I’ve been repeating that with Lovable, anyone can build real products without coding.

Yet, people:

• Claim it’s just a prototyping tool

• Call it “vibe-coding” (I’m allergic to the term)

• Insist you need engineers to build real products

So, I decided to continue my PoC, and today I’m launching my first real SaaS.

My goals:

• Prove it’s possible. You do not need to code

• Demonstrate and explain the next steps, like GTM and getting the first customers

You can use the same techniques to:

• Create a new product or clone an existing product like Typeform or DocuSign (standard digital signatures - enough for most US companies)

• Create an extra revenue stream.

• Become the Product Manager of your product without asking for permission

In this post:

1. Accredia: A Certificate Management Platform

2. No-Code SaaS Secure Solution Architecture

3. 🔒 Three Lovable Prompts You Can Reuse to Start Building

4. 🔒 What’s Next and Conclusion

Hey, Pawel here. I’m on vacation 10-21 August, but our posts will not be disturbed.

We will be discussing launching apps in detail during office hours after my return.

Consider subscribing and upgrading your account for the full experience:

1. Accredia: A Certificate Management Platform

Accredia allows anyone to easily issue, receive, and share digital credentials.

Why credentials, not a sexier app like Dropbox, DocuSign, or Typeform?

I started with a problem I knew: existing digital certificate solutions are too expensive for many product, Agile, and tech trainers.

For example:

• Accredible: ~$960 for 1,000 certificates (my deal)

• Credly: ~$5,000 for 1,000 badges

Accredia already provides 80% of Accredible’s value. A short demo:

In the first version:

• Multiple organizations can use the platform simultaneously

• Each organization can invite multiple users (Admins, Members)

• Administrators can:

  • Define and manage courses

  • Use a drag & drop certificate editor

  • Issue certificates manually or using a spreadsheet

  • Manage organization members

  • Manage the organization’s subscription, make payments, download invoices

• Students can:

  • Edit their public profiles (including the URL)

  • Publish/unpublish their learning profiles and certificates

  • Generate shareable links for social media

• Unauthenticated users can:

  • Visit public student profiles

  • Verify whether a public certificate is authentic

Building this took me just ~16 hours, 340 Lovable credits, and $80. If we continue, after another 16-24 hours, we’ll achieve feature parity (better social previews, integrated social platform sharing).

Why would anyone pay for Accredible?

Next:

• I’m starting to migrate a few thousand of our certificates from Accredible. I hope people will share them; a growth loop for the platform and for organizations.

• Accredia is free for up to 1,000 certificates/year for all premium subscribers. Others cover basic infrastructure costs. If you have students, email me at pawel@productcompass.pm to join the beta.

• GTM: Social media + SEO: “alternatives to X,” “X vs. Y,” and similar. I’ll leverage my high-domain-authority site (productcompass.pm).

• Trying to win the first Beachhead Segment.

[Edited]

I highly recommend those feature and price comparison pages of digital certificates and digital credentials solutions:

• The #1 Credly Alternative: Certificate Management, Digital Credentials

• The #1 Accredible Alternative: Stop Paying for Your First 1,000 Recipients

2. No-Code SaaS Secure Solution Architecture

All components here are universal.

Separated Environments

I separated my DEV, TEST, and PROD environments using the advice from the previous post: How to Build and Scale Full-Stack Apps in Lovable Without Breaking Production

Quality Assurance in Lovable

I start with things that don’t scale to verify assumptions. I’ve defined a manual test scenario checklist before release.

The next step will be recording test scenarios in the browser with Selenium. This “black-box” testing will cover all my needs for now.

Status Monitoring in Lovable

I will use a free UptimeRobot service on production for monitoring and communication.

An example for aigents.pm:

Extended Product Analytics - Heatmaps And Session Recordings in Lovable

I’ll start with free Microsoft Clarity for heatmaps/session recordings, while masking sensitive data. This helps me understand behavior patterns and what users might struggle with. I’ll follow up with interviews.

An example for aigents.pm:

Multi-Tenant Setup in Lovable

I used Clerk that provides authentication (e.g., Google, email), organizations, users, roles, and subscriptions. Clerk also supports MFA, invitation emails, and feature toggles.

With Lovable, all I needed was to add predefined Clerk components:

• <OrganizationSwitcher /> - switch between an organization / personal profile

• <UserButton /> - manage account, sign out

• <OrganizationProfile /> - manage organization, members, billing, and invoices

Lovable wired them up correctly on the first try.

Secure Architecture & Advanced Permissions in Lovable

I didn’t code. I asked Lovable to use Clerk and it iterated from there.

This architecture is backend-first using Clerk for authentication and Supabase Edge Functions for authorization.

Key assumptions:

• Authentication: Clerk manages login/logout and session lifecycle.

• Authorization: Roles from the Clerk v2 JWT (`admin`, `user`) are enforced server-side in Edge Functions.

• Database Security: RLS enabled; only Edge Functions (service role) access the DB.

• API Security: Tokens validated, scoped by organization, actions gated by user role.

• Critical: We use the Clerk Backend API to avoid malicious actors forging tokens.

Why this approach?

I could have integrated Clerk with Supabase to use standard Supabase RLS (row-level security) and let the frontend access Supabase directly. But for production products, you need robust, fine-grained backend control so that, for example:

• Student emails aren’t exposed in public views.

• Organization members (not admins) can edit only selected certificate fields.

Benefits:

• No direct DB access

• Centralized authorization

• Auditable logs (all operations logged in Edge Function logs)

• Full control over the business logic and permissions (row- and column-level)

Share

3. Three Lovable Prompts You Can Reuse to Start Building

In this chapter, I provide three exact prompts you can easily use to get the same results without effort.

On top of that, we will be discussing launching apps in detail during office hours after my return. And premium subscribers also get my full support on Slack.

How technical should you be?

No coding is required or necessary. At the same time, it’s fair to say you need to:

• Understand the architecture

• Know what JSON, CSS, or HTML are

• Feel comfortable reviewing simple SQL queries or 2–3 lines of code snippets

• Know how to inspect a website in the Google Chrome console (aka DevTools)

I don’t really know React or TypeScript (never used them), and I don’t code when working on my Lovable projects.

Step 1: Document architecture in readme.md

For a new project, ask Lovable to document the architecture in readme.md. Otherwise, it will keep making the same mistakes over and over again: