Blog

Download managers are deceptively dangerous software. They handle two of the highest-risk operations on any web application: file uploads and file serving. Get either one wrong, and you have a security incident.

When we designed APO FJ Downloads (Apotentia Flexible Joomla Downloads—our original, ground-up download manager for Joomla 4/5/6, not affiliated with any existing extension), security wasn't a feature we added later. It's the foundation everything else is built on.

The Upload Problem: Never Trust the Client

When a browser uploads a file, it sends a Content-Type header. Most download managers use this header to determine what kind of file was uploaded. This is a mistake.

The client-provided Content-Type is trivially spoofable. An attacker can upload a PHP webshell as malicious.php, set the Content-Type to image/jpeg, and many download managers will accept it as an image.

APO FJ Downloads handles this differently:

• Server-side MIME detection: Every uploaded file is inspected using PHP's finfo extension (libmagic). This examines the actual file content—magic bytes, file structure—not the client-provided header.
• Allowlist enforcement: The detected MIME type is checked against a configurable allowlist. The global default covers common safe types (PDFs, images, documents, archives, audio, video). Administrators can customize per category.
• Double-extension blocking: Files like document.php.jpg are rejected. The extension check looks at all extensions, not just the last one.
• Re-verification: A CLI command can re-scan every file in the database, updating MIME types and flagging anything that no longer passes the allowlist. Useful after tightening security rules.

The Serving Problem: Files Are Not URLs

The most common security failure in download managers is serving files through direct filesystem URLs. If your downloads live at /media/downloads/secret-report.pdf and someone guesses (or discovers) that path, they can download the file directly—bypassing your access controls entirely.

APO FJ Downloads never exposes filesystem paths:

• Files stored outside web root: By default, uploaded files are stored in a directory that Apache/Nginx cannot serve directly. Even if someone discovers the path, the web server will return a 403.
• Token-based serving: Every download request generates a one-time token—a 64-character hex string from random_bytes(32). The actual download URL contains only this token, not any file path or ID.
• Token expiration: Tokens have a configurable TTL (time-to-live). After expiration, the token is worthless. After use, it's consumed and cannot be reused.
• PHP controller serving: Files are served through a PHP controller that sets proper headers: verified Content-Type from the MIME engine, Content-Disposition: attachment, X-Content-Type-Options: nosniff, and Cache-Control: private, no-cache, no-store.

Access Control: More Than "Logged In vs. Not"

Most Joomla download managers offer basic access control: registered users can download, guests can't. That's insufficient for any serious deployment.

APO FJ Downloads uses Joomla's full ACL system with custom actions at every level:

• Global level: Component-wide permissions for managing downloads, uploads, layouts, and logs
• Category level: Per-category download and upload permissions. A department can manage its own downloads without access to other departments' files.
• Download level: Individual download permissions for sensitive documents
• Quotas: Per-group download limits with daily, weekly, monthly, and lifetime periods. Prevents abuse without blocking legitimate use.
• Rate limiting: Per-user and per-IP velocity limits (requests per minute). Returns HTTP 429 when exceeded. Separate from quotas—this prevents automated scraping.

Logging Without Surveillance

Download logging is essential for auditing and compliance. But it creates a privacy tension: you need to know who downloaded what, but you shouldn't be building a surveillance database.

Our approach:

• IP addresses are never stored in plain text. We store a salted SHA-256 hash. You can verify whether a specific IP made a download, but you can't enumerate all IPs from the database. GDPR-compliant by design.
• User agents are logged for debugging and abuse detection, but only the first 512 characters.
• Status codes are tracked: completed, denied_acl, denied_quota, denied_rate_limit, token_expired, token_invalid. This tells administrators what's happening without exposing private data.

Defense in Depth

No single security measure is sufficient. APO FJ Downloads layers multiple protections:

• MIME verification on upload (prevents malicious uploads)
• Files outside web root (prevents direct access)
• Token-based serving (prevents URL guessing)
• Token expiration and single-use (prevents token sharing)
• ACL enforcement (prevents unauthorized downloads)
• Quotas (prevents bulk downloading)
• Rate limiting (prevents automated scraping)
• Proper response headers (prevents MIME sniffing attacks)
• CSRF tokens on all forms (prevents cross-site request forgery)
• Parameterized queries only (prevents SQL injection)

Each layer addresses a different attack vector. An attacker would need to defeat all of them, not just one.

Optional: Antivirus Integration

For environments that require it, APO FJ Downloads supports an optional ClamAV hook. Configure the CLI path to clamscan, and every uploaded file is scanned before being accepted. Files that trigger a detection are quarantined automatically.

The Bottom Line

A download manager that isn't secure is a liability. File uploads and file serving are two of the most exploited attack surfaces on the web. We built APO FJ Downloads to handle both correctly from the start—not as a patch after an incident.

Learn more on the APO FJ Downloads product page.

-ES

In our Regula Motor Company concept, one of the key design decisions is the choice of sodium-ion battery chemistry over lithium-ion. This isn't a contrarian take for the sake of being different—it's a cost calculation.

The Lithium Problem

Lithium-ion batteries are excellent technology. They power everything from phones to Teslas. But they have a supply chain problem:

• Lithium is relatively abundant in the earth's crust but concentrated in a few countries (Australia, Chile, Argentina, China). Extraction is water-intensive and environmentally contentious.
• Cobalt is the real bottleneck. Over 70% of the world's cobalt comes from the Democratic Republic of Congo, with well-documented labor and human rights concerns.
• Nickel supply is tightening as EV demand grows. Indonesia dominates production, and processing is energy-intensive.

When you're trying to build an affordable car, you can't have your most expensive component dependent on volatile, geographically concentrated supply chains.

What Sodium-Ion Offers

Sodium-ion batteries use sodium instead of lithium as the charge carrier. The chemistry has been known for decades but only recently became commercially viable. Here's why it matters for affordable EVs:

• Abundant raw materials: Sodium is the sixth most abundant element on Earth. It's literally in seawater, rock salt, and soda ash. No mining in conflict zones. No water-intensive brine evaporation pools.
• No cobalt or nickel: Sodium-ion cathodes use iron, manganese, and other abundant materials. The entire supply chain concern with lithium-ion disappears.
• Lower material costs: The raw materials for sodium-ion cells cost a fraction of equivalent lithium-ion materials. As manufacturing scales, this gap widens in sodium-ion's favor.
• Better cold-weather performance: Sodium-ion cells retain more capacity at low temperatures than lithium-ion—an advantage in northern climates.
• Safer chemistry: Sodium-ion cells are more thermally stable. They can be discharged to 0V for shipping without damage, which simplifies logistics.

The Trade-offs

Nothing is free. Sodium-ion has real disadvantages compared to lithium-ion:

• Lower energy density: Current sodium-ion cells store less energy per kilogram than lithium-ion. This means heavier batteries for the same range, or shorter range for the same weight.
• Less mature manufacturing: Lithium-ion has had decades of manufacturing optimization. Sodium-ion is earlier on the production learning curve.
• Fewer charge cycles (currently): Some sodium-ion chemistries have fewer rated charge cycles than lithium-ion, though this is improving rapidly.

For a luxury performance EV, these trade-offs might be dealbreakers. For an affordable commuter sedan? They're manageable.

