Home/Reports/Deep Dives/billsby
← Back to Deep Dives
billsbySaaSAIInfrastructureSaaS·May 24, 2026·17 min read

Explore Billsby's technology stack: Next.js on Fastly, Cloudflare, Google Cloud CDN; Spreedly payments; Intercom + Crisp; Datadog RUM. Deep dive into the subscription billing platform's infrastructure, GTM tools, and enterprise readiness gaps.

The Billsby tech stack reveals a subscription billing platform running a polished product infrastructure on Fastly, Cloudflare, and Google Cloud CDN, with real-user monitoring via Datadog RUM and Azure Application Insights—yet its public content surface was invisible to a sitemap capture that returned zero pages. That chasm between operational sophistication and content opacity defines the company's 2026 technology posture: a product-led engine designed for self-serve onboarding and payment orchestration, with acquisition channels humming behind the scenes but no observed SEO footprint or conversion pages in the sampled data. This deep dive decodes which tools Billsby uses, how they're stitched together, and what the choices signal about its competitive positioning in the subscription management market.

---

The Stack at a Glance

Billsby's marketing site (www.billsby.com) runs on Next.js 12.3.4, a React-based framework known for hybrid static and server-side rendering. The choice of version 12.3.4—released in late 2022—suggests the team values stability over bleeding-edge updates, as Next.js 13 and 14 had already shipped major architectural shifts by the 2026 analysis date. This version pins the frontend to the stable pages router and classic Webpack bundling, avoiding the newer App Router and Turbopack, which could indicate a deliberate decision to maintain a deployment pipeline that works well with the observed triple-CDN setup.

The delivery layer is where Billsby flexes notable infrastructure muscle. The www domain is served through Fastly as edge compute, Cloudflare likely for DNS and security, and Google Cloud CDN as an additional caching layer. This triple-CDN arrangement is uncommon for a team of Billsby's apparent size—most startups ride one CDN—and hints at a resilience-first architecture. Fastly offers instant purging and edge logic via VCL or Compute@Edge; Cloudflare provides DDoS protection and global anycast; Google Cloud CDN integrates with the broader GCP ecosystem and might be used for regional optimization or storage-backed caching. The combination sets up a high-availability front door that can survive provider outages without dropping a request.

Product traffic flows to a separate subdomain, app.billsby.com, which isolates the core subscription management application from the marketing surface. This split is reinforced by a dedicated checkout domain, checkoutlib.billsby.com, that handles payment interactions. Isolating the checkout library on its own subdomain reduces PCI scope, eases JavaScript bundle management, and allows the team to enforce stricter content security policies on the payment surface. The payment orchestration itself is powered by Spreedly, a multi-gateway vault that abstracts away processor-specific integrations, implying Billsby supports multiple payment providers without building direct gateway logic.

On the mobile and third-party transaction side, Stripe.js and Apple Pay JS libraries are loaded on the main marketing site, likely used for inline payment demonstrations or direct trial signups. These integrations suggest Billsby can tokenize card data directly from the marketing pages before handing off to the app domain, a pattern that reduces checkout friction.

The monitoring stack is equally layered. Datadog RUM (Real User Monitoring) and Datadog Logs track page load performance, JavaScript errors, and user interactions across the marketing site, while Azure Application Insights appears on the app domain, capturing server-side telemetry, request traces, and dependency metrics. Using two distinct APM tools—one for frontend experience and one for backend health—indicates a mature observability practice, though it raises the question of whether there's a single pane of glass for correlated insights.

Email infrastructure shows strong security posture. Billsby's domain has SPF, DKIM, DMARC (with a reject policy but missing aggregate reporting URIs), BIMI, and MTA-STS—a comprehensive suite that protects against spoofing and bolsters deliverability for transactional emails like invoices and subscription reminders. The absence of configured DMARC rua email addresses means they aren't collecting forensic reports on failed authentication, a minor gap for a company that likely sends high-stakes billing communications. No TLS-RPT or CAA records were detected, which could indicate the email security hardening is still evolving.

