/mo compute credit offsets one Micro instance.
Authentication Email · OAuth · Session mgmt	Bundled (Supabase Auth) Supabase Auth is generated automatically when you prompt Lovable to add login. Supports email/password, Google, GitHub, Apple, Facebook OAuth. RLS policies tie directly to auth.uid() — database rows are protected at the query level with no extra code. 50 K MAU included in the managed Supabase instance. No separate Clerk subscription required.	Partial (Replit Auth) Replit Auth identifies the current Replit-logged-in user — well suited to internal tools and developer-facing apps, but limited for multi-tenant SaaS where your users are not Replit users. For OAuth, JWT session management, and DB-level Row Level Security, most developers connect external Supabase Auth or Clerk. Replit Auth and the Neon DB have no native RLS integration.	Supabase Auth · $0 add-on Supabase Auth is included in the $25 Pro plan at no extra cost — 50 K MAU free, $0.00325/MAU beyond. Email/password + OAuth. RLS integrates natively with the database. Alternatively, Clerk Free covers 10 K MAU with a better developer UI, at $0 until scale. Supabase Auth wins on cost at scale; Clerk wins on DX at small scale.
Security WAF · SAST/SCA · Compliance	Native (Security Center) Lovable Security Checker 2.0 — four automated scanners run continuously: RLS policy auditor, database schema checker, application code SAST, and dependency SCA. Scans trigger on every publish. Platform-level WAF, network isolation, and adaptive rate limiting on Lovable Cloud. SOC 2 Type II and ISO 27001:2022 certified (certified Aug 2025, recertification scheduled Q3 2026). GDPR DPA and EU AI Act Low Risk classification available. Enterprise plan adds SSO/SAML, SCIM, RBAC, audit logs.	Partial (platform-level only) Replit’s infrastructure is SOC 2 Type 2 attested and runs on Google Cloud Premium Tier with platform-level WAF and DDoS protection. However, per-deployment WAF rules and per-endpoint rate limiting are not available — an exposed login endpoint has no native brute-force guard. There is no built-in SAST/SCA for generated code. AI Agent scaffolding frequently introduces secrets-in-env leaks and permissive CORS headers. Free-plan repls are public by default, exposing source code. RBAC and SSO are available on Pro only.	Composable · $0–$25/mo Cloudflare Free WAF + bot protection included. Snyk Free (500 scans/mo) or Semgrep OSS run in GitHub Actions CI/CD — Claude Code’s ip-guard skill fits here. Full control over security headers, CORS policy, rate limiting rules. No out-of-the-box SAST scanner unless configured. Supabase Pro adds RLS + encrypted backups. This path requires configuration effort; the payoff is the highest customisability for a financial data app.
Analytics Events · Sessions · Funnels	None native Lovable has no built-in product analytics. Posthog, Plausible, or Umami must be added manually — either via a Lovable prompt (“add Posthog tracking”) or by editing the exported code. Posthog’s free tier (1M events/mo, 5K session recordings) is sufficient for Closed Fist at MVP scale and integrates in one prompt.	None native Replit has no built-in product analytics. Same external options apply: Posthog, Plausible, Umami. Posthog’s React SDK drops in easily. The Replit Agent can scaffold the integration, though this consumes credits.	Posthog Free · $0 Posthog Cloud free tier: 1M events/mo, 5K session recordings, 1M feature flag calls, error tracking, A/B testing — all resetting monthly. Paid tier starts at $0.00005/event beyond free limit. For Closed Fist (MVP traffic), the free tier is a permanent fit unless the user base scales past 50K active monthly users generating dense event streams.
CI/CD & Version Control GitHub sync · Deploy pipeline	GitHub sync (Pro) Two-way GitHub sync on Pro plan. Lovable commits generated code to your repo on every build. You can open pull requests against the repo and edit code locally in VS Code / Cursor, then re-sync. No native CI/CD pipeline — deploys trigger through the Lovable editor, not from git push.	Native + GitHub sync Replit has a full cloud IDE with version history, branching, and GitHub sync. Deployments trigger from within Replit. No native GitHub Actions-style CI/CD. Code lives primarily in Replit’s environment; GitHub is a sync target, not the source of truth. 30–60 second push delays reported.	GitHub Actions · $0 GitHub is the source of truth. Cloudflare Pages deploys on every git push via GitHub Actions. Full CI/CD pipeline: lint → test → Snyk scan → deploy. Zero vendor lock-in on the CI layer. Deploy previews per pull request. This is the most mature pipeline of the three options.
Portability Code export · Vendor lock-in	Medium lock-in Lovable generates standard React + Vite code that you can export. Supabase calls are spread throughout the codebase — migrating to a different backend requires a significant refactor. Framework is locked to React/Vite (no Next.js, SSR, or alternative frameworks as of March 2026). Hosting lock-in is moderate: you can export and self-host, but the AI-assisted workflow only works inside Lovable.	Medium-high lock-in Replit projects can be exported via GitHub sync, but the runtime (Replit DB, Replit Auth, Replit Secrets) is tightly coupled to the Replit environment. Migrating a production app off Replit requires rebuilding the deployment pipeline, replacing Replit DB with an external Postgres, and re-wiring auth. Replit has restructured pricing three times since 2025 — operational risk for budget planning.	Minimal lock-in Each service is independently replaceable. Cloudflare Pages → swap to Vercel or Netlify. Supabase → export Postgres dump, migrate to Neon or PlanetScale. Posthog → export event data. Every layer has a documented migration path. Code lives in GitHub, not inside a platform’s proprietary environment.