Why This Pairs With Standardization

Regula's standardization thesis amplifies the sodium-ion cost advantage:

• Single battery format: One cell chemistry, one module design, one pack architecture. No variant complexity.
• Volume purchasing: When you buy one type of cell in massive quantities, you get better pricing than buying five types in smaller quantities.
• Simplified manufacturing: One battery assembly process. One set of tooling. One quality control protocol.
• Predictable costs: Abundant materials mean less price volatility. When your battery doesn't depend on cobalt from the DRC or lithium from politically sensitive regions, your cost forecasting gets a lot more reliable.

The Cost Trajectory

Sodium-ion battery costs are falling fast. CATL, BYD, and other major manufacturers are investing heavily in sodium-ion production lines. Industry analysts project sodium-ion cell costs to reach $40-50 per kWh within the next few years—well below lithium-ion's trajectory.

At those price points, a 50 kWh battery pack (enough for 200+ miles of range in an efficient compact sedan) would cost the manufacturer roughly $2,000-2,500 for cells alone. Add pack assembly, thermal management, and BMS, and the total battery cost could be under $5,000.

That's the kind of number that makes a sub-$25,000 MSRP achievable.

What This Means for Regula

The Civitas offers buyers a choice of battery range—that's the one variable in an otherwise completely standardized vehicle. Sodium-ion chemistry makes the entry-level configuration genuinely affordable while still offering reasonable range.

Buyers who need more range can choose a larger battery. The vehicle is identical otherwise—same color, same interior, same AWD drivetrain, same software. Just more energy storage.

This is still a conceptual project. We're a software company, not a car company (yet). But we're tracking sodium-ion developments closely because the economics increasingly validate the core thesis: an affordable, well-built, standardized EV is achievable with the right chemistry and the right manufacturing philosophy.

More on Regula at the project overview page.

-ES

We're building a new product: APO FJ Downloads—a premium download management extension for Joomla 4, 5, and 6.

The name stands for "Apotentia Flexible Joomla Downloads"—the "FJ" meaning "Flexible Joomla." Flexible layouts, flexible access control, flexible storage. It's a mouthful, so we just call it FJ Downloads.

(Quick note: APO FJ Downloads is an original Apotentia product, built from scratch. It is not affiliated with or derived from JDownloads or any other existing Joomla extension.)

Why Build Another Download Manager?

Joomla has existing download extensions. Some have been around for years. So why build another one?

Because the existing options share a common problem: they were built for an earlier era of Joomla and retrofitted for Joomla 4+. The architecture shows it. The security model shows it. The templating system (or lack thereof) shows it.

Specific gaps we're addressing:

• Security as afterthought: Most download managers serve files through direct filesystem URLs or basic PHP wrappers without proper MIME verification. If someone uploads a PHP file renamed as .jpg, most extensions will happily serve it.
• Limited access control: Joomla has a sophisticated ACL system. Most download extensions use a fraction of it—typically just "registered vs. guest." No per-category permissions. No download quotas. No rate limiting.
• Rigid templates: Want to change how downloads display? Hope you're comfortable editing PHP template files. No layout engine. No visual customization without code changes.
• Weak shortcode support: Embedding downloads in articles usually means a basic shortcode with minimal options. No layout selection, no category embedding, no configuration.

What We're Building

APO FJ Downloads is a ground-up build for PHP 8.1+ and modern Joomla. It ships as a single installable package containing 11 sub-extensions:

• 1 component — Core download management with full admin CRUD
• 5 plugins — Content shortcodes, system ACL/MIME enforcement, REST API, Smart Search indexing, admin action logging
• 4 modules — Latest downloads, most popular, category tree, search form
• 1 shared library — MIME detection, storage adapters, layout engine, token management, ACL helpers

Key Differentiators

Twig Layout Engine. Every frontend view is rendered through a Twig-based layout engine. Admins can create custom layouts from the Joomla backend—no file editing required. Layouts cascade: shortcode parameter → download-level → category-level → global default → system fallback. Standard Joomla template overrides work too.

Real Security. Files are served exclusively through PHP controllers using one-time tokens. Every upload is verified with libmagic (not client-provided Content-Type). Files are stored outside the web root. Rate limiting and download quotas are enforced at the controller level. IP addresses are stored as salted SHA-256 hashes for GDPR compliance.

Full Joomla ACL Integration. Permissions work at global, component, category, and individual download levels. Custom actions include apofjdl.download, apofjdl.upload, apofjdl.upload.frontend, apofjdl.view.logs, and apofjdl.manage.layouts. Per-group quotas with daily, weekly, monthly, and lifetime periods.

REST API. Full CRUD API using Joomla's standard JSON:API format. Token authentication with per-action permission checks. Programmatic download triggering returns token-based URLs.

Pricing Philosophy

We're offering a free Lite edition and three Pro tiers:

• Lite: Free — core download management with a 5 MB file size limit, basic ACL, download counts. Available on the Joomla Extensions Directory.
• Single Site: $49/year — 1 domain, full Pro with all 11 sub-extensions
• Agency: $99/year — 5 domains
• Unlimited: $199/year — unlimited domains

Every Pro tier gets the complete extension with every feature. The only difference is how many domains you can activate. Lite gives you a fully functional download manager for small sites—and when you need unlimited file sizes, granular ACL, the Twig layout engine, REST API, or any of the advanced features, upgrading to Pro is straightforward.

And our licensing policy: if your Pro license expires, the extension continues to work with full functionality. You just don't get updates until you renew. We think holding your website hostage because a payment lapsed is a terrible practice, and we won't do it.

Development Timeline

We're working through a 5-phase development plan:

• Phase 1 (Foundation): Skeleton, CI, database schema, admin CRUD
• Phase 2 (Core Engine): MIME enforcement, ACL, secure serving, logging
• Phase 3 (Layout & Frontend): Twig engine, views, shortcodes, SEF router
• Phase 4 (Advanced Features): Media preview, S3 storage, modules, Smart Search
• Phase 5 (API & Release): REST API, accessibility, performance, v1.0.0

The full plan targets 270+ automated tests across unit, integration, and system test suites. We're testing against PHP 8.1 through 8.4 and Joomla 4.4, 5.x, and 6.x.

Why Joomla?

Joomla has a strong and loyal community, particularly in enterprise, government, and non-profit sectors. These organizations often need robust file distribution—policy documents, forms, reports, media files—and they need it with proper access control and audit trails.

The Joomla Extension Directory has download managers, but none that meet the security and flexibility standards these organizations require. We're building for that market.

Check out the full APO FJ Downloads product page for features, architecture, pricing, and roadmap details.

-ES

Here's a thought experiment: what would happen if a car company made exactly one vehicle? Not one model with twelve trims. Not one platform with three body styles. One car. One color. One interior. One drivetrain. The only choice is battery range.

That's the premise behind Regula Motor Company, our conceptual EV manufacturer. And the more I dig into the economics, the more convinced I am that radical standardization is the key to making electric vehicles genuinely affordable.

