What the product actually does
TaskFly is an AI-powered task manager. The main differentiator: you can create tasks by talking — send a voice message to a Telegram bot, it transcribes it and creates structured tasks with deadlines, priorities, and assignees.
You can also:
- Send a photo of a whiteboard or sticky notes → AI extracts tasks
- Forward a PDF or Word document → AI pulls out action items
- Type naturally ("remind me to call Ivan on Friday morning") → AI parses intent
It's built for small teams, mostly Russian-speaking market for now.
Tech choices (and why)
Next.js 16 + TypeScript + Tailwind v4 — the obvious modern stack. No regrets.
PostgreSQL + Prisma — I considered MongoDB early on. Stuck with SQL because relationships (tasks → projects → organizations → users) are genuinely relational.
Two AI providers, not one
This was a key architectural decision. I started with Claude (Anthropic) for everything. Then discovered Groq — their llama-3.3-70b-versatile is fast and cheap for text extraction.
So I split it:
- Text → tasks: Groq (primary) with Claude as fallback if rate-limited
- Voice transcription: Groq Whisper with OpenAI as fallback
- Images, PDFs, documents: Claude Sonnet (better at vision)
- Project analytics: Claude Sonnet
When Groq hits a rate limit, the system automatically switches to Claude and sends me a Telegram notification. Users don't notice anything.
Telegram bot (aiogram 3, Python)
This turned out to be the most-loved feature. People don't want to open a browser — they're already in Telegram. The bot talks to the Next.js API over HTTP. Authentication is two headers: a static secret + the user's Telegram ID.
Revenue model
| Plan | Price | Team size | AI requests/day |
|---|---|---|---|
| Free | $0 | 1 | 3 |
| Pro | ~$9 | 1 | 15 |
| Team | ~$28 | 5 | 50 |
| Business | ~$67 | 20 | 120 |
Payments through YooKassa (Russian payment processor). Automatic recurring billing. Built it myself — no Stripe, no external auth providers, no Supabase. Everything runs on my own server.
Current status: 5 total users, 0 paying, MRR $0. Early days.
Mistakes I made (the real ones)
1. UTC vs local time in AI prompts
When I pass the current time to AI so it can understand "tomorrow" and "next Friday", I was using new Date().toISOString(). That returns UTC. My server is in Moscow timezone. A user saying "remind me at 3pm" was getting tasks created at 6pm.
The fix: use getFullYear()/getMonth()/getDate() components directly instead of ISO string.
2. JavaScript's silent month overflow
For recurring monthly tasks, I had:
date.setMonth(date.getMonth() + 1)
A task created on January 31st would roll over to March 3rd. JavaScript doesn't throw an error — it just keeps counting days. The fix: always reset to day 1 before adding months, then restore the last-day logic separately.
3. I forgot to log AI usage from the Telegram bot
My admin panel showed AI usage statistics. It was showing near-zero despite real usage. Turns out every web request went through logAI(), but I'd forgotten to add it to the 5 Telegram bot API routes. Six months of bot usage isn't recorded anywhere.
4. Security audit found IDOR vulnerabilities
I ran a security audit after launch and found that several API endpoints accepted a taskId without checking if it belonged to the current user's organization. A user could technically read or modify another organization's tasks by guessing IDs.
Fix: always use findFirst with organizationId in the where clause, not findUnique by ID alone.
5. SVG uploads = stored XSS
Users could upload any file as a task attachment. SVG files render as HTML in the browser — meaning a malicious SVG could execute JavaScript. I'm now blocking a list of dangerous extensions server-side.
6. Deployment was killing the site during updates
Original deploy process:
npm run build && pm2 restart taskfly
This caused ~30 seconds of downtime every deploy because pm2 restart kills all workers at once, and the build was writing to .next while workers were reading from it.
Current process: build into .next_building, atomic swap (rm -rf .next && mv .next_building .next), then pm2 reload (rolling replace, one worker at a time). Zero downtime.
Also: adding nice -n 19 to the build command on a 1-core VPS made a huge difference. The build takes ~90 seconds and saturates the CPU — without niceness, the live workers started timing out.
Distribution: what worked, what didn't
VC.ru (Russian tech/business blog): published, got some traffic.
Habr (Russian tech blog, like a Russian Dev.to): rejected for "looking like advertising." Working on a purely technical article now about architecture and bugs — that format tends to pass moderation.
Startpack (Russian SaaS directory): rejected because "the site is less than 6 months old and has no external mentions." Will reapply in ~3 months.
Telegram channels: decent. The Russian startup/productivity community on Telegram is active.
Product Hunt: haven't done it yet. Need to prepare an English landing page first.
Honest summary: distribution is harder than building. The product is in decent shape. Getting people to know it exists is the real challenge.
What I'd do differently
Start distribution earlier. I spent 9 months building features. I should have shipped the MVP in month 2 and spent the rest of the time talking to users.
Don't build your own auth + payments from scratch. I did it because I wanted full control. It took 3 weeks. A hosted solution would have taken 3 hours. In retrospect, the control isn't worth it at this stage.
One AI provider first. The fallback system is elegant now, but adding it early was premature optimization. I spent time on infrastructure that mattered to approximately zero users at launch.
What's next
- Google Calendar integration (most-requested feature)
- React Native mobile app
- English-language version for international market
- SEO blog on taskfly.ru
- Re-apply to Startpack in September
If you're building something similar or have questions about any of the technical decisions, happy to discuss in the comments.
Stack: Next.js 16 · TypeScript · Tailwind v4 · Prisma · PostgreSQL · Groq · Claude API · aiogram 3 · PM2 · VPS
Top comments (0)