Section 02

Total Monthly Running Cost — Active Development Scenario

Costs modelled using each platform’s native and bundled capabilities. External services added only where the native capability is absent. Example app: a React/Vite SPA with PostgreSQL backend, auth, and user data (represented by Closed Fist). Scenario: solo developer, <10K MAU, one production environment, active build phase.

₹95

1 USD · mid-market June 2026

₹97–100

effective after card markup (2–5%)

All USD amounts in this study carry a ₹2–5/dollar surcharge on Indian cards. Add 18% IGST on OIDAR-classified services if you are not GST-registered. GST-registered businesses recover IGST as Input Tax Credit (ITC). INR figures below use ₹95 mid-market unless noted.

Lovable

Pro · Managed Supabase · Native Security

Lovable Pro (platform + AI + hosting)$25
DB (Supabase — managed, included)$0 ← bundled
Auth (Supabase Auth — bundled)$0 ← bundled
Security Checker 2.0 (native SAST/SCA)$0 ← native
WAF (Lovable Cloud, included)$0 ← native
Analytics — Posthog Free$0 ← external free
Custom domain SSL (included Pro)$0 ← included
Cloudflare proxy (free tier)$0 ← free tier

$25/mo

≈ ₹2,375/mo

Effective with card markup: ≈ ₹2,450–2,500

With IGST (if not GST registered): ≈ ₹2,850

★ Lowest total cost

What you give up: No SSR (React/Vite SPA only). The Lovable-managed Supabase instance is opaque — you cannot adjust compute tiers or backup retention without connecting a self-managed project (which adds $25/mo and changes the cost model). Security Checker 2.0 provides SAST + dependency scanning, but coverage depends on Lovable’s scan rules rather than a pipeline you control. Credit budget: 100/mo on Pro; heavy UI iteration can exceed this.

Replit

Core · Native PG · External Auth Required

Replit Core (IDE + hosting credits)$20
Always-on deployment (Reserved VM credits)~$15–20
DB (Neon PG — built-in, from credits)~$5 (credit draw)
Auth — must use Supabase Auth or Clerk$0–20
Security scanning — none native; external Rafter/Snyk$0 (free tiers)
Analytics — Posthog Free$0 ← external free
AI Agent overage (typical active dev)$15–40

$55–100/mo

≈ ₹5,225–9,500/mo

Effective with card markup: ≈ ₹5,400–9,800

Ceiling is soft — surprise bills of ₹20,000+ reported

⚠ Review auth requirements before committing

Key considerations: Replit Auth works well for internal tools and developer-facing apps, but requires an external auth service (Supabase Auth or Clerk) for apps where end users are not Replit users. The Neon PG instance and Replit Auth have no native RLS integration, so database-level access control requires manual wiring. The shared credit pool — covering AI Agent calls, deployment, DB compute, and data transfer — means development activity and production uptime compete for the same budget, making monthly cost harder to predict.

