SAASPOCALYPSEverdict #HARVEY-660C
scanned 2026.04.30 · 13:18
subject of investigation
harvey.ai
▸ AI platform for legal and professional services
verdict: DON'T
buildability score
8
/100
tier · don't
the blunt take
“Harvey is not a chatbot with a law degree — it's a full-stack legal intelligence platform with SOC2 II, ISO 27001, GDPR, CCPA, SAML SSO, audit logs, and 60+ AmLaw 100 firms betting their malpractice exposure on it. You are not building this.”
The moat isn't the LLM wrapper — it's the domain-specific fine-tuning, the legal data licensing, the enterprise compliance stack, and the trust of firms that bill $1,500/hr and cannot afford a hallucination. That's not a weekend. That's a decade and a Series C.
cost breakdown.
their price ←→ your price
what they charge●
Enterprise (demo-gated)
undisclosed
/ per firm/seat
※ No public pricing. Request a demo. Assume five figures annually per firm.
annual:undisclosed
what it costs you✦
01 · LLM API (OpenAI / Anthropic at legal-doc scale)??? — scales with usage
02 · Legal data licensing (Westlaw, Lexis, court records)??? — depends on volume
03 · SOC2 Type II audit + annual renewal$8,000
04 · ISO 27001 certification$4,000
05 · GDPR / CCPA legal counsel (amortized)$2,000
06 · Vercel Pro (confirmed via signals)$20.00
07 · Supabase Pro or equivalent (enterprise data isolation)$25.00
08 · Domain$1.00
09 · Your remaining career ambitionspriceless
TOTAL / mo$14,046 + usage
▸ break-even:approximately never — enterprise legal AI is a trust game, and trust doesn't amortize
moat
methodology →how deep is the moat.
8.3/10
aggregate score · fortress
weighted average of the six axes below. higher = harder for an indie hacker to displace.
actual fortress
capital
10.0/10
what it costs to keep the lights on
technical
9.4/10
depth of the underlying engineering
network
0.0/10
users compound users
switching
10.0/10
stickiness of customer data + workflow
data
8.0/10
proprietary data accumulates over time
regulatory
8.0/10
real licenses + compliance, not SOC 2 theater
or, you know, use one of these.
if building feels spicy
option A
Clio + GPT-4o (self-integrated)
Clio handles the legal practice management; you bolt on an LLM layer. Covers 80% of small-firm use cases without the compliance nightmare.
option B
LlamaIndex + local Mistral (self-hosted RAG)
Build a document Q&A tool over your own legal docs. No data leaves your machine. Lawyers love that sentence.
option C
Ironclad or Spellbook (contract-specific)
Narrower scope, actual product-market fit, and someone else already did the legal data licensing. Use it, don't rebuild it.
what'll actually be hard.
est. total: ∞
▸ 6 months for a janky MVP · 2 years for SOC2 II · 3 more years to get a single AmLaw 100 firm to return your email
easy
medium
hard
nightmare
01
easy
Basic LLM document Q&A
RAG over PDFs with LlamaIndex. You can ship this in a weekend. It is not Harvey.
02
medium
Legal-domain prompt engineering
Getting an LLM to cite correctly, hedge appropriately, and not confidently hallucinate case law is a craft. A slow, painful craft.
03
hard
Multi-tenant data isolation
Law firms share nothing with each other. Every firm needs hermetically sealed storage, audit logs, and provable data lifecycle controls. This is months of infra work.
04
hard
Legal data licensing
Westlaw and Lexis will not sell you a bulk API license for a side project. Harvey has negotiated deals you cannot replicate solo.
05
nightmare
Enterprise compliance stack (SOC2 II, ISO 27001, GDPR, CCPA)
Each cert is a multi-month audit process with external auditors, policy documentation, and ongoing evidence collection. This is a full-time job before you write a line of product code.
06
nightmare
Earning trust from firms with malpractice exposure
A partner at Skadden is not going to run client work through your Vercel hobby app. The sales cycle alone is longer than most indie projects survive.
detected signals· we measured these
hostingVercelframeworkNext.js
recommended stack · inferred
Next.js (confirmed via signals)Vercel (confirmed via signals)LLM APIs (OpenAI / Anthropic — legal fine-tuned)Enterprise Postgres with row-level tenant isolationSAML SSO + audit log infra (e.g. WorkOS)
ready to build?
We'll email you the MVP guide. It won't be the original. But it'll ship.
▸ generated with love, by a heartless robotverdict v2.1 · saaspocalypse.dev