The content management system powering the marketing site wasn't explicitly detected, but the Next.js frontend combined with a lack of visible WordPress or Contentful fingerprints suggests Billsby may serve static or pre-rendered content from a headless CMS or a Git-based content pipeline. The sitemap capture returned zero URLs, which might stem from dynamic generation on demand, an explicit block on crawlers, or a simple misconfiguration during the analysis window. Either way, no blog engine, resource center, or documentation platform was identifiable on the main domain; a support subdomain exists but didn't yield content type data in the sampled pages.

---

How They Acquire Customers

Billsby's go-to-market motion reads as product-led self-serve, heavily augmented by advertising pixels and real-time chat tools, but with a notable absence of observable conversion pages in the captured sample. The page-level evidence includes Intercom and Crisp chat widgets, a rare dual-chat setup that places two distinct engagement channels directly on the site. Intercom typically handles lifecycle messaging, in-app tours, and bot-driven qualification, while Crisp often serves as a lightweight live chat for immediate human or AI-assisted support. Running both simultaneously suggests Billsby wants to capture high-intent leads with low-latency human chat (Crisp) and nurture them with automated product tours and behavioral targeting (Intercom). This isn't a common combination—most teams pick one—and it may indicate a hybrid sales-assist model where Crisp acts as the first line of contact and Intercom manages deeper onboarding flows once a user signs up.

Paid acquisition is a clear investment area. Google Ads tracking scripts, Facebook Pixel, and Google Campaign Manager 360 floodlights are all present on the marketing site, feeding conversion data back into ad platforms for bidding optimization and audience building. The Google Ads presence typically requires conversion actions—likely a "Start Free Trial" or "Sign Up" button click—which suggests that despite the missing conversion pages in the captured sample, the site contains call-to-action elements that route visitors to app.billsby.com for account creation. The G2 Attribution Tracking pixel shows Billsby is actively leveraging review sites as a demand channel, capturing traffic from their G2 profile and attributing downstream conversions. This is a common play for B2B SaaS products where buyers compare subscription billing vendors on third-party marketplaces.

No CRM system was detected on the site. HubSpot, Salesforce, or Pipedrive beacons would typically appear as JavaScript includes or form submission endpoints, but none were observed. That absence, coupled with the chat tools and Spreedly gateway, reinforces the self-serve interpretation: visitors land on the site, likely engage a chat widget for pre-sales questions, then are directed to sign up directly on app.billsby.com, skipping any sales-force-mediated funnel. In this model, the "CRM" might be a product database that tracks trialists and converts them via in-app messaging, rather than an external sales tool. This aligns with a utility-first billing platform targeting developers and small-to-mid-market businesses who prefer to evaluate and buy without talking to a salesperson.

Conversion optimization tooling is evident but incomplete. Google Analytics 4 (GA4) provides the core web analytics and event stream, while Hotjar supplies session recordings and heatmaps for qualitative insights into user behavior on the marketing pages. However, no A/B testing or experimentation platform was detected—Optimizely, VWO, Google Optimize, or LaunchDarkly (for feature flags) are absent from the identified JavaScript resources. This means Billsby likely relies on post-hoc analytics rather than controlled experiments to improve conversion rates, which limits the velocity at which they can iterate on landing page copy, CTA placement, or trial flow design. The GA4-to-Hotjar combination allows them to see where users drop off and replay those sessions, but without an experimentation layer, they can't test hypotheses at scale.

User identity and authentication for the product aren't directly visible from the website scan, but the presence of Stripe.js and Apple Pay on the marketing pages hints at a payment-first signup experience. Users potentially provide an email and credit card at the point of conversion, and the identity is managed within the app domain—using something like Auth0 or a custom JWT system, but no third-party auth scripts were detected. The email security posture (DMARC reject) ensures that transactional emails from this flow are authenticated and unlikely to land in spam, a critical detail for a product where invoices, failed payment alerts, and dunning notices must reliably reach customers.

The content strategy behind this acquisition engine remains opaque. Only four URLs were analyzed—the homepage, app subdomain, support subdomain, and checkout library—and none contained blog posts, case studies, or documentation that would fuel organic search. The empty sitemap capture could signal that Billsby relies entirely on paid and review-site traffic, neglecting content-driven SEO. Alternatively, the content might reside on a separate domain, behind a login, or be generated dynamically by the headless CMS in a way that the scanner didn't capture. Competitors like Chargebee and Recurly invest heavily in blogs, webinars, and integration pages to capture top-of-funnel search demand; Billsby's invisible content surface makes it hard to benchmark how they compare on organic acquisition breadth.

