Migration snapshot
ActivePlatform
a Tines
Tines (Dublin, founded 2018) raised a $125M Series C on Feb 11, 2025 at a $1.125B valuation (led by Goldman Sachs Growth Equity and SoftBank Vision Fund 2), bringing total funding to $272M. Prior: $50M Series B extension April 24, 2024 (Accel + Felicis). The platform continues shipping enterprise features through 2026. Self-hosting is Enterprise-only, gated behind a sales conversation.
Typical timeline
8–12 weeks
Typical cost
$13K–$25K (agency, fixed)
Why teams leave a Tines
Tines is financially healthy and not at risk. The migration trigger is architectural — proprietary runtime with no code eject, self-hosting gated behind Enterprise, and a cost model that doesn't fit mid-market security teams.
Proprietary runtime, no code export
Tines stories (workflows) are portable within Tines but run only on the Tines runtime. There is no eject to code; migration means a full rebuild, not a port.
Self-host gated behind Enterprise sales
Self-hosting requires an Enterprise contract and a sales conversation (tines.com/docs/self-hosted/before-you-begin). Not openly downloadable; cannot self-host on Community or lower-tier plans.
Security teams hitting feature cost cliffs
Tines' primary market is SOC automation. Pricing at Enterprise tier for self-host, compliance features, and staging environments may not fit mid-market security team budgets.
Lock-in deepens over time
Every new story built in Tines is another unit of logic that must be rebuilt to leave. The longer a team stays, the larger the migration scope becomes.
No Git-native versioning at lower tiers
Stories are treated as production artifacts. Peer review and staging workflows require Enterprise features; the absence of Git-native versioning creates operational risk in security contexts where change management matters.
What can you actually take with you?
Tines does not store your business data — it processes events and calls APIs. Stories export in a Tines-signed format usable only within the Tines ecosystem, not as runnable code on any other platform.
| Asset | Can you export it? | How | Notes |
|---|---|---|---|
| Data | No | Tines does not store your business data. All data lives in your SIEM, ticketing system, email, or other connected tools. Export from those source systems directly. | N/A — Tines is an event-processing platform, not a data store. |
| Code | No | Stories (workflows) are Tines-proprietary. They export as signed Tines-format files and can only be imported into another Tines instance. | Signed exports are production artifacts for use within the Tines ecosystem only. They cannot be converted to runnable code on another platform. |
| Design/UI | No | Not applicable — Tines is a workflow/automation platform with no app UI to export. | N/A |
| Logic/Workflows | Partial | Stories can be exported in Tines' signed format and imported into another Tines environment — useful for staging/prod separation within Tines. The logic is visible within the editor and can be documented and reconstructed manually. | There is no automated code-generation from stories. Manual documentation of each story's triggers, actions, and external API calls is the only migration artifact. |
| Users & Auth | No | Tines manages workspace auth. Password hash export is not documented. User list export is not documented. | Not documented — rebuild user access control from scratch using Supabase RLS and role-based access. |
Swipe the table sideways to see the full breakdown.
Where each piece moves in code
The target stack is Next.js + Supabase/PostgreSQL, replacing Tines' story runtime with typed TypeScript Server Actions, direct SDK calls, and a Supabase-backed case management layer.
a Tines
Story trigger (webhook)
In code
Next.js Route Handler + HMAC signature verification
Replicate the event source and add the same signature validation Tines applied. Document the expected payload structure for each trigger before rebuilding.
a Tines
Story trigger (schedule/polling)
In code
Vercel Cron Jobs or pg_cron in Supabase
Match the original poll interval exactly. Add deduplication logic — Tines handled this; the new system must implement it explicitly.
a Tines
Action (HTTP request)
In code
fetch() with error handling in a Next.js Server Action
Each Tines action maps to one awaited fetch call. Replicate retry and timeout settings explicitly — Tines managed these implicitly.
a Tines
Action (send email/Slack/Jira)
In code
Direct SaaS SDK (Resend, Slack SDK, Jira API)
Replace the Tines abstraction layer with direct SDK calls. Each SDK integration requires its own credentials and error handling.
a Tines
Action (condition/branch)
In code
TypeScript if/switch in a Server Action
Tines condition logic is simple boolean. Straightforward code translation; no abstraction needed.
a Tines
Case management (grouping events)
In code
Supabase table with case_id, status, events JSONB
Replicate the Tines case model in PostgreSQL. This is the core data layer for SOC workflows; design the schema before writing action code.
a Tines
Team permissions
In code
Supabase Row Level Security + role column
Map the Tines team/permission model to database-level RLS policies.
a Tines
Audit trail
In code
Supabase table with action_id, story_id, actor, timestamp, payload
Security contexts require audit logging from day one, not as a follow-up. Implement before any story goes live.
The migration roadmap
The extraction phase starts with exporting every story and manually documenting it as a rebuild specification. Security-context migrations require a phased cutover with parallel running — no hard cutover mid-incident.