Independent Stack

CF Pages + Supabase Pro + Posthog Free

Cloudflare Pages (hosting + CDN + WAF)$0 ← free
Supabase Pro (DB + Auth + Storage + Edge Fn)$25
Supabase Auth (included in Pro)$0 ← included
Security — Snyk Free + CF WAF + ip-guard in CI$0 ← free tiers
Analytics — Posthog Free$0 ← free tier
CI/CD — GitHub Actions (free for public/private)$0 ← included
AI coding tool — Cursor Pro or Windsurf Pro$20

$45/mo

≈ ₹4,275/mo

Effective with card markup: ≈ ₹4,400–4,500

With IGST (unregistered): ≈ ₹5,100

Best control · highest setup effort

What you gain: Full pipeline ownership — every service has a documented migration path. Snyk Free in GitHub Actions gives structural dependency scanning. Cloudflare WAF handles network-layer threats. No credit-pool risk. What it costs: 4–8 hours of initial setup (CF Pages config, GitHub Actions workflow, Supabase project, env vars). Ongoing maintenance is ~1–2 hrs/month. Not a zero-ops path.

Without an AI coding tool ($20): Once active vibe-coding drops to minimal patches, the Independent Stack becomes $25/mo (≈ ₹2,375) — cost-equivalent to Lovable Pro but with full infrastructure control and no platform lock-in. This is the correct end-state once an app is feature-stable.

Section 03

Maintenance Effort Comparison

Monthly operational overhead per stack, assuming a solo founder with a technical background. Excludes feature development time.

Task	Lovable	Replit	Independent Stack
Dependency updates	Low Lovable Security Checker 2.0 flags SCA issues. Remediation is a prompt (“update this dep”). No manual npm audit needed.	High No native SCA. Developer must run npm audit or connect Snyk externally. AI Agent fixes consume credits.	Medium Snyk Free in GitHub Actions surfaces dep alerts on every push. Remediation is a PR. Adding a pre-generation IP/license check to the CI pipeline covers SCA before code is committed.
Database migrations	Low Lovable generates and deploys Supabase migrations via prompt. Schema changes are managed through the editor UI.	Medium Replit Agent can generate migration SQL, but deployment to Neon PG requires manual execution or an additional credit spend on the Agent.	Medium Supabase CLI handles migrations. Supabase Studio provides visual diff of schema changes. Initial learning curve; then mostly automated.
Security patching	Low Four automated scanners run on every publish. WAF rules managed by Lovable. Developer reviews the Security Center dashboard; remediates critical findings via prompt.	High No automated scanning. Secrets leaking into public repls is a persistent risk. Developer must manually run Rafter or Snyk and apply fixes. Each Agent fix pass costs credits.	Medium GitHub Actions CI/CD runs Snyk + Semgrep on every push. Cloudflare WAF handles most network-layer attacks. Developer reviews alerts; patches via standard PR flow.
Deployment & rollback	Low One-click publish. Rollback via Lovable version history. No CLI or pipeline config needed.	Medium One-click deploy in Replit UI. Rollback via Replit version checkpoints. No GitHub Actions integration; limited CI/CD flexibility.	Low Git push triggers Cloudflare Pages deploy. Instant rollback to any prior commit. Preview deployments per PR are automatic.
Cost monitoring	Low Flat $25/mo. Credit rollover tracked in dashboard. No surprise billing unless you exceed 100 credits/mo and buy add-ons.	High Shared credit pool requires active monitoring. Users report exhausting Core credits mid-month without notification. Requires setting manual spend alerts.	Low Flat $25/mo Supabase. Posthog free tier. Cloudflare free tier. Cursor $20/mo. No shared credit pool. Each service has independent billing with hard limits.
Estimated monthly ops time	~1–2 hrs/mo	~4–6 hrs/mo (+ unplanned time on surprise billing incidents)	~2–3 hrs/mo (higher in first month during setup: ~6–8 hrs)

Section 04

Forex & Tax Impact — Indian Developer

₹

Card Markup (2–3.5%)

On a $25/mo Lovable plan, the invisible forex fee is ₹48–88/mo — ₹576–1,056/year. On the independent $45/mo stack it is ₹86–159/mo. Small individually; significant when the rupee is also depreciating.