The Hidden Cost of Choice

Modern automakers love to talk about "options." But every option has a cost that goes far beyond the sticker price to the consumer:

• Paint shop complexity: Every additional color requires separate mixing, cleaning, quality control, and waste management. Some factories spend 30-40% of their energy budget on paint alone.
• Trim-specific tooling: Different interiors mean different molds, different suppliers, different quality checks. A "Sport" trim with different seats, steering wheel, and dash inserts is essentially a parallel production line.
• Supply chain branching: Each trim level multiplies the number of SKUs. A car with 6 trims and 10 colors has 60 possible configurations before you even count option packages.
• Wiring harness variants: The wiring harness is one of the most complex parts of a car. Every option package means a different harness variant—different sensors, different connectors, different routing.
• Training and QC overhead: Assembly line workers need to know every variant. Quality control needs to verify every combination.

When you add it all up, the cost of "choice" is staggering. And it's passed directly to the consumer.

The Ford Model T Didn't Fail

People love to joke about Henry Ford's "any color as long as it's black" line. But what they miss is that the Model T's radical standardization was the entire point. It made the car affordable for the average American.

Before the Model T, cars were luxury goods. After it, they were transportation. The difference wasn't some breakthrough in engine technology—it was manufacturing discipline. One design. One process. Relentless optimization of that one thing.

The auto industry eventually moved away from that model because consumer preferences diversified and manufacturing technology made variety cheaper. But "cheaper" isn't "free." The variety tax is still there, hidden in every MSRP.

What Does This Mean for EVs?

Electric vehicles are simpler than internal combustion vehicles. Fewer moving parts. No transmission variants. No engine displacement options. The platform is already more standardized than ICE.

But EV manufacturers are adding complexity back in with trims, option packages, and configurations. A Tesla Model 3 comes in multiple variants with different motors, different interiors, and different feature sets. A Hyundai Ioniq 6 has five trim levels. BMW's i4 has four.

Every one of those variants adds cost. And that cost is why the average EV still starts well above $30,000.

The Regula Approach

Regula's Civitas is designed to eliminate all of that:

• One exterior color. No paint shop complexity.
• One interior. No trim-specific tooling.
• One drivetrain (AWD). No motor variants.
• Battery range as the only variable. Same car, different battery capacity.

This isn't about limiting choice for the sake of it. It's about asking: what if we redirected all the engineering effort spent on making 12 mediocre configurations into making one configuration excellent?

The Target: Under $25,000

Our internal feasibility analysis suggests that a compact AWD EV sedan built under radical standardization principles could target an MSRP under $25,000. For context, the cheapest AWD EV sedan on the American market right now starts around $34,000.

The gap is significant. And it's not closed by battery breakthroughs or magic materials—it's closed by manufacturing discipline.

Is This Realistic?

Regula is a conceptual project. It lives in the "Moonshots" section of our projects page for a reason. Building a car company requires enormous capital, deep engineering talent, supply chain partnerships, and regulatory certification.

But the underlying thesis—that radical standardization can dramatically reduce per-vehicle costs—isn't theoretical. It's how every other industry achieves scale economics. Cars just haven't applied it aggressively enough.

We're not building cars yet. We're building software. But we're thinking about this problem seriously, and we believe the economics are sound.

If you're interested in the full overview, check out the Regula Motor Company project page.

-ES

When we announced APO Proposer last month, we positioned it as a cloud-based proposal management platform competing with PandaDoc and Proposify. Good product, proven market.

But after deeper analysis, we realized we were thinking too small.

The Pivot: From Proposal Tool to Business Platform

APO Proposer is no longer just a proposal tool. It's becoming a complete client business platform with three core components:

• Proposals (Core) — Drag-and-drop editor, e-signatures, templates, analytics
• Contracts Overlay — Legal document generation, clause library, renewal management
• Portal Overlay — Client-facing hub with file sharing, messaging, project board

This isn't feature creep. It's recognizing that freelancers and agencies don't just send proposals — they manage entire client relationships. We're building the platform that handles all of it.

Introducing proposer.tech

We've secured proposer.tech as the primary domain for APO Proposer, along with 15 brand protection domains (.cloud, .online, .digital, and more).

The subdomain architecture will be:

• www.proposer.tech — Marketing and landing page
• app.proposer.tech — SaaS application login
• api.proposer.tech — REST API endpoints
• docs.proposer.tech — Developer documentation

This gives APO Proposer its own identity separate from apotentia.com, while maintaining the APO branding connection.

The Self-Hosted Differentiator

Here's what makes us unique: we're the only proposal tool offering a self-hosted option.

PandaDoc? SaaS only. Proposify? SaaS only. Better Proposals? SaaS only. Dubsado, HoneyBook, Moxie? All SaaS only.

For freelancers tired of paying $29-65/month forever, we offer one-time purchase licenses:

License	Price	Users
Solo	$199 one-time	1 user
Team	$399 one-time	Up to 5 users
Agency	$699 one-time	Unlimited users

The math is simple: a Solo license ($199) breaks even vs. competitor SaaS ($25/month average) in just 8 months. After that? It's free forever.

Optional updates are $39-139/year — still 80% cheaper than annual SaaS subscriptions.

The Overlay Pricing Model

The Contracts and Portal features are modular add-ons ("overlays") that can be purchased separately or bundled:

SaaS Add-ons (per user/month):

• Starter tier: +$5 Contracts, +$5 Portal, +$8 Both
• Professional tier: +$10 Contracts, +$10 Portal, +$15 Both
• Business tier: Both overlays included free

Self-Hosted Add-ons (one-time):

• Solo: +$49 Contracts, +$49 Portal, +$79 Both
• Team: +$99 Contracts, +$99 Portal, +$149 Both
• Agency: +$149 Contracts, +$149 Portal, +$249 Both

This model lets users start with just proposals and add features as their business grows. No forced upsells — choose what you need.

Competitive Analysis: Verified December 2025

We've verified competitor pricing against current market rates:

Competitor	Starter	Business	Self-Hosted
APO Proposer	$15/user/mo	$49/user/mo	$199+ one-time
PandaDoc	$19/user/mo	$49/user/mo	No
Proposify	$19/user/mo	$65/user/mo	No
HoneyBook	$29/mo	$49/mo	No
Dubsado	$20/mo	$40/mo	No

Every competitor is SaaS-only. We're the only option for freelancers who want to own their data and escape subscription fatigue.

Target Launch: Q2 2026

We're targeting Q2 2026 for the full platform launch. Current status:

• Core Platform: ~75% complete (867+ tests, 35K+ lines of code)
• Contracts Overlay: Specification complete, development starting
• Portal Overlay: Specification complete, development starting

The roadmap:

• Phase 1 (Weeks 1-3): Complete Proposer core, self-hosted deployment package
• Phase 2 (Weeks 4-9): Build Contracts Overlay
• Phase 3 (Weeks 10-17): Build Portal Overlay
• Phase 4 (Week 18): Launch at proposer.tech

Why This Pivot Makes Sense

Three reasons:

1. Complete Solution: Freelancers and agencies don't want 5 different tools. They want one platform that handles proposals, contracts, and client communication. We're building that.

2. Market Gap: No one offers self-hosted proposal software. That's a real market — people tired of subscription fees, data privacy concerns, and vendor lock-in. We're filling that gap.

3. Revenue Diversification: SaaS provides recurring revenue; self-hosted provides one-time payments. Having both models makes the business more resilient.

