Caffeine is a great tool for building SaaS (Software as a Service) applications — products that your own customers log into and use. This article covers what Caffeine supports today, what to keep in mind when building for multiple users, and where the platform's current boundaries are.
Who should build SaaS on Caffeine
Caffeine is well suited for:
- Individuals and freelancers building a product for their clients or community
- Small businesses that need a customer-facing app with user accounts, roles, and data separation
- Teams and groups launching an internal tool or a members-only platform
- Early-stage products that need to get to market quickly without hiring a development team
Caffeine can comfortably handle applications with thousands or even tens of thousands of users. You can build a fully functional multi-user application with role-based access, data isolation between users, and a working backend — all through the AI builder. The practical ceiling depends on your specific usage patterns rather than a fixed user count.
What Caffeine doesn't currently offer
Caffeine is not designed for enterprise-scale applications targeting hundreds of thousands or millions of concurrent users. Specifically:
- No horizontal scaling — your app runs on a single canister (the Internet Computer's compute unit). There is no automatic scaling across multiple canisters as traffic grows.
- No infrastructure controls — you cannot pin your app to a specific subnet or geography, or configure deployment topology.
- No built-in load balancing or CDN beyond what the Internet Computer network provides natively.
If you are planning to build a product that requires enterprise-grade infrastructure controls or very large-scale operations, you will likely need a custom development team and a more traditional cloud architecture. Caffeine is designed to get real products into real users' hands quickly.
Multi-tenancy: one app, multiple customers
Multi-tenancy means building a single app that serves multiple separate customers (tenants), where each tenant's data is isolated from the others.
Caffeine supports this through its user accounts and roles system. You can build an app where:
- Each tenant has their own admin user who can manage their own data
- Regular users within a tenant can only see records that belong to their tenant
- A platform-level admin (you) can see and manage everything
This is implemented through the AI builder — describe your data model and access rules in your prompts, and Caffeine generates the backend logic to enforce them.
Tenant isolation in Caffeine is enforced at the application logic level, not at the infrastructure level. All tenants share the same canister and the same data store. The AI builder generates code that filters and restricts access based on the logged-in user's role and tenant association. This works reliably for most use cases, but it is not the same as having physically separate databases per tenant.
For most small-to-medium SaaS applications, application-level isolation is the standard approach and is perfectly adequate. If your use case requires physical data separation for regulatory or compliance reasons, separate Caffeine apps per customer may be more appropriate.
User roles and access control
Caffeine apps support role-based access control out of the box. Common patterns include:
- Platform admin — full access to all data and settings (typically you, the app creator)
- Tenant admin — can manage data and users within their own tenant
- Regular user — can view and interact with records they have permission to see
- Restricted roles — view-only access, or access limited to specific features
Define the roles you need in your prompts to the AI builder. For more details on how user accounts and roles work, see How User Accounts and Roles Work in Your App.
To restrict who can access your app in the first place, see Controlling Access with User Approval.
File privacy and security
Files uploaded to a Caffeine app (documents, images, attachments) are stored in Caffeine's file storage.
File URLs are not publicly listed or discoverable, but they are not individually authenticated at the delivery layer. This means that if someone obtains a direct file URL, they can access the file without being logged into the app. Access control is enforced by the application — the app decides who can see and retrieve file URLs — but the URL itself is not protected by a separate authentication step.
For most applications, this is sufficient: files are only accessible to users who the app shows them to. But if your use case involves highly sensitive documents where even a leaked URL must not grant access, be aware of this limitation.
What you can do:
- Use the app's access control to restrict which users and roles can view or download files
- Avoid exposing file URLs in public-facing parts of the app
- For the most sensitive use cases, consider whether the files need to be stored outside of Caffeine entirely
For more on how file storage works, see How File Storage Works in Your App.
Charging your users (Stripe integration)
If you are building a paid SaaS product, you can accept payments from your customers using the Stripe integration. This lets you set up payments and billing directly within your app without needing external payment infrastructure.
Storage and scaling guidance
A single Caffeine app runs on one backend canister and one frontend canister. There are no hard published limits on the number of users, records, or files, but practical limits depend on your usage patterns:
- Users — thousands to tens of thousands work well for typical applications
- Records — standard database operations perform well at typical small-to-medium business volumes
- Files — storage is bounded by the canister's available stable memory (currently up to 400 GB on the Internet Computer, though individual canister limits may be lower)
- Cycles — more activity means more cycle consumption. See Understanding Canister Cycles for details.
If you find your app approaching the point where performance degrades, that is the signal that your product has outgrown what a single Caffeine app can support — which is a good problem to have. At that point, consider engaging developers to build a custom architecture.
Data portability
You can export your app's codebase to GitHub at any time. This gives you a full copy of your frontend and backend code that you can inspect, modify, or deploy independently. For more details, see the GitHub Export documentation.
Frequently asked questions
Is Caffeine right for my SaaS idea?
If your target audience is individuals, small teams, or small businesses, Caffeine is a strong fit. You can build and launch a real product without writing code or hiring developers. If you are planning for enterprise scale from day one, Caffeine is better suited as a prototyping tool to validate your idea before investing in custom development.
Can one tenant see another tenant's data?
Not if your app is built correctly. The AI builder generates backend logic that filters data by tenant. However, this is application-level isolation, not infrastructure-level. Test your access rules thoroughly before onboarding real customers with sensitive data.
Can I run my app in a specific country or region?
Not currently. Caffeine apps run on the Internet Computer network, and you cannot select a specific subnet or geography for deployment. If data residency is a regulatory requirement for your use case, this is a current limitation.
Should I use one app for all tenants or separate apps?
For most use cases, a single app with application-level tenant isolation is simpler and easier to maintain. Use separate apps per customer only if you need physical data separation for regulatory reasons, or if each customer's requirements are substantially different.
What happens if my app outgrows Caffeine?
Export your codebase to GitHub and hand it to a development team. Caffeine gives you a working product and a working codebase — scaling it further is a natural next step, not a dead end.