Migration snapshot
ActivePlatform
a DronaHQ
Deltecs Infotech; SOC-II and ISO 27001 certified. Self-hosted repo (github.com/dronahq/self-hosted) maintained with docs commits as of June 2026. Actively targeted Internal.io refugees after that platform shut down in December 2023.
Typical timeline
6–10 weeks
Typical cost
$13K–$25K (agency, fixed)
Why teams leave a DronaHQ
DronaHQ is a capable internal-tool builder, but its runtime is proprietary even on self-hosted deployments. Teams migrate when the license dependency, pricing, or UI limitations cross an economic threshold.
Proprietary runtime, even self-hosted
The self-hosted repo (github.com/dronahq/self-hosted) contains Docker and setup scripts plus a LICENSE_KEY validated against license.dronahq.com — not an open-source eject. Your apps still depend on DronaHQ's proprietary engine regardless of where it runs.
JSON export is config, not code
DronaHQ allows app export as JSON but apps must be published first and the JSON is not a runnable standalone application. Git push/pull is only available on self-hosted. The export serves as documentation, not a portability path.
Self-host is licensed, not libre
HIPAA compliance requires the self-hosted tier, which requires a license key. License renewal means vendor dependency continues indefinitely — self-hosting does not eliminate the DronaHQ relationship.
30-day data window on termination
On cancellation, DronaHQ provides a 30-day data-copy window. Missing this window is the highest-severity exit risk. Teams who discover this policy after canceling face data recovery urgency.
Feature gating stack
Self-hosted (for HIPAA), Git version control, PDF builder, public forms, and approval workflows are all gated behind paid tiers. Teams that need multiple of these simultaneously see rapid cost escalation.
What can you actually take with you?
Your data (in connected external sources) is always yours. App definitions export as JSON but are not runnable outside DronaHQ's runtime — there is no source-code eject.
| Asset | Can you export it? | How | Notes |
|---|---|---|---|
| Data | Yes | Exportable on any plan via connected data sources (Postgres, MySQL, REST APIs); 30-day data-copy window granted on termination | Act within the 30-day window immediately on cancellation — do not wait |
| Code | No | JSON app export available after publishing; self-hosted adds Git push/pull | JSON requires DronaHQ runtime to execute; self-hosted Docker still requires a valid license key from DronaHQ |
| Design/UI | No | No HTML or React export | Component layout is DronaHQ-proprietary; use screenshots as rebuild specification |
| Logic/Workflows | Partial | Approval workflows and automation rules are included in the JSON export | Not runnable outside DronaHQ runtime; readable as a spec document for rebuild |
| Users & Auth | Partial | User list manageable via admin panel; SSO config (SAML/OIDC) is provider-side portable | Password hash export not documented; built-in auth users will need a forced password reset |
Swipe the table sideways to see the full breakdown.
Where each piece moves in code
Each DronaHQ concept maps cleanly to a Next.js + Supabase equivalent — the connector model means data migration is typically minimal.
a DronaHQ
DronaHQ app screens
In code
Next.js pages (App Router) with server-side auth guard
One screen per Next.js page; middleware handles role-based access
a DronaHQ
DronaHQ connectors (Postgres, MySQL, REST, GraphQL)
In code
Supabase queries + Next.js Route Handlers
Same underlying databases; remove the DronaHQ proxy layer
a DronaHQ
DronaHQ drag-drop UI (tables, forms, detail views)
In code
shadcn/ui + Radix UI React components
DataTable for grids, Form for data entry — wire to Supabase
a DronaHQ
DronaHQ approval workflows
In code
Supabase database-driven state machine + Edge Function notifications
Each workflow state stored as a column; transitions trigger Edge Functions
a DronaHQ
DronaHQ PDF builder
In code
React-PDF or Puppeteer in a Next.js Route Handler
Budget extra time if PDF generation is heavily used
a DronaHQ
DronaHQ RBAC (roles per app/screen)
In code
Supabase RLS + role column; Next.js middleware
Map existing roles to RLS policies before cutover
a DronaHQ
DronaHQ public forms
In code
Next.js public routes with Supabase insert + RLS policy
RLS policy restricts insert to public role; no auth required for form submission
a DronaHQ
DronaHQ self-hosted (Docker + license key)
In code
Vercel + Supabase cloud
Eliminates license key dependency entirely
The migration roadmap
Four phases: secure your data and export first, then rebuild foundation, then port workflows, then cut over with a parallel-run period.
