Every sophisticated engineering team asks the same question when they hear the price of a durable-records platform: "couldn't we build this ourselves?" The honest answer is yes, you can. The less honest answer is that the inventory of what you actually have to build, operate, and keep running is longer than the demo suggests. This post walks through the real build inventory, a realistic year-one cost table, and the narrow set of cases where building actually wins.
The build inventory
A tamper-evident audit-trail platform is not just a Merkle tree. It's a pipeline with nine named components, each of which has to work correctly and keep working under production load and compliance scrutiny.
The components: canonicalization (JSON-serialization-stable hashing), Merkle-tree construction, batch anchoring, public-chain signer HA (key custody, failover, gas management), IPFS pinning infrastructure, verification API, evidence-package generator (PDF and JSON), backoffice UI for operations, and compliance-control mapping and documentation. Every one of these is a real engineering artifact with its own bugs and operational burden.
The year-one cost table
A realistic year-one build team and cost, for a typical US/EU loaded-rate environment:
- Two senior engineers (one protocol/cryptography, one SRE/infrastructure) — $600,000 fully loaded for the first year. These need to be hires who can reason about Merkle trees, chain operations, and HA systems. Market rate is not flexible.
- Polygon wallet infrastructure, gas budget, and signer HA — $30,000 to $80,000. Includes key management (HSM or cloud KMS), multi-signer setup, monitoring, and the gas forward-buffer.
- IPFS pinning, evidence UI, compliance mapping — approximately $140,000 combined. Pinning infra $15k–$40k, evidence UI and PDF export roughly three engineer-months at loaded rate, SOC 2 control mapping and internal audit enablement $50k.
Year-two steady state and the hidden costs
Year-one is the visible cost. Year-two is where the surprise lives. Steady-state operation runs $500,000 to $600,000 per year, covering continued engineering (chain migrations, new regulations, continuous control monitoring), dedicated SRE attention, and compliance maintenance. The team doesn't shrink after launch; it finds new work.
The hidden costs are the ones that don't show up in the initial plan. Chain-resilience decisions: what happens if Polygon reorgs or congests? Auditor onboarding: your auditor has to accept your homegrown evidence format. Continuity guarantees: what happens to your proofs if the team rotates or the company pivots? None of these have good answers without deliberate engineering investment.
Where building actually makes sense
There are narrow cases where the build calculus actually favors internal engineering. They exist; they just aren't most companies.
If you are already a chain infrastructure company and the Merkle/anchoring layer is close to your core product, the marginal cost of building integrity-as-a-feature is low. If you have multi-chain requirements from day one and no vendor sells exactly your shape, building is defensible. If your scale is genuinely billion-records-per-day and the economics of a managed service stop making sense at that size, the math flips. In most other cases, build-vs-buy favors buy by a factor of 8 to 30 times in year one.
Who actually gets this right
The teams that navigate build-vs-buy well share a pattern:
- Engineering-heavy fintechs — Honestly scope year-one at $800k+ before committing. If that number is acceptable and strategically aligned, build. If not, buy and redirect the engineering to the core product.
- Regulated healthcare platforms — Usually find that compliance maintenance alone — keeping pace with HIPAA evolution, SOC 2 annual audits, HITRUST — justifies a managed option, because the vendor amortizes that across customers.
- Platform companies with audit as a feature — If you resell audit-evidence to your own customers, building gives you control over the experience. But you then inherit the ongoing burden — factor five-year TCO, not year-one cost.
The honest summary and further reading
Certyo Self-hosted at $90,000 per year replaces a year-one build of $770,000 to $845,000. Certyo Managed at $24,000 per year replaces the build and the ongoing SRE burden. The honest argument for building is that you retain control; the honest argument for buying is that you free the engineers for work that actually differentiates your product. Both are real. But the arithmetic is rarely close. For a deeper walk through the durable-records architecture, see our /en/features and /en/compare pages.
You can build it. Two seniors, nine components, and $800,000 year one. The question isn't whether you can — it's whether those engineers would be worth more to you building something else.