Updated Product Page

We've completely updated the APO Proposer product page to reflect the new strategy:

• New positioning as "complete client business platform"
• Tabbed pricing showing both SaaS and Self-Hosted options
• Contracts and Portal overlay feature sections
• Competitive comparison tables with verified pricing
• Q2 2026 launch target

What This Means for Apotentia

APO Proposer is our flagship SaaS product. This pivot positions it as a more comprehensive solution with a unique self-hosted differentiator.

Expected impact:

• Higher average revenue per customer — Overlays increase ARPU
• New market segment — Self-hosted attracts subscription-fatigued customers
• Competitive moat — Only self-hosted option in the market

Get Involved

If you're interested in APO Proposer:

• Early access: Contact us to join the beta list
• Product page: See full feature details and pricing
• Domain: proposer.tech (coming Q2 2026)

We're building the proposal platform we wish existed: complete, flexible, and optionally self-hosted.

-ES

When we announced APO Thematic's expansion to WordPress and Drupal last week, we were still in planning mode. A lot has changed in seven days.

The backend API is complete. The license system is working. And our first theme - Federal Authority - is now available across all three CMS platforms.

What We Built This Week

Here's what got shipped:

Complete Laravel 12 API:

• Theme browsing and filtering endpoints
• License validation and activation
• Site registration and management
• Theme download with authentication
• Version update checking
• Health monitoring endpoints

License System (All 5 Tiers):

• Single Theme License ($29/year) - One theme, one site
• Multisite Standard ($119/year) - Unlimited sites, one theme per site
• Multisite Pro ($599/year) - Unlimited sites, multiple themes
• Custom Theme ($1,499/year) - Fully custom design
• Exclusive Ownership ($4,999 one-time) - Own your theme forever

Federal Authority Theme:

• WordPress theme package (all 3 variants)
• Joomla template package (all 3 variants)
• Drupal theme package (all 3 variants)
• 9 theme packages total for one design

The Three-Variant Approach

Every APO Thematic theme comes in three variants:

Light: Clean, professional appearance with light backgrounds. Classic corporate look that works for most organizations.

Dark: Modern dark mode design. Easier on the eyes, increasingly popular, and distinctive.

High-Visibility: WCAG AAA compliant variant with maximum contrast ratios. Designed for accessibility-first organizations, government sites, and users who need enhanced readability.

The high-visibility variant matters. Most theme marketplaces offer light and dark modes, but few provide true accessibility-compliant designs. For government agencies and organizations serving diverse populations, this isn't optional - it's required.

Test Coverage: 80+ Automated Tests

We're not shipping untested code. The APO Thematic API has comprehensive test coverage:

• Unit tests: License validation, domain normalization, theme queries
• Feature tests: API endpoints, authentication middleware, download flows
• 4,559 lines of test code across 8 test classes

Every API endpoint is tested. Every license tier is validated. Every edge case we could think of has a test.

This matters because theme marketplaces handle payments and license enforcement. Bugs in licensing mean either lost revenue or angry customers. Neither is acceptable.

The 25-Theme Roadmap

Federal Authority is the first of 25 planned base themes. Here's the full roadmap:

Government & Civic (5 themes):

• Federal Authority (complete)
• County Services
• State Capital
• Public Safety
• Municipal Modern

News & Media (3 themes):

• Press Room
• Broadcast
• Editorial

Community Organizations (5 themes):

• Congregation
• Club House
• Foundation
• Volunteer
• Advocacy

Business & Commerce (5 themes):

• Corporate
• Professional
• Startup
• Agency
• Consultant

Creative & Personal (3 themes):

• Portfolio
• Studio
• Personal

Education (2 themes):

• Academy
• Campus

Healthcare & Wellness (2 themes):

• Medical
• Wellness

Each theme × 3 variants × 3 CMS platforms = 225 total theme packages when complete.

What's Not Done Yet

Let's be clear about what still needs work:

CMS Installation Plugins: The API serves themes, but users can't yet install them with one click from their CMS admin panel. That requires native plugins for WordPress, Joomla, and Drupal - not started yet.

apothematic.com Marketplace: The frontend where users browse and purchase themes doesn't exist yet. Currently it's API-only.

24 More Base Themes: We have 1 of 25 themes complete. That's 4% of the theme library. A lot of design work remains.

Payment Integration: Stripe is configured in our main site, but the theme marketplace checkout flow isn't built yet.

Technical Architecture Decisions

A few choices that shaped the project:

Laravel 12 for the API: We chose Laravel over building directly into each CMS. This means one codebase serves all three platforms. Updates, bug fixes, and new features deploy once and work everywhere.

License key authentication: Themes validate against our API using license keys and domain verification. No phone-home tracking, no usage monitoring - just "is this license valid for this domain?"

Database-backed everything: Themes, licenses, downloads, sites - all in MySQL with proper indexes. This means we can add analytics, reporting, and admin features without architectural changes.

Rate limiting: 60 requests per minute per IP. Enough for normal use, protective against abuse.

Why Government Themes First?

Federal Authority is a government-focused theme. Why start there?

Two reasons:

1. Accessibility requirements: Government sites must meet accessibility standards. Building WCAG AAA compliance into our first theme forced us to establish patterns we'll use across all themes. It's easier to start accessible than retrofit later.

2. Market knowledge: I spent 20 years in federal government. I know what government websites need. Starting with familiar territory reduces design risk.

Revenue Projections Update

With the backend complete, our APO Thematic projections are more concrete:

• Year 1: $3,500 - $10,000 (15-30 Single + 5-10 Multisite + 2-5 Pro + 1-2 Custom)
• Year 2-3: $15,000 - $35,000 (as WordPress market gains traction)

These are conservative estimates assuming organic growth only. WordPress has 800+ million sites. If even 0.001% become customers, that's 8,000 potential users.

What Happens Next

Immediate priorities:

1. Complete County Services theme - Second government theme, establish production workflow
2. Build WordPress plugin - One-click installation from WP admin
3. Design apothematic.com - Marketplace frontend for browsing and purchasing
4. Continue theme development - Target: 5 themes before marketplace launch

The Honest Assessment

APO Thematic moved from "planning" to "in development" this week. The foundation is solid - Laravel API, license system, test coverage, first theme complete.

But we're maybe 15% done overall. The API is 100% complete. The theme library is 4% complete. The marketplace frontend is 0% complete. The CMS plugins are 0% complete.

This is a multi-month project. We're building it properly, not rushing to market with a half-finished product.

If you're interested in APO Thematic - whether as a future customer or just following along - the product page now shows real-time development progress.

We're building in public. Progress is visible. And Federal Authority is actually shipping.

-ES

Apotentia has focused on plugins, themes, and specialized software for government and enterprises. Today, we're announcing something different: APO Proposer, a cloud-based proposal management platform.

This is our first true SaaS product. Here's why we're building it and what makes it different.

The Market Opportunity

Proposal management software is a proven market:

• Market size: $2.49B in 2024, projected to reach $9.64B by 2034
• Growth rate: 14.5% CAGR (compound annual growth rate)
• Established players: PandaDoc ($19-49/user/month), Proposify ($29-65/user/month), Better Proposals ($13-42/user/month)

Unlike some of our other projects, this market is validated. Companies pay $15-65 per user per month for proposal software. The challenge isn't proving demand - it's building a competitive product and acquiring customers.