---

Infrastructure & Operations

The Billsby architecture is primarily a story of deliberate domain separation and edge delivery, with deep observability woven through both the marketing and product layers. The www.billsby.com site is a Next.js 12 application served from a multi-CDN edge: Fastly likely handles request routing and edge-side logic, Cloudflare provides SSL termination and DDoS mitigation, and Google Cloud CDN caches static assets close to users. This setup distributes the global serving load across three providers, any of which could absorb a traffic spike or provider outage. For a billing platform where even seconds of downtime can erode customer trust, this redundancy is a strong operational signal.

The app subdomain (app.billsby.com) hosts the core subscription management application and is presumably deployed as a separate service, possibly a Node.js backend or a containerized API behind a load balancer. The inclusion of Azure Application Insights on this domain indicates the backend might run on Microsoft Azure, or at least integrates deeply with Azure's monitoring ecosystem. Application Insights provides distributed tracing, exception tracking, and dependency telemetry—critical for a system that handles payment API calls, webhook events, and subscription state changes. The absence of a corresponding Azure resource on the marketing domain suggests the frontend and backend run in different clouds or at least use separate observability backends.

The checkoutlib.billsby.com subdomain hosts a dedicated payment library. This separation is a security-forward design choice: by keeping the payment-form JavaScript on its own origin, Billsby can enforce a strict Content Security Policy (CSP) that prevents cross-site scripting from the main app and limits what scripts can run on the payment surface. The library itself likely wraps Spreedly's iframe or tokenization API, ensuring that raw card data never touches the merchant's servers. The fact that the marketing site already loads Stripe.js and Apple Pay indicates that checkoutlib may orchestrate multiple payment method renderings, showing the right UI based on the user's browser and region—Apple Pay only appears on Safari, while Stripe's Payment Element handles card inputs everywhere else.

Monitoring across these domains is comprehensive but asymmetrical. Datadog RUM on the www site captures Core Web Vitals, JavaScript errors, and user frustration signals like rage clicks, while Datadog Logs ingest server-side log streams from the edge or API layer. This gives the frontend team visibility into real-user performance and the ability to correlate errors across the CDN layers. On the app side, Azure Application Insights captures server telemetry, dependencies, and failed requests. The gap is that these two systems don't natively integrate without custom correlation IDs; Billsby likely uses a common trace ID injected at the edge to link a user session from Datadog to an API trace in App Insights, but that stitching isn't visible externally. Datadog's Service Map feature could be used to combine these sources if configured, but there's no direct evidence of that.

Email operations are fortified with a near-complete set of authentication protocols, but the missing DMARC rua tag means Billsby forgoes aggregate email authentication reports from major inbox providers. These reports would show which IPs are sending on Billsby's behalf, helping catch unauthorized use. Given that Spreedly's payment flows and subscription management trigger email events (failed payments, renewal confirmations), the domain's reputation directly impacts deliverability. The presence of BIMI (Brand Indicators for Message Identification) is a progressive step—BIMI allows Billsby to display its logo in supported email clients, reinforcing brand recognition and trust in transactional messages. This is uncommon for a company this size and suggests a marketing or product team that pays attention to email user experience.

DNS and security configurations reveal a considered but not exhaustive approach. SPF lists authorized sending servers, DKIM signs messages, and DMARC with a reject policy instructs receivers to block unauthenticated emails—a strong configuration that prevents domain spoofing. However, no CAA (Certificate Authority Authorization) record was detected, meaning the domain doesn't restrict which CAs can issue TLS certificates for billsby.com. This is a minor risk; without CAA, a misconfigured third-party service could accidentally request a certificate from an unauthorized CA. The lack of TLS-RPT (SMTP TLS Reporting) similarly misses a feedback loop that would alert the team if TLS connections for outbound email fail, which could lead to plaintext transmission of sensitive data (though Spreedly traffic is TLS-encrypted at the application layer).