↑

Rupee Depreciation

USD/INR moved from ₹89.86 (Jan 2026) to ₹95–96 (May 2026) — a 6–7% weakening in five months. The same $25 plan now costs ₹2,375 vs ₹2,250 in January. Forecasts project ₹103 by end-2026, adding another ₹200/mo to a $25 plan with no price increase from the vendor.

🖶

18% IGST on OIDAR Services

Supabase, Cloudflare (Pro), Posthog Cloud, and Lovable are all OIDAR-classified foreign digital services. Unregistered individuals owe 18% IGST on each invoice. GST-registered businesses recover this as ITC. On a $25/mo service: ₹2,375 + ₹428 IGST = ₹2,803 actual.

⚡

Platform Price Volatility

Windsurf raised Pro from $15 → $20 (May 2026). Replit restructured pricing twice since 2025. Netlify moved to credit-based billing (Sep 2025). Budget with a 20% buffer on any platform-dependent line item. Lovable’s flat $25 Pro and Supabase’s flat $25 Pro are the most stable pricing signals in this stack.

Practical effective cost summary (GST unregistered, card markup 3%): Lovable Pro $25 → ₹2,803/mo · Independent Stack $45 → ₹5,044/mo · Replit Core realistic $70 → ₹7,850/mo. GST registration converts the IGST from a cost to an ITC asset — effectively making all three stacks 18% cheaper for legitimate business use.

Section 05

Platform Verdict — Which Stack for Which Stage

Platform	Effective Monthly (INR, GST unregistered)	DB + Auth	Security	Analytics	Lock-in	Ops Effort	Grade	When to use
Lovable Pro	≈ ₹2,800/mo (card+IGST on $25)	Bundled Supabase	Native SAST+WAF	External (free)	Medium	~1–2 hrs/mo	A	MVP build and active iteration phase. Lowest all-in cost, adequate security for apps handling user data. Best for solo developers who want zero infra configuration.
Replit Core	≈ ₹7,850/mo realistic (overage risk: ₹15,000+)	Native PG, partial Auth	Platform only, no SAST	External (free)	Medium-High	~4–6 hrs/mo	D	Prototyping, internal tools, and developer-facing apps. For end-user SaaS with multi-tenant auth, plan for an external auth service. Evaluate the shared credit pool structure against your expected dev and deployment cadence before committing.
Independent Stack CF Pages + Supabase + Posthog	≈ ₹5,044/mo (card+IGST on $45 incl. Cursor)	Supabase Pro ($25)	Composable (Snyk+CF WAF)	Posthog Free	Minimal	~2–3 hrs/mo	B+	Post-MVP maintenance phase once active vibe-coding ends. Drop the AI coding tool subscription ($20) once stable — cost matches Lovable at ₹2,800/mo with full portability and pipeline control.

Recommended trajectory for a backend SaaS app (e.g. Closed Fist): Build and iterate on Lovable Pro ($25/mo) — bundled Supabase, native security scanning, and WAF give adequate coverage during active development at the lowest available cost. Once the feature set stabilises and vibe-coding drops below ~10 prompts/week, migrate to the Independent Stack without an AI coding tool ($25/mo) — same cost, full ownership of every infrastructure layer.

Section 06

Annual Plan Savings — Verified from Official Pricing Pages

Figures sourced directly from lovable.dev/pricing and replit.com/pricing (fetched June 2026). The Independent Stack has no annual toggle — each service bills monthly with no discount tier, so monthly = annual rate.

Lovable — Annual Billing

Source: lovable.dev/pricing · Annual price not published on page; $250/yr figure from CheckThat.ai citing pricing page directly

Plan	Monthly billing	Annual billing (per mo)	Annual total	Annual saving	Discount
Pro	$25/mo ≈ ₹2,375/mo	$20.83/mo ≈ ₹1,979/mo	$250/yr ≈ ₹23,750	$50/yr ≈ ₹4,750 saved	16% off
Business	$50/mo ≈ ₹4,750/mo	~$41.67/mo ≈ ₹3,958/mo (est.)	~$500/yr ≈ ₹47,500 (est.)	~$100/yr ≈ ₹9,500 saved (est.)	~16% off

Note on Lovable annual pricing: The official pricing page shows “Annual — Contact admin” for the per-month figure, without publishing it inline. The $250/year Pro rate is cited by CheckThat.ai from the pricing page. The Business annual rate is estimated at the same 16% discount; confirm via the admin contact flow before committing. Lovable does not currently offer annual billing via self-serve checkout for Pro — it routes through an admin contact.

