Why protecting your SaaS idea is the wrong question — what r/SaaS founders actually do

By Tomáš Cina, CEO at Discury · AI-assisted research, human-edited

Editor's Take — Tomáš Cina, CEO at Discury

What strikes me reading these threads is how often founders blame the "theft" of their idea when the real issue is a lack of market friction. I've watched this pattern repeat in conversations with SaaS operators on Discury — a founder spends months in stealth mode, terrified that a public post will trigger a copycat, only to ship to a market that doesn't care. The reality is that ideas are cheap; execution and customer intimacy are the actual barriers to entry.

The second trap is the "stealth" obsession. Reddit threads are full of founders asking how to protect their IP, yet the most successful operators in these threads are out in the open, mining public complaints from G2 or the App Store. When you build in public, you aren't just getting feedback; you are building a list of early adopters who feel invested in your success. That's a stronger moat than any NDA or hidden repository.

One pattern I keep seeing across the SaaS-founder threads we monitor at Discury — not just the four cited here but the broader set the pipeline has passed over — is that "how do I protect my idea" posts cluster heavily on accounts in their first project, and drop off markedly from founders on their second or third. The first-time framing treats the idea as the scarce asset; the repeat-founder framing treats the customer list as the scarce asset. Both are visible on r/SaaS, but only the repeat view survives contact with a real market. If I were starting a B2B outbound motion today, I'd spend the first week finding people complaining about the exact problem I want to solve, and I'd talk to every single one of them.

What four r/SaaS threads actually say about idea theft

The four threads cited here come from different corners of r/SaaS — one is a data-heavy complaint-mining post, one is a first-user-growth post-mortem, one is a security-scare anecdote, one is a scaling-advice thread. Different authors, different triggers. But once you strip out the fear framing, they describe the same underlying dynamic: the thing worth protecting isn't the idea, it's the evidence loop the founder builds while validating it. That evidence loop only compounds in public.

Complaint mining replaces NDA thinking

u/Many_Breadfruit9359 describes analysing 150,000+ negative G2 reviews across 8,000+ companies to surface overlooked software issues, as detailed in this r/SaaS thread on scraping complaints. The same founder also pulled 5,000+ job postings from Upwork to identify recurring manual workflows that could be automated — in other words, they looked where people were already expressing frustration in their own words and paid contractors to handle it. The signal for where to build comes from public complaints a competitor could read too; the advantage isn't the idea, it's the week of reading and the people you message as a result. Secrecy can't shortcut customer intimacy.

What u/felixheikka actually did before writing code

u/felixheikka describes reaching 20,000 users by validating the idea directly on Reddit first, as shared in this r/SaaS thread on early user growth. Instead of building, this founder posted a feedback request, got a handful of detailed replies, and used those to scope the MVP — an anecdotal sequence rather than a transferable "N replies = green light" rule. Any one founder's reply count will differ by niche, post quality, and community fit. The transferable lesson is the sequencing: ask publicly, invite dissent, THEN code. A list of people who already care about the problem is the one asset a copycat can't reconstruct from a marketing page.

Security pressure shows up after traction, not before

u/freecodeio notes in this r/SaaS thread on bot attacks that they ran their SaaS for years without a CAPTCHA and saw no spam until a "grey-hat" researcher created 500 fake accounts to prove a point. That's one operator's experience, not a universal rule — abuse surfaces vary by vertical, audience, and API surface. But it illustrates a broader pattern consistent across these threads: security concerns only become material once the platform has enough usage to attract attention. u/Total-Strategy8675, who has shipped multiple micro-exits, makes a related observation in this r/SaaS thread on scaling: the early-stage priority is distribution — Reddit comments, startup directories, niche communities — not preemptive IP defences. Founders who guard an unvalidated concept are, by definition, solving problems they don't have yet.

Where stealth is the rational call

The "validate publicly" advice from these threads fits most r/SaaS posters, but not everyone. The honest split:

Signal	Public validation wins	Stealth is rational
Moat source	Customer intimacy, distribution, execution speed	Pending patent, proprietary dataset, novel algorithm
Competitive threat	Copycat needs months to replicate conversations	Copycat needs a weekend to replicate the concept
Industry context	Horizontal SaaS, general B2B, creator tools	Heavily regulated (health, finance, defence)
Launch dynamics	Niche where relationships compound	Commodity where incumbents have distribution
Typical r/SaaS poster fit	95% of posts asking "how do I protect…"	~5% — usually disclosed in the first paragraph

If you're in the left column, secrecy is costing you the feedback loop that would make the product defensible. If you're in the right column, you already know why — and public validation should be about the problem, with the solution details held back until IP or compliance posture is ready.

