Deep Research Complete — March 2026
From Demo to
Enterprise SaaS
6-Month Build Plan — Security, Compliance, Infrastructure & Go-to-Market
HaulPulse can reach enterprise readiness in 4-6 months with $35K-$80K in compliance spend, under $600/month infrastructure, and focused development on six critical feature gaps.
$11B+
Market Size
200-500
Target Companies
6 Mo
Timeline
<$600
/Mo at 50 Tenants
Implementation Timeline
Four Parallel Workstreams
Phase 1
Security Foundation
Weeks 1-2
Auth, RBAC, secrets migration, security headers, encryption
$0-$125/mo
Phase 2
Database & Isolation
Weeks 3-6
Airtable to Supabase PostgreSQL, RLS, audit logs, PostGIS
$25-$125/mo
Phase 3
Enterprise Features
Weeks 4-12
Driver app, audit trails, client portal, QuickBooks, API, workflows
Development time
Phase 4
Compliance & Launch
Months 4-6
SOC 2, CCPA, pen testing, insurance, security questionnaire readiness
$35K-$80K first year
Phase 1 — Weeks 1-2
Security Foundation
Replace the passcode gate with enterprise-grade auth. Enterprise waste companies require SOC 2, SAML SSO, MFA, and documented RBAC before approving any vendor.
Authentication — WorkOS AuthKit
OAuth 2.0, OIDC, SAML SSO, MFA enforcement. Free up to 1M MAU. Enterprise SSO at $125/connection/month. Admin Portal included for client self-service.
OAuth 2.0SAMLMFAOIDC
RBAC — 7 Role Structure
Admin, Operations Manager, Dispatcher, Driver, Finance, Read-Only Executive, Client Portal. Server-side enforcement on every Worker route.
P0 Blocker
Security Headers & Rate Limiting
CSP, HSTS with preload, X-Frame-Options: DENY. Rate limiting: 5 req/min login, 100 req/min authenticated. Cloudflare Turnstile on login. WAF via CF Pro ($20/mo).
Encryption Standards
TLS 1.3 automatic (Cloudflare). AES-256-GCM field-level encryption for vendor SSN/EIN via Web Crypto API. Database encrypted at rest (Supabase default). R2 object encryption automatic.
OWASP Top 3 Risks for HaulPulse
A01 Broken Access Control (passcode gate = zero access control) | A07 Auth Failures (no MFA, no sessions, no brute-force protection) | A04 Crypto Failures (vendor PII unencrypted in Airtable)
Phase 2 — Weeks 3-6
Database & Data Isolation
Migrate from Airtable (100K record limit, no RLS, no audit trails) to Supabase PostgreSQL with multi-tenant row-level security, PostGIS for geo queries, and full audit logging.
Supabase Pro
$25/mo
8GB database, 100K MAU auth, PostGIS, built-in RLS, real-time subscriptions, S3-compatible storage. Team plan ($599/mo) adds SOC 2 compliance.
Row-Level Security
Shared database,
tenant_id on every table. RLS policies match JWT claims from WorkOS. Non-superuser role ensures policies are never bypassed.Correct for <100 tenants. Database-per-tenant adds unnecessary ops complexity.
Migration Strategy
1. Shadow Write (2-4 wks) — Airbyte syncs Airtable to Postgres
2. Dual Read (1-2 wks) — Read from Postgres, fallback to Airtable
3. Cutover — Postgres primary, Airtable read-only backup
4. Cleanup — Remove Airtable dependency
Voice AI Pipeline — Category Differentiator
Phone Call→
ElevenLabs ConvAI→
STT + LLM→
Entity Extraction→
Tool Calls→
Confirmation→
DB Write + Audit Log
No competitor currently offers Voice AI for internal work order intake — this is HaulPulse's category-defining differentiator.
Phase 3 — Weeks 4-12
Enterprise Features
10 features ranked by enterprise deal impact. Tier 1 must ship before the first enterprise contract. Tier 2 during pilot. Tier 3 for competitive positioning.
User Auth & RBAC
P0
Replace passcode with individual accounts, 6+ roles, SSO. Every competitor has this — instant disqualifier without it.
2-4 weeks
Audit Trails & Change Logs
P0
Immutable records: who changed rates, approved credits, modified WOs. Required for RCRA compliance, dispute resolution, SOC 2.
2-3 weeks
Production Database
P0
PostgreSQL with multi-tenant RLS, full-text search, PostGIS. Airtable's 100K limit blocks mid-market haulers (100K+ records).
3-6 weeks
Driver Mobile App
P0
Table stakes. React Native: route nav, photo proof (GPS-tagged), digital signatures, GPS tracking, offline mode, service exceptions.
8-16 weeks
Customer Portal
P1
Self-service WO submission, invoice viewing, service history. Reduces call center volume significantly. Common RFP line item.
4-6 weeks
QuickBooks Integration
P1
Bidirectional sync: customers, invoices, payments. Mid-market haulers overwhelmingly use QB. Manual double-entry is top pain point.
3-4 weeks
REST API & Webhooks
P1
Standard CRUD endpoints, OAuth/API key auth, webhook notifications for key events. Enterprise clients need ERP/CRM/BI integration.
3-4 weeks
Approval Workflows
P1
Configurable chains: rate changes, PO approvals, vendor onboarding, credit memos. Essential for financial controls and SOX compliance.
4-6 weeks
Document Management
P2
COI tracking with expiration alerts, waste manifest storage, driver qualification files, contract management linked to vendor records.
2-3 weeks
Reporting Enhancements
P2
Scheduled PDF delivery, white-label branding for client-facing reports, ESG/sustainability metrics. Our 60+ KPIs already exceed competitors.