Replit — Annual Billing

Source: replit.com/pricing · Exact figures from live pricing page, June 2026

Plan	Monthly billing	Annual billing (per mo)	Annual total	Annual saving	Discount
Core	$20/mo ≈ ₹1,900/mo	$16/mo ≈ ₹1,520/mo	$192/yr ≈ ₹18,240	$48/yr ≈ ₹4,560 saved	20% off
Pro	$100/mo ≈ ₹9,500/mo	$95/mo ≈ ₹9,025/mo	$1,140/yr ≈ ₹1,08,300	$60/yr ≈ ₹5,700 saved	5% off

Replit annual discount asymmetry: Core gets the better deal — 20% off vs only 5% off for Pro. At $1,140/year, Replit Pro annual saves just $60 and still carries unpredictable overage risk from the shared credit pool. The annual commitment locks you into a plan whose real monthly cost routinely exceeds the base fee. The savings do not offset that structural billing risk for Closed Fist.

Annual vs Monthly — Side-by-Side for Closed Fist Scenario

Platform subscription cost only. Excludes Supabase, Posthog, Cloudflare (all fixed or free regardless of billing cycle). INR at ₹95 mid-market, no forex markup applied — add 3% card fee and 18% IGST for true effective cost.

Stack	Plan used	Monthly billing (USD)	Annual billing (USD/mo)	Annual total (USD)	Annual total (INR ≈)	Monthly vs Annual saving/yr
Lovable	Pro	$25/mo → $300/yr	$20.83/mo	$250/yr	≈ ₹23,750	$50 saved · ≈ ₹4,750
Replit	Core (base only, no overages)	$20/mo → $240/yr	$16/mo	$192/yr	≈ ₹18,240	$48 saved · ≈ ₹4,560
Replit	Core (realistic incl. overages)	$55–100/mo → $660–1,200/yr	Annual locks base only; overages still billed monthly on top	$192 + overages	≈ ₹18,240 + unknown	Annual plan does not cap overage spend
Independent Stack	CF Pages free + Supabase Pro + Cursor Pro	$45/mo → $540/yr	No annual discount on any component	$540/yr	≈ ₹51,300	$0 — no annual tier available
Independent Stack	CF Pages free + Supabase Pro (no Cursor)	$25/mo → $300/yr	No annual discount	$300/yr	≈ ₹28,500	$0 — no annual tier available

Annual billing verdict: Lovable Pro annual at $250/year (≈ ₹23,750) is the lowest committed cost for an active build phase — $50/year cheaper than monthly. Commit to annual only after the MVP is validated and you are confident in 12 months of continued Lovable usage. Replit Core annual at $192/year saves $48 on the base subscription but does not cap overage billing — the annual discount is a headline saving, not a cost ceiling.

Section 07

Free Plan vs Cheapest Paid Plan — Running Cost Only

This section separates running cost (keeping a deployed app live and serving users) from building cost (AI credits consumed during development). The question: what is the minimum you can pay to keep an existing backend app online?

Lovable

Sources: lovable.dev/faq/credits/management/downgrade-site-credits · lovable.dev/faq/billing/change-plan · lovable.dev/terms · lovable.dev/faq/domains/troubleshooting/custom-domain-paid-plan · lovable.dev/supabase-integration

Free Plan — Running Cost: $0/mo

App stays live: Deployed apps on *.lovable.app subdomains remain live indefinitely after downgrade. No 30-day expiry.
Backend continues: The Lovable-managed Supabase instance keeps running — DB and auth remain active for existing users.
Building still possible: 5 daily credits (30/month cap) allow minor edits and re-publishes.
Custom domain lost: Custom domains require a paid plan. The app remains accessible only on its *.lovable.app subdomain.
Projects become public: Private projects revert to public visibility — a meaningful concern for apps handling user data.
Subdomain not guaranteed: Lovable’s terms explicitly state no ongoing rights to any subdomain; Lovable can reclaim it without notice for policy or security reasons. Their guidance: use custom domains for any app that matters.
Supabase ownership opaque: The Lovable-managed Supabase instance does not appear in your own Supabase dashboard. Lovable controls it. If Lovable changes its free tier backend policy, you have no direct access to migrate the data.