What APO Proposer Does

APO Proposer handles the complete proposal lifecycle:

Creation & Collaboration:

• Drag-and-drop editor with content blocks (text, images, tables, pricing)
• 50+ professional proposal templates
• Real-time collaboration with presence indicators
• Comments, @mentions, and threaded discussions
• Approval workflows with custom chains

Client Experience:

• Shareable proposal links with password protection
• Mobile-responsive viewing experience
• E-signatures with legally binding audit trails
• Stripe payment integration for collecting deposits
• PDF export and download options

Analytics & Intelligence:

• View tracking (who opened, when, how long)
• Engagement heatmaps showing attention focus
• AI-powered content suggestions
• Win probability scoring
• Pipeline analytics and reporting

Integration & API:

• CRM integrations (HubSpot, others planned)
• REST API with comprehensive documentation
• Webhooks for custom workflows
• Import/export for bulk operations

Tech Stack: Modern and Production-Ready

APO Proposer is built with proven technologies:

• Backend: Laravel 12 (PHP 8.2+)
• Frontend: Vue.js 3, Inertia.js, Tailwind CSS
• Database: MySQL/PostgreSQL
• Real-time: Laravel Reverb (WebSockets)
• Search: Meilisearch via Laravel Scout
• Payments: Stripe via Laravel Cashier
• AI: OpenAI API integration

We're not building from scratch. We're using battle-tested frameworks and tools that have powered thousands of SaaS applications.

Development Status: 75% Complete

Here's where we actually are:

• 806 tests passing - Comprehensive automated test coverage
• 3,929 assertions - Quality assurance throughout the codebase
• Core features complete: Proposal builder, templates, collaboration, e-signatures, analytics
• MVP timeline: 3-6 months to production-ready launch

We're not announcing vaporware. APO Proposer is in late-stage development with significant functionality already working. The repository is private during active development, but we're building this properly before opening it publicly.

Pricing: Competitive and Transparent

We've analyzed the competition and priced APO Proposer to be competitive while sustainable:

Starter: $15/user/month (annual: $12/user/month)

• 5 active proposals per month
• 10 templates
• E-signatures (unlimited)
• Basic analytics
• Email support

Professional: $29/user/month (annual: $24/user/month)

• Unlimited proposals
• 50+ templates
• Real-time collaboration
• Advanced analytics
• CRM integrations
• API access
• Priority support

Business: $49/user/month (annual: $39/user/month)

• Everything in Professional
• Custom templates
• Advanced approval workflows
• Team analytics
• All integrations
• SSO (SAML)
• Dedicated support

Enterprise: Custom pricing

• Unlimited everything
• Custom integrations
• SLA guarantee
• HIPAA compliance
• Onboarding and training

14-day free trial. No credit card required. 20% discount for annual billing.

Why We Can Compete

Proposal management is competitive. Here's our advantage:

Modern Tech Stack: Laravel 12 and Vue.js 3 provide better performance and developer experience than legacy platforms. This matters for feature velocity.

Developer-Friendly: Comprehensive REST API and webhook support from day one. Most competitors treat APIs as afterthoughts.

AI-First Approach: AI features integrated throughout, not bolted on. Content suggestions, win probability scoring, and proposal improvements are core features.

Fair Pricing: Starter at $15/user/month undercuts competitors while providing real value. Professional at $29/user/month matches market leaders while offering more features.

No VC Pressure: We're building for sustainability, not exit multiples. This means we can focus on product quality and customer needs rather than growth metrics.

Valuation: $150K-$500K

Let's talk honestly about what APO Proposer is worth today:

Pre-revenue status: We haven't launched yet. No customers. No recurring revenue.

Conservative valuation: $150,000

• Development cost method: ~1,500 hours @ $75-100/hour = $112K-150K
• 75% complete with 806 tests and 3,929 assertions
• Production-ready within 3-6 months

Optimistic valuation: $500,000

• Strategic value premium for proven market ($2.49B TAM)
• Established competitors validate customer willingness to pay
• Near-production-ready reduces execution risk
• 2-3x development cost for market-validated product

This isn't hype. It's realistic assessment of a late-stage MVP in a proven market. The challenge is customer acquisition, not product viability.

Revenue Projections: Conservative But Real

Here's what we project for APO Proposer (conservative organic growth, minimal marketing):

• Year 1: $6,336 ARR (17 customers, avg 2 users each)
• Year 2: $20,472 ARR (53 customers, avg 2.5 users each)
• Year 3: $51,420 ARR (113 customers + 2 enterprise deals)
• Year 5: $228,480 ARR (390 customers + 10 enterprise deals)

These assume organic growth only. With targeted marketing investment, actual performance could exceed projections. But we're planning conservatively.

Repository: Private During Development

APO Proposer's GitHub repository is private while we complete development. Why?

• Quality focus: We're building this properly before opening publicly
• Security considerations: SaaS platforms require careful security review before exposure
• Competitive positioning: We're not showing our implementation until launch

When we launch, customers will get tested, production-ready code with clear documentation and ongoing support.

What Makes This Different from Our Other Products

APO Proposer is our flagship SaaS product:

• APO Recruit: Joomla/WordPress/Laravel plugins (install on your server)
• APO Thematic: Theme marketplace (downloadable themes)
• APO Proposer: Cloud-hosted SaaS platform + self-hosted option

This changes our business model. Plugins and themes are one-time or annual purchases. SaaS is recurring monthly revenue with ongoing hosting costs. It's different economics.

Why SaaS Now?

Fair question: Why add SaaS complexity when we're still launching plugins and themes?

Three reasons:

1. Predictable Revenue: Plugins and themes have uncertain sales patterns. SaaS provides recurring revenue that's easier to forecast and scale.

2. Proven Market: Unlike some of our experimental projects, proposal management is a validated $2.49B market. We know customers will pay.

3. Product Status: APO Proposer is 75% complete. We've already invested significant development time. Finishing and launching makes more sense than abandoning.

The Honest Challenges

Let's not pretend this is easy:

Customer Acquisition: Getting the first 100 customers is hard. We're competing against established brands with marketing budgets. We don't have either.

Hosting Costs: SaaS means ongoing server costs whether we have 10 customers or 1,000. Plugins and themes don't have marginal costs.

Support Requirements: Cloud platforms require 24/7 uptime and fast support responses. That's harder for a bootstrap operation than plugin support.

Feature Parity: Competitors have been building for years. We need enough features to be credible, but we can't match everything immediately.

Why We Think We Can Win

Despite challenges, we have advantages:

Modern Architecture: Built on Laravel 12 and Vue.js 3, not legacy PHP frameworks. This means faster feature development.

Quality Focus: 806 tests and 3,929 assertions. We're building quality into the product, not retrofitting later.

Bootstrap Patience: No VC pressure means we can grow organically. We don't need 3x year-over-year growth to satisfy investors.

Fair Pricing: Competitive rates with transparent pricing. No hidden fees, no mandatory upsells.