No traditional load balancer vendor (e.g., AWS ELB, F5) was detected, which aligns with the CDN-first approach: Fastly and Cloudflare absorb DDoS and handle SSL termination, while Google Cloud CDN likely fronts a Cloud Load Balancer or a simple origin server. The origin could be a Google Cloud Run service or a static hosting bucket; the Next.js application can be exported as static HTML or run server-side via Node.js on a cloud VM. The sitemap capture's emptiness doesn't shed light on whether dynamic routes exist, but the heavy CDN layering suggests a globally distributed origin or static generation that doesn't rely on frequent server-side rendering.

For a payments-sensitive company, the absence of observed compliance pages—SOC 2 reports, PCI DSS attestations, GDPR data processing agreements—in the captured sample is a notable blank spot. While Spreedly itself is PCI Level 1 compliant and tokenizes card data, Billsby's own infrastructure handles subscription logic and may store customer metadata. Potential enterprise buyers typically look for trust center pages on the main site to validate security posture before signing a contract. The captured pages did not surface any such content, which could be a dealbreaker for larger prospects unless Billsby provides compliance documentation behind a sales conversation.

---

What This Means for Competitors

Billsby's technology choices paint a picture of a nimble, engineering-led competitor that has invested heavily in delivery reliability and self-serve conversion tools but currently lags in content breadth and enterprise transparency. For competing subscription billing platforms—Chargebee, Recurly, Zuora, Paddle—this stack analysis reveals both vulnerabilities to exploit and capabilities to respect.

The triple-CDN setup with Fastly, Cloudflare, and Google Cloud CDN is a differentiator in uptime and performance. Most billing competitors lean on a single CDN (Chargebee uses CloudFront, Recurly on Fastly alone) and don't demonstrate the same redundancy. In a market where every millisecond of checkout latency can impact conversion, Billsby's multi-CDN architecture could deliver consistently lower page load times across all geographies. Competitors that compete on platform reliability must match or exceed this infrastructure investment, or risk losing performance-sensitive prospects.

The dual-chat tooling—Intercom and Crisp running simultaneously—offers a product-led sales hybrid that many competitors haven't adopted. Chargebee leans heavily on Drift and Intercom for conversational marketing, but few combine two chat tools to segment instant live support (Crisp) from structured onboarding flows (Intercom). This setup lowers the barrier to trial signups while still providing human assistance at critical moments. Competitors should note that Billsby appears to capture conversion attribution via G2 pixels alongside GA4 and Hotjar, but lacks an A/B testing engine, slowing the pace of conversion optimization. A rival that runs constant experiments on its trial flow—using VWO or Optimizely—could out-iterate Billsby on lead-to-trial conversion rates.

However, the invisible content surface is Billsby's most glaring strategic gap. The lack of observed blog posts, integration guides, or documentation pages in the sampled crawl indicates either a missing content engine or a deliberate choice to keep content behind authentication. In either case, this limits organic search acquisition and leaves a vacuum that competitors can fill. Chargebee publishes hundreds of SEO-optimized articles on subscription metrics, dunning management, and revenue recognition; Recurly runs a well-trafficked blog on SaaS billing best practices. If Billsby's sitemap truly returns empty for crawlers, they are invisible to anyone searching for "subscription management platform," "recurring billing software," or long-tail integration questions. This is a glaring opportunity for content-heavy competitors to own the top-funnel education and capture demand before Billsby's paid ads even appear.

Spreedly as the payment orchestration layer is a double-edged sword. It enables Billsby to support multiple gateways without building and maintaining direct integrations, which is attractive to merchants who need gateway flexibility. But it also adds a third-party dependency that can introduce latency, cost, and vendor lock-in. Competitors that build natively on Stripe and Braintree with direct API integrations might offer tighter, faster checkout experiences with fewer moving parts. Paddle, for example, operates as a Merchant of Record, eliminating PCI burden entirely while handling all payment gateway complexity internally—a different architectural bet that appeals to sellers wanting a fully managed payments stack. Billsby's use of Spreedly signals it wants to be the UI/UX layer between the merchant and multiple payment processors, but it must prove the checkoutlib.billsby.com experience is as seamless as a direct Stripe Checkout integration.