Export & Audit (urgent first step)
1 week- Export all app JSON before initiating any plan change or cancellation
- Confirm the 30-day data-copy window policy with DronaHQ support
- Inventory every connector: type, host, credentials, tables/endpoints used
- Screenshot every screen and workflow for rebuild specification
- Note license key expiry date if self-hosted
Watch out: Do not cancel your plan before completing data export; the 30-day window starts on cancellation
Foundation Setup
1–2 weeks- Provision Supabase project; create schemas mirroring your existing data sources
- Set up Next.js project with App Router, Tailwind, shadcn/ui
- Configure Supabase Auth with role column on users table
- Implement RLS policies matching DronaHQ's role/screen permission matrix
- Confirm new stack HIPAA/BAA coverage if applicable
UI & Connector Migration
2–4 weeks- Build one Next.js page per DronaHQ screen using screenshots as spec
- Replace each connector with direct Supabase query or Route Handler
- Implement DataTable components for list views; forms with react-hook-form + zod
- Build PDF generation if used (React-PDF or Puppeteer Route Handler)
Approval Workflow Rebuild
1–2 weeks- Map every approval workflow step-by-step from the JSON export
- Implement state machine in Supabase (status column + transitions)
- Wire Edge Function notifications for each workflow transition
- Test end-to-end with real workflow scenarios
Watch out: Multi-step approval chains with conditional routing are the most time-intensive feature to rebuild; allocate a dedicated sprint
Parallel Run & Cutover
1 week- Run DronaHQ and new app in parallel; validate parity page by page
- Perform forced password reset for built-in auth users
- Update SSO redirect URLs for SAML/OIDC users
- Cut over before license key expiry if self-hosted
Three ways to migrate — honestly
Every path has a real trade-off. Here is what each costs, how long it takes, and where it bites.
DIY (with AI tools)
$0–500 + time
3–6 months part-time
Fits
Technical founders comfortable with Next.js and Supabase; apps with simple CRUD screens and no complex approval workflows
Risks
Approval workflow state machines and PDF generation are non-trivial to build correctly; underestimating these is the most common DIY failure mode
Freelancer
$3K–10K
6–10 weeks
Fits
Apps with clear scope, limited approval workflows, and an internal technical contact who can QA outputs
Risks
Freelancers often underscope approval workflow complexity; ensure fixed-price scope includes all workflow states
Agency (RapidDev)
Done-for-you$13K–25K fixed
6–10 weeks
Fits
Teams with complex approval chains, HIPAA compliance requirements, or customer-facing portals who need a predictable timeline and fixed price
Risks
Highest upfront cost; justified when workflow complexity or compliance requirements make scope uncertainty risky with a freelancer
The real risks — and how to defuse them
Missing the 30-day data window
Mitigation: Set calendar reminders from cancellation date; initiate data export on day 1 of the window, not day 29
License key dependency breaking production
Mitigation: If self-hosted, confirm license key expiry date before starting migration and plan cutover before that date; production apps will break when the key expires
Approval workflow complexity underestimated
Mitigation: Map every workflow step, condition, and notification from the JSON export before writing code; allocate a dedicated sprint for workflows alone
HIPAA compliance gap during transition
Mitigation: Confirm Supabase BAA coverage and Next.js hosting HIPAA posture before initiating cutover; do not run parallel systems past your BAA coverage window
Built-in auth users disrupted
Mitigation: Plan a forced password reset flow; communicate to users in advance; SSO (SAML/OIDC) users are unaffected
Should you actually migrate?
Migrating is a real project. Sometimes staying is the right call — here is the honest split.
