DEV Community: RateCalc

Day 23. Lemon Squeezy approved. Pro is live. Here's everything that changed.

RateCalc — Thu, 04 Jun 2026 06:20:23 +0000

12 days. 4 emails. 0 replies.
Then approval came through.
RateCalc Pro is finally open.
What's in Pro
7 tabs. All pre-filled with your calculated rate.

Media Kit PDF
Lowball Destroyer email scripts
Smart Objection Handler
Deal Closer Contract template
Invoice Generator
Rate History
Affiliate Program (20% commission, auto-paid via LemonSqueezy)

Monthly: $12 · Lifetime: $39 (pays off in 3 months)
The stack at day 23
FastAPI + PostgreSQL + Railway = $5/month
LemonSqueezy = payments + affiliate payouts
Resend = transactional emails
Umami = privacy-first analytics
36 automated tests. All green.
No Next.js. No Vercel. No bloat.
The honest numbers

Calculations: 3,300+
Twitter followers: 15
Countries: 23 + 44 country landing pages live
Revenue: still $0 — but now accepting payments

The product is ready. The payment processor is unblocked. The only thing left is the first paying user.
Still here.

ratecalc.fyi — free calculator stays free forever.

Day 18. Still $0 revenue. Here's the honest update nobody writes.

RateCalc — Fri, 29 May 2026 11:44:38 +0000

Post:
Two weeks ago I wrote about getting 3,200+ calculations with $0 ad spend.
Here's what happened since.
The numbers

Calculations: still showing 3,200+
Twitter followers: 9
Reddit karma: 20
Lemon Squeezy: still in review, 3 emails sent, 0 replies
Revenue: $0

What's working
Twitter reply strategy is the only thing generating real conversations right now. Not follower growth — conversations. A comment under @StevBuilds asking "if AI is gone, would your business survive?" turned into a genuine back and forth. Someone asked what I built. That's how distribution actually works — one real conversation at a time.
Reddit is slow. New account, 20 karma, building carefully this time. No shortcuts.
What's blocked
The Pro plan has been live for 7 days. Nobody can pay for it because Lemon Squeezy hasn't approved the account. Three emails. Zero replies. The product is ready. The payment processor isn't.
This is the part of building in public nobody really talks about — you can ship everything and still be blocked by a third party you have no leverage over.
What I'm doing while waiting

Pinterest: 3 pins/day, slow but evergreen
Dev.to: you're reading it
Twitter: 20-30 replies/day, genuine ones only
Reddit: karma building, no links yet

The honest part
Day 18 feels different than day 12. The excitement of shipping is gone. What's left is just showing up anyway.
$0 revenue with a live product and a payment processor that won't respond is a specific kind of frustration. But the calculator is still getting used. People still have the problem. That part hasn't changed.
The product works. Distribution is slow. Payment is blocked.
Still here.

ratecalc.fyi — free, no signup, 23 countries.

How I secured my FastAPI app - 6 vulnerabilities fixed in one session with gstack /cso

RateCalc — Wed, 27 May 2026 05:42:20 +0000

I've been building ratecalc.fyi — a free sponsorship rate calculator for UGC creators — for 16 days. On day 13, I ran a security audit using gstack's /cso skill on Claude Code.
It found 6 issues. I fixed all of them in one session.
Here's exactly what was wrong and how I fixed it.
What is gstack /cso?
gstack is an open-source skill pack for Claude Code built by Garry Tan (YC CEO). The /cso skill runs an OWASP Top 10 + STRIDE threat model audit on your codebase.
You run it with one command:
Load gstack. Run /cso
The 6 vulnerabilities

🔴 CRITICAL — Admin password in git history My admin password was hardcoded 6 commits ago. Anyone with repo access could extract it from git history. Fix: Rotated the password, moved to env variable, scrubbed git history with git filter-repo, force-pushed. python# Before _ADMIN_PASS = b"hardcoded_password_here"

After

_ADMIN_PASS = os.getenv("ADMIN_PASS", "changeme").encode()

🔴 HIGH — User emails committed to git My SQLite database file (notify.db) containing user emails was committed to the repo. Fix: git rm --cached notify.db, scrubbed from all history, added to .gitignore.
🔴 HIGH — Webhook auth bypass The LemonSqueezy webhook skipped signature verification if LEMONSQUEEZY_WEBHOOK_SECRET wasn't set — meaning anyone could POST fake payment events and get free Pro access. Fix: App now raises on startup if the secret is missing. Fail closed, not fail open.
🔴 HIGH — Admin fallback password Admin panel fell back to "changeme" if ADMIN_PASS env var wasn't set. Fix: Same pattern — startup raises if env var missing.
🟡 MEDIUM — Rate limit bypass The calculator rate limit read IP from X-Forwarded-For header, which any client can spoof. Fix: Changed to request.client.host — not spoofable at transport layer.
🟡 MEDIUM — Missing security headers CSP and HSTS headers were absent. Fix: Added Content-Security-Policy, Strict-Transport-Security, and Permissions-Policy via FastAPI middleware.