Enterprise readiness is the area where Billsby's technology posture sends mixed signals. The operational maturity—Datadog RUM, Azure App Insights, SPF/DKIM/DMARC with BIMI—suggests an engineering team that can support enterprise SLAs. Yet the captured pages lacked any trust center, SOC 2 report, PCI compliance badge, or GDPR dpa link. For mid-market and enterprise buyers, these are table-stakes requirements during vendor evaluation. If Billsby keeps this documentation behind a gated sales process, they risk alienating self-serve evaluators who want to independently verify security before engaging. Competitors that prominently display compliance certifications and data residency options on their main site immediately win trust with security-conscious buyers.

Finally, the growth maturity stack—GA4, Hotjar, G2 attribution, Intercom, Crisp, advertising pixels—is solid but conventional. The absence of product analytics tools like Amplitude or Mixpanel on the marketing domain means Billsby may have limited visibility into in-app trial behavior from the marketing funnel perspective. Many modern PLG companies stitch together GA4 for web traffic, product analytics for feature adoption, and a CRM like HubSpot for lifecycle emails; Billsby's stack appears to be marketing-analytics heavy and product-analytics light. A competitor with a unified Segment-to-Amplitude pipeline can create richer user cohorts and trigger more personalized in-app messaging, potentially converting trialists to paid customers at a higher rate.

---

Key Takeaways

Billsby's technology choices reveal a subscription billing platform engineered for resilience and self-serve growth, but with a content blind spot that leaves organic acquisition untapped. Here are the actionable insights for founders and product leaders evaluating this space:

  • The multi-CDN architecture is a moat for uptime, but complex to manage. Running Fastly, Cloudflare, and Google Cloud CDN simultaneously requires sophisticated cache invalidation coordination and edge logic. If you're building a billing product, consider whether a single CDN with multi-region origins could deliver sufficient uptime without the operational overhead of three providers. Billsby's commitment here signals they see reliability as a competitive advantage.
  • Dual chat tools can accelerate PLG conversion, but only if integrated with a CRM. Billsby runs Intercom and Crisp for real-time engagement, yet no CRM was detected. Connecting these chat interactions to a lightweight CRM like HubSpot or Pipedrive would allow the team to track which pre-sales questions precede trial signups and tailor in-app messaging accordingly. Without that loop, chat data stays siloed and can't inform lifecycle marketing.
  • Spreedly's payment abstraction is a trade-off between flexibility and control. Using a third-party vault simplifies multi-gateway support, but introduces another vendor in the critical payment path. For your own billing platform, evaluate whether direct Stripe and Braintree integrations with a thin orchestration layer could reduce latency and cost while still supporting your target merchants' preferred processors.
  • The content vacuum is an immediate competitive disadvantage. If you compete with Billsby, invest in building an SEO-driven content engine around recurring billing topics. If you're evaluating Billsby as a vendor, the lack of observable documentation, integration guides, and trust center pages means you'll likely need to request these materials manually—budget extra time for security review.
  • Operational maturity doesn't equal enterprise readiness. Billsby's email security (DMARC reject, BIMI) and monitoring (Datadog RUM, Azure App Insights) exceed many early-stage startups, yet no compliance content was observed. When building an enterprise-ready billing platform, prioritize a public-facing trust center with SOC 2, PCI, and GDPR artifacts early, even if you're still undergoing certification.
  • An empty sitemap is a missed SEO opportunity, not necessarily a missing site. The sitemap capture returned zero pages, but that could stem from a technical misconfiguration, a block on automated crawlers, or dynamic generation. As a founder, regularly validate that your sitemap is public and correctly submits to Google Search Console. An empty sitemap directly harms crawlability and search rankings.

Billsby's technology stack reveals a product that's operationally sound and built for low-friction self-serve adoption, yet strategically limited in content-led growth and visible enterprise trust. For competitors, the gaps around SEO, experimentation, and compliance transparency offer clear windows to outperform. For builders in the subscription management space, the Billsby architecture provides a compelling reference for CDN redundancy and payment isolation—but also a cautionary tale about neglecting the content and trust layers that enterprise buyers demand.

Tech stack detected from public signals — using automated code analysis, DNS profiling, and browser-level inspection across https://www.billsby.com. No privileged access. No guessing.

Send billsby's Full Strategy Report

Get the complete 5-module analysis delivered to your inbox

GTM Stack

Demand generation & routing

Funnel Design

Conversion path & user journey

Product Architecture

Infrastructure & delivery

Growth Maturity

SEO, content & lifecycle

Enterprise Readiness

Trust, security & scale