Stay if
- You need rapid internal-tool iteration and approval workflows without engineering overhead and current pricing is within budget
- Your team is HIPAA-regulated and DronaHQ's self-hosted plus BAA already covers your compliance posture
- You are using DronaHQ as an Internal.io replacement and the platform fully meets current operational needs
- The license renewal cost is materially less than the estimated migration cost at your current app complexity
Migrate if
- Self-host license renewal cost is approaching the economics of maintaining a custom Next.js + Supabase stack
- You need customer-facing UI with custom branding beyond DronaHQ's internal-tool aesthetic
- You want to eliminate the proprietary runtime and license-key dependency entirely and own your infrastructure
- Approval workflow complexity or PDF generation needs have pushed you to multiple paid tiers simultaneously
Our honest verdict
DronaHQ is a competent Internal.io successor. The migration case is economic or compliance-driven; the proprietary license-key self-host model is the key friction point, not platform quality.
Do this today: pre-migration checklist
Whatever path you choose, protect yourself first. Work through this before you touch a line of code.
Export all app JSON files before initiating any plan change or cancellation
The JSON export is your rebuild specification; once you cancel, access may be restricted before the data window opens
Confirm the 30-day data-copy window policy with DronaHQ support before canceling
Policy details matter; you need written confirmation of exactly when the window opens and what's included
Inventory every connector: document data source type, host, credentials, tables/endpoints used
Connectors are your data access layer; missing one means a broken feature in the new app
Map all approval workflows step-by-step from the JSON export
Approval workflows are the most business-critical and most time-intensive feature to rebuild; the spec must be complete before coding starts
Verify license key expiry date if self-hosted — plan cutover before that date
A lapsed license key breaks production apps; this is a hard deadline, not a suggestion
Confirm new stack's HIPAA/BAA coverage if applicable before switching
Cutting over to an uncovered stack, even briefly, creates a compliance gap that may require disclosure
Frequently asked questions
Can I export my DronaHQ app code?
You can export app definitions as JSON, but the JSON only runs on DronaHQ's proprietary runtime — cloud or self-hosted Docker with an active license key. There is no standalone code eject. The JSON is useful as a rebuild specification, not as deployable code.
Can I export my data from DronaHQ?
Yes — DronaHQ connects to your own databases and APIs; it does not store your source data. Your Postgres, MySQL, and REST API data is already in systems you control. On termination, DronaHQ provides a 30-day data-copy window; initiate extraction on day 1, not day 29.
How long does migrating from DronaHQ take?
Typically 6–10 weeks for a standard internal-tool app. Approval workflow complexity is the main variable — each multi-step workflow with conditional routing adds time. Apps with no approval workflows or PDF generation are on the shorter end of that range.
What happens to my users and passwords when I migrate?
Users on SSO (SAML/OIDC) migrate cleanly — their IdP config is provider-side portable and unaffected. Users on DronaHQ's built-in auth will need a forced password reset on the new platform; password hashes are not exported.
Is DronaHQ's self-hosted version truly open source?
No. The self-hosted repo (github.com/dronahq/self-hosted) contains Docker setup scripts and a LICENSE_KEY that must be validated against DronaHQ's license server. It is not an open-source eject; your apps remain dependent on DronaHQ's proprietary runtime and an active license.
Is DronaHQ shutting down?
No — as of June 2026 the platform is actively maintained (SOC-II, ISO 27001 certified, recent docs commits). The migration case is economic or compliance-driven, not a shutdown risk. DronaHQ actually grew after Internal.io's shutdown in December 2023.
Can RapidDev handle a DronaHQ migration with complex approval workflows?
Yes. RapidDev offers fixed-price DronaHQ migrations ($13K–$25K, 6–10 weeks) including approval workflow state machine implementation, PDF generation, and HIPAA-compliant stack setup. Book a free scoping call to get an accurate estimate based on your workflow count and complexity.
Does DronaHQ work for HIPAA-compliant use cases?
DronaHQ offers a self-hosted deployment path intended for HIPAA compliance. However, that path requires an active paid license key validated against DronaHQ's servers. If you are migrating for HIPAA reasons, ensure your new stack (Next.js + Supabase) has an equivalent BAA in place before cutting over.
We migrate no-code apps to production code
- Fixed price — $13K–$25K (agency, fixed)
- No data loss, no downtime
- You own 100% of the code
30-min call. Quote within 48 hours.