Impact on Apotentia's Business Plan

Adding APO Proposer significantly changes our financial projections:

Asset Valuation: Increases total company assets from $19K-49K to $169K-549K (conservative: +$150K, optimistic: +$500K)

Year 5 Revenue Projection: Increases from $170K-300K to $226K-424K (+$56K-124K from Proposer alone)

Portfolio Diversification: Adds predictable SaaS revenue to balance one-time plugin/theme sales

This makes Apotentia more valuable and more sustainable as a business.

What's Next

Immediate priorities for APO Proposer:

• Complete remaining 25% of core features
• Security audit and penetration testing
• Performance testing at scale (1000+ proposals)
• Beta testing with early customers
• Production deployment to staging environment
• Launch with transparent pricing and 14-day trial

We're aiming for Q1 2026 launch, but we won't rush. Quality matters more than speed.

The Bottom Line

APO Proposer is our entry into cloud SaaS. It's a $2.49B proven market with established competitors and validated customer demand. We're 75% complete with 806 tests ensuring quality.

It's ambitious. It's competitive. It's different from our other products. But it's the right move.

Building proposal management software won't be easy. But we're building it anyway.

If you're interested in beta access when we launch, reach out. We'll be looking for early customers to provide feedback and help shape the product.

-ES

When we first planned APO Thematic, we envisioned it as a Joomla-exclusive theme marketplace. Premium themes, one-click installation, unified marketplace - all built for Joomla sites.

That vision just got a lot bigger.

The Market Reality Check

Let's talk about CMS market share:

• Joomla: ~2.5% of websites (40 million sites)
• WordPress: ~43% of websites (800 million sites)
• Drupal: ~1.5% of websites (20 million sites)

Building exclusively for Joomla meant addressing 40 million potential sites. Adding WordPress and Drupal expands our addressable market to 860 million+ sites - a 20x increase, with WordPress alone representing a 30x market expansion.

We'd be foolish not to support WordPress.

Pricing That Makes Sense

Our original Joomla-only pricing was $49/year for single site, $199/year for unlimited sites. After extensive competitive analysis, we've revised our pricing to be more competitive while maintaining fairness:

Subscription Tiers:

• Single Theme License: $29/year - One theme on one site at a time (you can switch themes anytime)
• Multisite Standard: $119/year - Unlimited sites, one theme per site
• Multisite Pro: $599/year - Unlimited sites, multiple themes per domain (mix and match across your sites)

Custom Theme Services:

• Custom Theme: $1,499/year - Fully custom design based on your wireframes and colors, updates for 1 year
• Exclusive Ownership: $4,999 one-time - Own your custom theme forever, never listed publicly, full source code included

Why $29 Instead of $49?

Competitive analysis showed us the market:

• WordPress leaders: Elegant Themes charges $89/year for unlimited sites with Divi builder
• Joomla leaders: YOOtheme charges €150-529/year, JoomlArt charges $89-299/year
• ThemeForest: One-time purchase at $40-69 per theme (no updates or support after first year)

At $29/year, we're 67% cheaper than competitors while providing a better value proposition: access to 20-30 themes instead of just one. Users can switch themes anytime without additional purchases.

$29/year is also sustainable. At $10/year (our initial consideration), one support ticket would cost more than annual revenue. At $29/year, we can provide quality support and maintain the platform.

Unified Marketplace, Three Platforms

Here's what makes APO Thematic different:

One Subscription, All Platforms: Your APO Thematic subscription works across Joomla, WordPress, and Drupal. Same themes, adapted for each platform's template system. No separate purchases needed.

Consistent Design Language: We're not porting themes between platforms. We're designing themes once, then implementing them natively for each CMS. They'll feel native to each platform while maintaining consistent design quality.

One-Click Installation: Whether you're on Joomla 5, WordPress 6, or Drupal 10, themes install with one click from your CMS admin panel. No FTP, no manual uploads, no configuration headaches.

Theme Library Strategy

We're launching with a focused library:

• 2 free themes: No credit card required, full featured, always free
• 20-30 premium themes: Actually 10-15 unique designs, each with light and dark variants
• Monthly additions: New designs released regularly after launch

We're not launching with 50 mediocre themes. We're launching with 10-15 professionally designed themes that look great and work flawlessly across all three platforms.

The WordPress Opportunity

WordPress is the elephant in the room. It's 30x larger than Joomla's market. But it's also incredibly competitive - ThemeForest alone lists 15,000+ WordPress themes.

How do we compete?

• Subscription access: $29/year for all themes vs. $40-69 per theme
• Ongoing updates: Unlike one-time purchases, subscribers get continuous updates and new themes
• Multi-CMS portability: Migrating from WordPress to Joomla? Your themes come with you
• Quality over quantity: 10-15 professional designs instead of 15,000 amateur templates

Domain Protection: apothematic.com

We've secured the domain portfolio for APO Thematic:

• apothematic.com - Primary marketplace domain
• Plus 6 defensive extensions (.design, .info, .net, .org, .pro, .shop)

The marketplace will eventually live at apothematic.com, providing a dedicated destination for theme browsing, purchasing, and documentation.

Technical Architecture

Supporting three CMS platforms requires careful architecture:

• Theme framework: Core design system implemented once, adapted per platform
• Installation plugins: Native installers for Joomla, WordPress, and Drupal
• Update system: Automatic updates pushed through each CMS's update mechanism
• Licensing validation: API-based license checking (respects privacy, no phone-home tracking)

What We're NOT Doing (Yet)

During strategic planning, we considered several features that we're deliberately delaying:

• AI-assisted theme generation: Interesting concept, but not core value proposition
• Page builder integration: Adds complexity, may conflict with theme system
• WooCommerce/VirtueMart/Drupal Commerce: E-commerce themes require specialized knowledge

These might come later. For now, we're focused on beautiful, professional themes that work reliably across three platforms.

Competitive Positioning

APO Thematic isn't trying to be ThemeForest or Elegant Themes. We're building something different:

• Multi-CMS by design: Not WordPress-first with "maybe Joomla later"
• Subscription model: Ongoing value instead of one-time purchase with expiring support
• Curated library: 20-30 excellent themes instead of 15,000 mediocre ones
• Fair pricing: $29/year competitive with market while remaining sustainable

Development Roadmap

Here's what's ahead:

1. Build theme engine and framework - Core system for Joomla, WordPress, Drupal
2. Design initial theme library - 2 free + 10-15 premium designs
3. Create installation plugins - One-click installers for each CMS
4. Build apothematic.com marketplace - Unified browsing and purchasing experience
5. Launch simultaneously - All three platforms at once, not sequential rollout
6. Monthly theme releases - Continuous expansion post-launch

Why This Matters for Apotentia

APO Thematic represents a significant revenue opportunity:

• Lower customer acquisition cost: WordPress marketplace provides discovery
• Recurring revenue: Subscriptions provide predictable income
• Scalable product: Digital themes have near-zero marginal cost
• Portfolio diversification: Balances SaaS focus of APO Proposer and APO Recruit

Plus, we get to build beautiful things. That matters.

The Honest Reality

APO Thematic is still in planning. We don't have themes designed yet. We don't have the marketplace built yet. We're documenting our strategy publicly as we build.

Why announce before we're ready?