Cheapest Paid Plan (Pro) — Running Cost: $25/mo

Custom domain stays live: yourdomain.com continues to resolve. SSL managed by Lovable.
Projects stay private: Source code and data not publicly visible.
Security Checker: SAST, SCA, and RLS scans run on every publish.
100 credits/month for AI-assisted changes. Visual edits (colour, layout, text) consume zero credits.
Managed Supabase remains included — no separate Supabase subscription needed for apps within free tier limits (500 MB DB, 50K MAU).
No deployment separate from subscription: $25/mo is the flat all-in cost. No credit-pool surprises for running costs.

$25/mo · ≈ ₹2,800 effective (card + IGST)

Key insight: Lovable’s free plan is viable for keeping a low-traffic app alive on a subdomain — but the subdomain is not contractually guaranteed, projects become public, and the backend is a black box you don’t own. For any app with real users, the $25/mo Pro plan is the minimum responsible running cost on Lovable.

Replit

Sources: docs.replit.com/billing/plans/starter-plan · docs.replit.com/billing/deployment-pricing · docs.replit.com/billing/about-usage-based-billing · replit.discourse.group (payment failure incident, Feb 2025)

Free (Starter) Plan — Backend Apps Cannot Run

Static sites only: The Starter plan supports one published static site with a 1 GiB outbound data transfer limit. Autoscale, Reserved VM, and Scheduled Deployments all require Core or above.
30-day expiry: The one free published app goes offline automatically after 30 days. It can be manually re-published, but this is not a persistent deployment.
Backend apps cannot run: Any app with a database, API routes, or server-side logic requires Core. A backend app on Starter is non-functional for users.
No custom domain: Custom domains require Core.
No always-on guarantee: Even static sites on Starter are subject to the 30-day expiry and 1 GiB transfer cap.

The Starter plan cannot keep a backend web app running. For any app beyond a static HTML page, the free plan is not a viable running option.

Cheapest Paid Plan (Core) — Running Cost: $20/mo + deployment

Subscription: $20/mo (or $16/mo billed annually). Includes $25 of monthly credits shared across AI Agent, deployment, DB compute, and data transfer.
Autoscale deployment (pay-per-request, scales to zero when idle): near-zero cost for light traffic, but cold starts of 20–40 seconds after idle periods — the app appears broken to first-time users hitting it after inactivity.
Reserved VM (always-on): cheapest tier starts at ~$6/mo drawn from the credit pool. No cold starts. Reliable for production. But this is on top of the $20 subscription.
Deployment cost is separate from subscription: The $20 Core fee is not the total running cost. Deployment, DB compute, and data transfer all draw from the same $25 credit pool.
Credit exhaustion takes the app offline: When the shared credit pool runs dry mid-month, running deployments can stop. One documented case: a declined card took a deployment offline for several hours and resulted in data loss.
No SAST, no per-endpoint WAF: Platform-level DDoS protection exists, but no code-level security scanning and no per-route rate limiting on Core.

$20/mo subscription + $6–20/mo deployment

Realistic minimum: $26–30/mo for a low-traffic backend app on Reserved VM

≈ ₹2,900–3,350 at mid-market · effective with card + IGST: ≈ ₹3,500–4,050

Key insight: The headline $20/mo Core figure is misleading as a running cost. A backend app on Replit Core realistically costs $26–30/mo at minimum (Reserved VM for reliability), and the shared credit pool means the subscription fee and deployment cost compete for the same budget. Autoscale is cheaper on paper but introduces cold-start latency that degrades user experience on low-traffic apps.