2-4 weeks
Phase 4 — Months 4-6
Compliance & Certifications
83% of enterprise buyers require SOC 2 Type II. The fastest path: Type I in 8-10 weeks using compliance automation, then begin Type II observation period.
SOC 2 Type I — 8-10 Weeks
Point-in-time control verification. Unlocks early enterprise conversations with "Type I certified, Type II in progress" positioning.
Automation: Secureframe ($8-12K/yr) or Sprinto ($7.5-10K/yr)
Audit: Johanson Group ($15-30K) or Prescient ($15-35K)
SOC 2 Type II — 6-12 Months Total
Controls operating effectively over observation period. The enterprise gold standard. Total first-year cost: $25,000-$45,000.
Required controls: logging, RBAC+MFA, encryption, incident response, vendor management, change management, risk assessment, training, BCP
Privacy — CCPA/CPRA
B2B exemption expired. Vendor PII in scope. GPS coordinates classified as Sensitive PI under CPRA. Waste companies treat site locations as trade secrets.
Industry Regulations
EPA RCRA: waste manifests 3+ year retention. DOT: 3yr driver records, 6mo ELD data. OSHA: 5yr injury logs, 30yr exposure records.
Data Retention Schedule
Work Orders: 3-5 years
Waste Manifests: 5+ years
Vendor Contracts: Duration + 6yr
Financial Records: 7 years
GPS/Location: 1-2yr then archive
Driver Records: Employment + 3yr
Infrastructure
Monthly Cost at 50-Tenant Scale
| Component | Service | Cost/Mo |
|---|---|---|
| Database | Supabase Pro + compute | $75-$125 |
| API Layer | Cloudflare Workers Paid | $15-$25 |
| Real-time | Supabase Realtime (included) | $0 |
| Cache | Cloudflare KV + Hyperdrive | $5-$10 |
| File Storage | Cloudflare R2 (50-100GB) | $1-$2 |
| Voice AI | ElevenLabs (~1,000 calls x 3 min) | $240-$300 |
| Auth | WorkOS (free + SSO connections) | $0-$125 |
| Security | Cloudflare Pro WAF | $20 |
| Total | $356-$622 | |
Competitive Landscape
How We Stack Up
AMCS
4,000+ customers | $50K-$200K+/yr | 6-12mo deploy
HaulPulse advantage: 80% lower cost, weeks not months to deploy
CurbWaste
$48M funded | 150+ haulers | ServiceTitan alumni
HaulPulse advantage: Voice AI depth, 60+ KPIs vs basic dashboards
Rubicon Technologies
NYSE-delisted June 2024 | Market cap collapsed
Opportunity: Capture displaced haulers looking for alternatives
Salesforce FSL
$50K-$150K+/yr licensing + $100K-$300K customization
HaulPulse advantage: Built for waste, zero customization needed
Routeware / Soft-Pak
Legacy platforms | On-premise heritage
HaulPulse advantage: Modern cloud-native, AI-first architecture
HaulPulse
60+ KPIs | Voice AI | $99-$250/truck | Deploy in weeks
Differentiator: Only platform with Voice AI for WO intake + dispatch
Pricing Model
Per-Truck — Industry Standard
Starter
$99/truck/mo
Min 10 trucks | $12K-$36K ACV
3 admin users
Dispatch & scheduling
Driver mobile app
Basic billing & reporting
Implementation: $2,500 (2-4 weeks)
Professional
$175/truck/mo
Min 25 trucks | $52K-$210K ACV
10 admin users (+$30/ea)
Route optimization
Customer portal
QuickBooks + API access
99.9% uptime SLA
Implementation: $10K-$15K (4-8 weeks)
Enterprise
$250/truck/mo
Min 50 trucks | $150K-$600K+ ACV
Unlimited users
Voice AI dispatch
Custom ERP integrations
SSO/SAML + audit logs
99.95% SLA + dedicated AM
Implementation: $15K-$25K (6-12 weeks)
First Enterprise Deal Projection
75 trucks x Enterprise x 2yr = $211,250 Year 1
$382,500 total contract + $20K implementation | 15% multi-year discount applied
Go-to-Market
$11B Market, 200-500 Underserved Targets
Market Size
Waste Management Software (2025)$11.13B
Projected 2029$15.45B
CAGR8.5%
Digital waste solutions CAGR13%
US waste collection enterprises9,210
Still using manual/paper35-40%
Target Segments
Large (>$1B revenue)
5-7 companies, 45-50% market share. Not our target.
Mid-Market ($10M-$100M)
200-500 companies. Severely underserved. OUR TARGET.
Small (<$10M)
7,000-8,000+ operators. Starter tier captures some.
Key Events 2026
Jun 8-10Waste Leadership Summit — Washington, D.C. Top priority. Senior executives, intimate format.
Sep 29-Oct 2SWANA RCon — St. Louis, MO. Public + private sector. Affordable exhibitor packages.
Year-round47 SWANA Chapter Events — $850-$975 booths. Regional targeting.
May 2027WasteExpo — Las Vegas. Now biennial. Plan ahead.
Buyer Personas
Primary: Owner/CEO at companies under $25M — makes tech decisions directly
Champion: Second-gen family member (age 25-35) driving digital transformation
VP of Operations: Manages dispatch, routes, fleet — primary ops software champion
"Get your time back" — owners working 3 AM shifts to manually dispatch trucks. Voice AI addresses this pain directly.
Positioning
vs AMCS/Routeware: "Enterprise capability at 20% of the cost, deployed in weeks not months." | vs CurbWaste: Voice AI + 60+ KPIs. | vs Salesforce: "Built for waste, zero customization required."