• Transparency: We're building in public, including the planning phase
• Market validation: If no one cares about multi-CMS themes, better to know now
• Domain protection: We've secured apothematic.com and extensions before launch
• Strategic clarity: Public commitment keeps us accountable to execute

What You Can Do

If you're interested in APO Thematic:

• Reach out: Let us know what kind of themes you need (contact page)
• Custom themes: We're accepting custom theme commissions now at $1,499/year or $4,999 one-time ownership
• Support the mission: Donations help fund development

We're building this deliberately, not rushing to market. When APO Thematic launches, it'll work properly across all three platforms.

The Bottom Line

Expanding APO Thematic from Joomla-only to WordPress and Drupal increases our addressable market 20x. Revising pricing from $49-$199 to $29-$599 makes us more competitive while remaining sustainable.

It's a bigger vision than we started with. But it's the right vision.

Building for three platforms is harder. But serving 860 million+ potential sites instead of 40 million makes it worth the effort.

-ES

Most startup stories focus on product launches and customer wins. This isn't one of those stories. This is about the unsexy but essential work of building financial infrastructure.

Over the past week, we've completed two critical milestones: opening business bank accounts at Grasshopper Bank and activating Stripe payment processing. Here's why these matter and how they fit into our bootstrap funding strategy.

Grasshopper Bank: Built for Startups

We chose Grasshopper Bank for our business accounts because they're designed for technology companies and startups. Unlike traditional banks that see software companies as risky, Grasshopper understands our business model.

We opened two accounts:

• Innovator Business Checking: 1.00% APY (under $25K), 1.35% APY ($25K-$250K)
• Innovator Money Market Savings: 1.55% APY (under $25K), 3.10% APY ($25K+)

These aren't typical business bank accounts. Traditional business checking pays 0.01% interest. Grasshopper's checking pays 1.00%. Their savings account pays 1.55% for balances under $25K, then jumps to 3.10% once you cross that threshold.

The Patient Capital Strategy

Why do interest rates matter for a software company?

Because we're building a reserve fund. The plan is simple but requires patience:

1. Contribute $400/month from personal savings ($200 per paycheck, twice monthly)
2. Build up savings in high-yield accounts earning 1.44% weighted average (80% in savings, 20% in checking)
3. Once the fund crosses $25K, interest earnings accelerate to 2.75% weighted average
4. Eventually, monthly interest income covers operational costs
5. When products generate revenue, combine earnings with interest to become self-sustaining

This is patient capital. No investors to please. No quarterly growth metrics. Just steady, methodical building of financial stability.

Projected Growth

Starting from $1,000 (split between checking and savings), here's how the fund grows:

• Month 6: ~$3,825 total ($2,400 contributions + $18 interest + $400-$800 product revenue)
• Year 1: ~$12,160-$17,560 ($4,800 contributions + $45 interest + $6,300-$11,700 revenue)
• Year 2: ~$30,000-$45,000 (crossing the $25K threshold triggers higher interest rates)
• Year 3-5: Accelerating growth as higher interest rates compound

By Year 5, we project $150K-$175K in reserves, generating $4,300-$4,800 in annual interest at 2.75% APY. That won't cover salaries, but it covers server costs, development tools, and miscellaneous operational expenses.

Stripe Payment Processing: Ready for Launch

We've also activated Stripe for payment processing. This enables:

• Donations: One-time and monthly recurring donations at apotentia.com/donate
• Product sales: When APO Proposer, APO Recruit, and APO Thematic launch
• Subscription revenue: For recurring product licenses and support contracts

Stripe is industry-standard for a reason. Secure, reliable, well-documented. It handles PCI compliance so we don't have to. It supports one-time payments, subscriptions, and invoicing.

We're not reinventing payment processing. We're using the best tool for the job.

Transparent Pricing Philosophy

Our Stripe integration uses straightforward pricing:

• 2.9% + $0.30 per transaction (Stripe's standard rate)
• No hidden fees or markup
• Donors and customers see exactly what they're paying

We're not adding payment processing fees on top. If you donate $100, we receive $97.10 after Stripe's fee. That's it.

Why This Matters for Product Development

Having payment processing in place removes a blocker. When APO Proposer is ready to launch, we don't need to scramble to set up e-commerce. When a customer wants to buy a self-hosted license, we can invoice immediately.

Financial infrastructure built ahead of need means faster response when opportunities arise.

The Bootstrap Reality Check

Let's be honest about what these milestones actually represent:

What we achieved: Set up bank accounts and payment processing. Basic business infrastructure that most companies complete in week one.

What we didn't achieve: Revenue. Customers. Product launches. Actual business results.

Opening bank accounts isn't a business. It's table stakes. But for a bootstrapped company building deliberately, every piece of infrastructure matters.

Comparison to VC-Backed Path

If we had raised venture capital, this entire blog post would seem absurd. Who writes 1,000 words about opening bank accounts?

VC-backed companies open accounts, activate Stripe, and move on. They have runway. They have multiple employees. They're not trying to build self-sustaining operations from interest income on savings accounts.

But we're not VC-backed. We're building patient capital, one $400 contribution at a time.

What's Next

With financial infrastructure in place, we're focused on:

• Completing APO Recruit development for multi-platform launch
• Launching APO Proposer at proposer.tech
• Building the APO Thematic marketplace
• Growing the reserve fund toward the $25K threshold
• Actually generating revenue (still the hard part)

Banking and payment processing are solved problems. Product-market fit is still the challenge.

Why Document This?

Most startup blogs focus on wins. We're documenting the entire process - including the boring infrastructure work.

Why? Because transparency matters. If we're asking people to support our mission through donations or product purchases, they deserve to see how we're building this company.

Plus, 10 years from now when (hopefully) Apotentia is a sustainable software company, it'll be interesting to look back at blog posts about opening bank accounts and activating Stripe.

We all start somewhere.

-ES

APO Recruit started as a Joomla-only job board and applicant tracking system. Today, we're announcing support for WordPress and Laravel.

This isn't about abandoning our roots. It's about meeting users where they are.

The Platform Adoption Reality

Here's the honest truth about CMS market share:

• WordPress: ~43% of all websites
• Joomla: ~2-3% of all websites
• Laravel: Popular framework for custom enterprise applications

When we built APO Recruit exclusively for Joomla, we were limiting ourselves to 2-3% of the market. That's sustainable if you're the only game in town. But we're not - there are other job board solutions for Joomla, and many more for WordPress.

If we want APO Recruit to be widely adopted, we need to support the platforms people actually use.

Why Multi-Platform Now?

Three reasons drove this decision:

1. Broader Market Reach

By supporting WordPress, we can reach 15-20x more potential customers. Small businesses, recruiting agencies, and organizations that already have WordPress sites can now use APO Recruit without migrating their entire web presence.

2. Enterprise Flexibility

Laravel support lets us serve enterprise customers who need custom applications. Many organizations build their own platforms with Laravel. Now they can integrate APO Recruit as a recruitment module instead of building from scratch.

3. Competitive Pricing Position

WP Job Openings (the leading WordPress job board plugin) charges $69-$399/year depending on sites. We're pricing APO Recruit 10% below that while offering volume-based fairness:

• Starter: $59/year (1 site, <100 applications/year)
• Professional: $119/year (5 sites, 100-500 applications/year)
• Business: $349/year (unlimited sites, 500-1K applications/year)
• Enterprise: Contact sales (1K+ applications/year, custom solutions)

Volume-based pricing is fairer than per-site pricing. A small nonprofit with 50 applications shouldn't pay the same as a staffing firm with 5,000 applications.