What I learned
Running a security audit before your first paying user is much better than after. All 6 of these issues were fixable in under 2 hours — but any one of them could have caused real damage with real users.
The gstack /cso skill is free, open source, and takes about 15 minutes to run. If you're building a FastAPI app (or any web app), run it now.
The repo: ratecalc.fyi is live. Free calculator, no signup required.

How I got 3,200 users in 10 days with $0 ad spend — the exact strategy

RateCalc — Sat, 23 May 2026 09:31:22 +0000

Two weeks ago I launched ratecalc.fyi — a free CPM-based sponsorship rate calculator for UGC creators.
No paid ads. No existing audience. No Product Hunt launch. Just one channel that worked surprisingly well.
Here's exactly what I did.
The problem with "launch" posts
Most founders post "I built a thing" on Twitter and get 3 likes from their friends.
I did this too. It got 3 likes.
The issue: nobody cares about your launch. They care about their problem.
The channel that actually worked: Reddit keyword monitoring
Instead of announcing myself, I searched for people who already had the problem I was solving.
Exact searches I ran daily:

"how much should I charge for sponsorships"
"ugc creator rate"
"brand deal offer too low"
"how to negotiate with brands"

Then I answered those threads genuinely — no spam, no copy-paste. Just actually helpful answers. I mentioned the tool only when it was directly relevant.
The results

3,200+ calculations in 10 days
101 unique visitors
8 countries organically
Bounce rate: 70% → 50%
Visit duration: 4 minutes → 11 minutes
$0 ad spend

What made it work
Three things:

The problem already existed. I didn't have to create demand. People were already searching "how much should I charge." I just showed up with an answer.
Genuinely helpful first. I answered the question fully, even without mentioning the tool. The tool was a bonus at the end, not the pitch.
High intent audience. Someone asking "is this brand offer fair?" is seconds away from needing exactly what ratecalc.fyi does. The conversion from "Reddit comment reader" to "calculator user" was very natural.

What didn't work

Twitter announcements → zero traction
"I built a thing" posts → nobody cares
Generic hashtag posts → ignored

The honest part
Reddit suspended my account on day 7 for "suspicious activity." 91 karma, 0 spam — but new accounts get flagged easily.
So the strategy worked until it didn't. Appeal is still pending.
Backup channels I'm testing now:

Pinterest (slow but evergreen)
Dev.to (you're reading it)
YouTube comments (got a 24-hour ban for moving too fast 😅)
Blog SEO (5 posts live, waiting for Google)

Current status: day 13

3,200+ free users
Pro plan live ($9/mo, $29/yr)
$0 revenue — payment processor approval pending
Lemon Squeezy identity verification: still in review

The product is ready. Distribution is the ongoing problem.
The takeaway
Don't announce. Show up where the problem already lives.
Find the exact phrases your users type when they're frustrated. Go answer those. Be helpful first. Mention your tool second.
That's it. No growth hack. No viral loop. Just showing up consistently in the right places.

Try it free at ratecalc.fyi — no signup required.

I built a free influencer rate calculator in 12 days. Here's everything: 3,200+ calculations, 8 countries, $0 revenue.

RateCalc — Fri, 22 May 2026 19:33:16 +0000

When I started building ratecalc.fyi, I had one goal: help creators know what to charge before brands lowball them.
12 days later, here's the honest breakdown.
The problem I was solving
UGC creators get lowballed constantly. A brand reaches out, asks "what's your rate?" — and the creator panics and throws out a number with no data behind it.
There's no standard. No formula. Just vibes.
What I built
A free CPM-based sponsorship rate calculator. Enter your followers, engagement rate, niche, and country → get a fair price range instantly.
Stack: FastAPI + SQLite + Jinja2 + Railway. No React, no complexity. Just a thing that works.
12 days of numbers

3,200+ calculations
101 unique visitors
8 countries (US 52%, India 18%, UK 5%)
Bounce rate dropped from 70% → 50%
Visit duration: 11 minutes average
$0 revenue

What actually worked for distribution
Reddit keyword monitoring. I searched "how much should I charge for sponsorships" across creator subreddits and answered genuinely — mentioning the tool only when directly relevant.
Zero announcements. Just showing up where the problem already exists.
What didn't work
Posting "I built a thing" on Twitter. Zero traction. Nobody cares about your launch. They care about their problem.
Pro plan — shipped on day 11
Added a Pro plan ($9/month, $29/year) with:

Media Kit PDF generator
Lowball Destroyer email scripts
Smart Objection Handler
Deal Closer Contract template
Invoice Generator

Still $0 revenue — payment processor approval pending.
What I learned
Distribution is the product. The calculator was done in 3 days. The next 9 days were entirely about getting people to use it.
The best channel: find threads where people already have the problem. Answer the question. Be helpful first.
What's next

SEO blog content
Reddit keyword monitoring (account recovery pending 😅)
First paying user

Try it free at ratecalc.fyi — no signup required.