Running Cost Summary

Platform	Free plan — can app run?	Free plan — backend works?	Free plan — custom domain?	Free plan risks	Cheapest paid running cost (USD)	Effective INR (card + IGST)
Lovable Free	Yes — subdomain stays live	Yes — Lovable-managed Supabase continues	No — paid plan required	Projects become public. Subdomain not contractually guaranteed. Backend ownership opaque.	$25/mo flat	≈ ₹2,800/mo
Replit Starter	Static only — expires in 30 days	No — requires Core plan	No — requires Core plan	30-day expiry. Credit exhaustion takes app offline. Payment failure = immediate downtime.	$20/mo + $6–20 deployment	≈ ₹3,500–4,050/mo
Independent Stack	Yes — CF Pages free tier	Yes — Supabase free tier (500MB, 50K MAU)	Yes — CF Pages includes custom domain	Supabase free projects pause after 7 days of inactivity. Requires manual pipeline setup.	$0 (free tiers only) or $25/mo Supabase Pro	$0 or ≈ ₹2,800/mo

The independent stack is the only option where a backend app can run at zero cost — Cloudflare Pages free tier + Supabase free tier (500 MB DB, 50K MAU) covers a low-traffic app with no monthly fee. The constraint is Supabase’s 7-day inactivity pause on free projects: a project with no database activity for 7 days gets paused and requires a manual wake-up ping. For any app with regular users this is not a practical concern, but for early-stage apps with sporadic traffic it is a real availability risk.

Data sources — primary sources listed first, followed by secondary sources that cite them.

Lovable
lovable.dev/security — WAF, network isolation, Security Checker 2.0, SOC 2 Type II and ISO 27001:2022 certifications (primary) · docs.lovable.dev/integrations/supabase — Supabase as native managed backend (primary) · lovable.dev/blog/a-founders-guide-to-lovable-security — SOC 2, ISO 27001, GDPR DPA, audit-ready report detail (primary) · alternativeto.net — Security Checker 2.0 launch, SOC 2 Type II Aug 2025 (secondary)

Replit
baytechconsulting.com — Replit platform security analysis: WAF, SOC 2, RBAC, SSO (primary analysis) · alternativeto.net — Replit Core/Pro pricing restructuring, Feb 2026 (primary announcement) · vibe-eval.com — Replit deployment security: HTTPS, DDoS, no per-endpoint WAF (primary audit)

Supabase
metacto.com — Supabase pricing deep-dive: Pro plan, compute tiers, egress, verified May 2026 (secondary citing official docs) · toolradar.com — Supabase vs Firebase vs Neon: cost at scale analysis (secondary)

Posthog
usercall.co — Posthog free tier limits verified May 2026: 1M events, 5K recordings, feature flags (secondary citing posthog.com/pricing)

Downgrade Behaviour and Free Plan Running Costs
lovable.dev/faq/credits/management/downgrade-site-credits — published sites stay active on free plan (primary) · lovable.dev/terms — no ongoing rights to subdomains; custom domains advised for mission-critical apps (primary) · docs.replit.com/billing/plans/starter-plan — one free published app, expires after 30 days; Autoscale and Reserved VM require Core (primary) · docs.replit.com/billing/deployment-pricing — all publishing costs deducted from monthly credits (primary) · replit.discourse.group — payment failure caused deployment to go offline; data lost (primary community report, Feb 2025)

Annual Plan Pricing
replit.com/pricing — Core $16/mo annual ($192/yr, 20% off); Pro $95/mo annual ($1,140/yr, 5% off) — exact figures from live pricing page, June 2026 (primary) · lovable.dev/pricing — Pro $25/mo monthly; annual rate shows “Contact admin” inline; $250/yr ($20.83/mo, 16% off) cited by CheckThat.ai (primary) · checkthat.ai/brands/lovable/pricing — $250/year Pro plan, 16% annual discount, verified March 2026 (secondary)

USD/INR Forex
mtfxgroup.com — USD/INR daily rates May 20–29 2026: ₹94.95–96.57 (primary data) · tradingeconomics.com — USD/INR spot rate and RBI commentary, May–June 2026 (primary data)

All INR conversions at ₹95 mid-market. Card markup assumed 3%; IGST 18% on all OIDAR-classified services. GST-registered businesses recover IGST as Input Tax Credit (ITC). Platform prices subject to change — factor a 20% buffer into annual planning.