A two-week validation playbook with copy-paste scripts

The playbook below is what the four threads' advice actually looks like when you run it. Each phase is short and the templates are plain text — the point is to remove the planning excuse, not to optimise every word.

Day 1–3: Find where people are already complaining

Pick one primary source and one secondary source:

• G2 / Capterra low-star reviews — filter by rating ≤ 2 stars on a category adjacent to your idea. Log every review's "pain sentence" (the one that names a specific broken behaviour) into a spreadsheet with columns: product, pain_quote, user_role (if visible), workaround_mentioned.
• Reddit + Upwork. On Reddit, search your niche terms alongside "I hate", "sick of", or "why is there no" — log quotes the same way. On Upwork, filter job postings by the recurring manual workflow you suspect could be automated; the posting text reveals what people will literally pay a contractor to do today.

You're looking for the same pain described by five or more distinct people in different words. That's the validation signal — not volume of positive reactions to your pitch.

Day 4–7: Write the problem post (not the product post)

Post on one subreddit where your target user actually hangs out. The template is deliberately plain:

Title: Anyone dealing with [specific pain from your complaint spreadsheet]? How are you handling it today?

Body: Short context about why you're asking (one line — e.g. "Spent last month reading G2 reviews on [category]; [X pattern] keeps coming up"). Then: "If this is your problem, what's the current workaround? What would 'fixed' look like for you?" Close with: "Not selling anything — just trying to understand before I build."

Do not mention your product. Do not drop a landing page. The goal is to verify the pain in the words of the people who have it, and to identify three to five people you can DM for a deeper conversation.

Day 8–11: Run five 20-minute calls

DM the respondents whose answers are most specific. Template:

Thanks for the detailed reply on the [subreddit] thread about [pain]. I'm trying to understand this properly before I build anything — would you be up for a 20-minute call to walk me through how it actually plays out in your week? Happy to share what I'm learning after.

On the call, ask only: What did you do the last time this problem hit? How long did it take? What did you try before that? What would've made this a non-issue? Do not pitch. Do not demo. Take verbatim notes.

Five calls is usually enough to spot the divide between "problem people solve with a spreadsheet and live with" and "problem people would actually buy a tool for." Both are valid outcomes; the second is where you build, the first is where you move on.

Day 12–14: Ask one question that filters builders from talkers

At the end of the fifth call, ask: If I built something that handled [specific workflow you saw across calls], would you be willing to pilot it and — if it works in your environment — pay roughly [what you think it's worth per month]? Write down the answers verbatim.

A "yes, with a few conditions" from three of five is the signal to build a minimal prototype for those three. A uniform "maybe later" is the signal to keep digging into the problem space before writing code. This step is what separates a validated opportunity from an interesting observation.

Questions r/SaaS keeps asking about idea protection

What if my idea really is unique and someone steals it? Most "unique" ideas have around ten adjacent products you haven't noticed. The threads above show the fastest way to find those adjacent products is to describe your pain publicly and see what gets recommended. If nobody recommends anything, that's a different signal entirely — and worth acting on.

Should I NDA every feedback conversation? For a pre-launch B2B SaaS talking to five prospective users, NDAs add friction and rarely hold up in practice. The exception: you're genuinely sharing a proprietary dataset, algorithm, or customer list. For an idea and a mockup, skip the NDA and keep the call.

What if a competitor sees my r/SaaS post and copies the direction? They almost certainly won't — most established competitors are over-indexed on their own roadmap and don't treat r/SaaS as primary intel. Even if they do, the copying they can do from a thread is months behind the direct-conversation advantage you built in the same week.

Is it different for deep-tech or regulated SaaS? Yes — see the table above. In those narrow contexts, stealth is a legal or compliance timing tactic, not a psychological crutch, and "validation" means testing the problem publicly while keeping the solution private.

Sources

This analysis draws on four r/SaaS threads (all cited inline above), surfaced via Discury's Reddit monitoring. Each thread was chosen because it contained concrete founder actions, named tools or datasets, and an outcome that could be independently verified.