What Stays the Same

The core APO Recruit features work across all platforms:

• Job posting management with custom fields and categories
• Applicant tracking with workflow automation
• Custom application forms per position
• Team collaboration with notes and ratings
• Email notifications and candidate communications
• Reporting and analytics on hiring funnel metrics

We're not building three separate products. We're building one product that works on three platforms.

The Technical Challenge

Supporting multiple platforms means:

• Platform-specific adapters for authentication and permissions
• Different installation and update mechanisms
• UI that matches each platform's design patterns
• Testing across three different environments

This is harder than building for one platform. But it's worth it if it means reaching 15x more potential customers.

Repository Status

APO Recruit's GitHub repository is private during active development. We're building this properly before opening it to the public. When we launch, customers will get:

• Tested, production-ready code
• Clear documentation and installation guides
• Regular updates and security patches
• Support contracts available upon request

We're not doing the "move fast and break things" approach. We're building software for businesses managing their hiring processes. It needs to work.

What This Means for Customers

If you're considering APO Recruit:

• Joomla users: You get a native Joomla component built with modern architecture
• WordPress users: You get a plugin that feels native to WordPress
• Laravel developers: You get a package you can integrate into custom applications

Everyone gets the same core features, fair volume-based pricing, and support.

Competitive Positioning

We're not trying to be the cheapest option. We're trying to be the fairest option.

WP Job Openings charges $69/year for one site. Whether you get 10 applications or 1,000 applications, you pay the same price. That's not fair.

APO Recruit charges based on actual usage. Small organizations pay less. High-volume recruiters pay more. Everyone gets the same features.

What's Next

Immediate priorities:

• Finalize WordPress plugin architecture
• Build Laravel package installer
• Create demo sites for each platform
• Beta testing with early adopters
• Public launch with transparent pricing

We're still in active development, but we're building in public. You can follow our progress on the Projects page.

The Bottom Line

Multi-platform support makes APO Recruit more widely adoptable. Fair volume-based pricing makes it more accessible. Building for three platforms is harder, but it's the right move.

We're building software for the market that exists, not the market we wish existed.

-ES

Building a sustainable software company is a marathon, not a sprint. Here's our straightforward approach to growing Apotentia into something meaningful.

Gecker Development Progress

Our flagship social platform continues to evolve. Current stats:

• Over 1,000 automated tests ensuring reliability
• Hundreds of features combining the best of Reddit, Twitter, and Facebook
• Active development with regular improvements

Gecker represents our vision for social media without the exploitation - a platform built for users, not advertisers.

Financial Strategy

Our approach is simple but deliberate:

• Build savings in high-yield savings accounts
• Create a fund large enough to generate monthly dividends
• Use dividend income to cover operational costs
• Fund developer salaries (including my own, currently self-funded)
• Maintain independence - no venture capital, no shareholders to please

This might seem slow, but it keeps us honest. We build what users need, not what investors demand.

Pie-in-the-Sky Plans

With adequate funding, here's what we want to tackle:

• Privacy-First Search Engine: AI-assisted search with zero tracking, no data sales, and absolutely no ads
• SaaS Products: APO Proposer for proposal management, APO Thematic for themes, APO Recruit for hiring
• Open Source Contributions: Regular donations to projects we depend on and believe in

Charitable Commitments

When we have consistent revenue, we'll establish regular monthly donations to:

• Wikipedia - essential public knowledge infrastructure
• Joomla - the platform our plugins support
• Other open source projects relevant to our work

We benefit from open source. We should contribute back.

Current Reality

Right now, Apotentia is:

• One person (me, Eric Santiago - US Army veteran)
• A disabled-veteran-owned business
• Self-funded from personal savings
• Building products, not chasing funding rounds
• Focused on creating value before extracting it

What's Next

Keep building. Keep improving. Stay independent. Create software that helps people.

If you want to support this work, you can make a donation (see our contact page for details). Otherwise, just knowing people care about ethical software development is encouragement enough.

-ES

Every startup guide tells you to raise money. Pitch to VCs. Build fast. Scale faster. Exit in 5-7 years.

We're not doing any of that.

The VC Model Problem

Venture capital works great for specific kinds of companies:

• Network effects that require rapid user acquisition
• Winner-take-all markets where second place dies
• Capital-intensive businesses (hardware, biotech)
• Products that need to "blitz scale" before competitors catch up

Our products don't fit any of these categories.

We're building enterprise software and SaaS products. The markets are large but require patience. Sales cycles can be long. Each sale is relationship-driven. You don't "blitz scale" sustainable software businesses.

What VCs Would Want

If I took VC money, here's what would happen:

• Hire fast - Build a 20-person team before we have product-market fit
• Spend aggressively - Marketing, sales, conferences, enterprise sales team
• Grow at all costs - 3x year-over-year growth or die
• Exit pressure - Need 10x return in 5-7 years, so acquisition or IPO required

This model optimizes for investor returns, not sustainable business building.

Our Model: Patient Capital

Here's what we're doing instead:

• Self-fund from savings - I'm using personal savings to cover development costs
• Build a reserve fund - Put money in high-yield savings accounts
• Generate passive income - Once the fund is large enough, dividends cover operational costs
• Stay small - No pressure to hire before we're ready
• Build for decades - Not years

This might seem slow. It is slow. But it lets us build the right product instead of the fundable product.

The High-Yield Strategy

Right now, high-yield savings accounts are paying 4-5%. If we can build a reserve fund large enough, the monthly interest can cover:

• Server costs
• Development tools and services
• Eventually, developer salaries (including mine)

This is "patient capital" - no investors to please, no exit timeline, no growth-at-all-costs pressure.

The Honest Truth

Here's what I don't talk about in pitch decks: I've tried the private sector three times in 20 years. Each time, I've struggled to adapt.

About 10 years ago, I worked at a small company for 18 months while they built a map tool with Ruby and Leaflet. The company struggled to find customers. I felt woefully uncertain about how to help. I knew how to build software, but I couldn't figure out the commercialization side. Eventually I went back to government work.

That experience taught me something: I need a business model that plays to my strengths. Federal enterprise software fits - slow procurement, long sales cycles, relationship-driven. As a founder with deep federal experience, I can build products I actually understand for a market I know.

What This Means for Customers

Here's what our funding model means for you:

• No pivot risk - We're not going to abandon you for a higher-margin product
• No acquisition risk - We're not selling to a PE firm that cuts support
• No feature pressure - We build what users need, not what drives ARR metrics
• Long-term support - We're building for decades, not exit events

The Downside

There are real disadvantages to bootstrapping:

• Slower development - One person vs. a funded team
• Slower market entry - Can't afford big marketing pushes
• Higher personal risk - My savings, my livelihood
• No safety net - If this fails, I'm back to government work

But I'm okay with these trade-offs. I'd rather build slowly and sustainably than grow fast and flame out.

Will It Work?

I don't know. Hopefully customers see the value in what we're building. Or not.

Either way, I'm going to keep building. That's the advantage of not having investors breathing down your neck.

-ES