Phase 1: Story Documentation
1–2 weeks- Export every story from Tines in Tines' signed format; store exports in Git as documentation artifacts
- For each story, document: trigger type, trigger source (which external system), number of actions, all external API calls made, and all downstream systems affected
- Count the total number of actions across all active stories — this is the migration-effort proxy (complex stories with 8–10 actions are 3–5x longer to rebuild than simple ones)
- List every credential stored in Tines (SIEM API key, Jira token, Slack token, etc.) and identify the team owner of each
Phase 2: Infrastructure Foundation
1 week- Set up Next.js project with Supabase, configure Supabase Vault for credential management — security contexts require proper secrets from the start
- Design the case management schema in Supabase (case_id, status, events JSONB, created_at, updated_at) before writing any story code
- Implement audit logging table (action_id, story_id, actor, timestamp, payload) — required from day one in security contexts
- Establish a staging Vercel environment for parallel running
Phase 3: Story Rebuild (phased by priority)
5–8 weeks- Rebuild lowest-risk stories first — monitoring and alerting before phishing triage or incident response
- Implement each story as a Server Action or Route Handler; add HMAC signature verification for all webhook triggers
- Re-authorize each credential in Supabase Vault; test each external API connection before any story goes live
- Run old Tines story and new implementation in parallel; define explicit parity criteria per story before cutover
Watch out: SOC stories that cover phishing triage, incident response, or alert enrichment create a real security operations gap if they go offline during migration. Do not cut over any security-critical story until the new implementation has run in parallel through at least one live incident cycle.
Phase 4: Cutover & Governance
1–2 weeks- Disable Tines stories one by one after confirming new equivalents meet parity criteria and have survived at least one full operational cycle
- Implement code review via Git pull requests for all future workflow changes — equivalent to Tines' Enterprise staging/approval workflow
- Document the new stack architecture, story inventory, and credential owners for team onboarding
- Cancel or downgrade Tines subscription after confirming all stories are stable
Three ways to migrate — honestly
Every path has a real trade-off. Here is what each costs, how long it takes, and where it bites.
DIY (with AI tools)
$0–$500 + time
4–6 months part-time
Fits
Code-native security engineering teams with clear story documentation and fewer than 10 active stories. Works when the team has direct experience building webhook handlers and API integrations.
Risks
Security contexts require audit logging and credential management from the start — these are easy to defer and expensive to add later. The parallel-running requirement in security contexts adds coordination overhead. Tines stories calling 8–10 external APIs are complex to rebuild without dedicated time.
Freelancer
$3K–$10K
4–8 weeks
Fits
Teams with well-documented stories, a small story library (under 10), and connectors limited to common platforms (Slack, Jira, email). Requires strong specification handoff.
Risks
Security context requirements (audit logging, change management, credential governance) are often scoped out by freelancers. Ensure the contract explicitly includes Supabase Vault setup, audit trail, and staging environment.
Agency (RapidDev)
Done-for-you$13K–$25K fixed
8–12 weeks
Fits
Security teams with 10+ stories, complex SIEM/ticketing integrations, compliance requirements, or the need to maintain SOC coverage throughout migration with zero gap.
Risks
Minimal — fixed price covers full story documentation, phased rebuild, credential migration, parallel running, audit logging, and cutover. Free scoping call at rapidevelopers.com.
The real risks — and how to defuse them
Security operations gap during migration
Mitigation: Phishing triage, incident response, and alert-enrichment stories going offline during migration create a real SOC gap. Run old and new implementations in parallel. Define explicit parity criteria per story. Do not cut over any security-critical story during an active incident.
Story complexity underestimation
Mitigation: A Tines story that appears simple in the editor may call 8–10 external APIs with complex error handling and conditional branching. Count the number of actions and external API calls in every story before estimating migration effort — complex stories take 3–5x longer to rebuild than simple ones.
Credential re-entry across multiple security tools
Mitigation: Tines stores credentials for SIEM, threat intelligence feeds, ticketing, email, and messaging. Each must be re-established in Supabase Vault with appropriate access control. Document every credential before starting; identify the team owner for each. Scheduling re-authorization sessions is often the longest lead-time item.
Peer review and compliance gap
Mitigation: If you use Enterprise Tines with staging/approval workflows, you need equivalent governance immediately for compliance purposes. Implement Git pull request review for all workflow changes and a staging Vercel environment from day one — not as a follow-up.
No drop-in replacement for Tines' collaborative UX
Mitigation: Tines provides a visual story builder with collaborative review that non-technical analysts can use. A code-based replacement requires developer-grade tooling. Evaluate whether a hybrid approach — Tines for analyst-operated stories, code for engineer-owned automations — is more realistic than a full migration.
Should you actually migrate?
Migrating is a real project. Sometimes staying is the right call — here is the honest split.
Stay if
- Your SOC team is analyst-heavy and non-technical; Tines' visual story builder is a genuine productivity advantage that code cannot replace for them
- You are already on Enterprise and self-hosting within your own VPC, which resolves the data-residency concern
- Your story library is growing and the rebuild cost at current scope would exceed 12 months of Tines subscription cost
Migrate if
- You need self-hosting but cannot justify the Enterprise sales conversation and its associated cost tier
- Your security engineering team is code-native and the visual editor is not adding value over direct code review and Git-based change management
- You are hitting Tines pricing cliffs and the renewal cost has triggered an internal build-vs-buy review
Our honest verdict
Tines is a legitimate, funded platform with a strong position in security automation. The decision to migrate is primarily economic and architectural, not urgency-driven. If your team is code-native and SOC automation logic is owned by engineers, a code-based stack is maintainable and cheaper at scale. If your SOC is analyst-operated, stay and use Tines as designed.
Do this today: pre-migration checklist
Whatever path you choose, protect yourself first. Work through this before you touch a line of code.
Export every story from Tines and store the exports in Git as documentation artifacts
Signed story exports are the only portable artifact from Tines. Store them as documentation even though they cannot run outside Tines.
Document each story: trigger source, number of actions, all external APIs called, and downstream systems affected
This documentation is your rebuild specification. The total action count across all stories is your migration-effort proxy.
Count the total number of actions across all active stories
Stories with 8–10 actions calling multiple external APIs take 3–5x longer to rebuild than simple 2–3 action stories. This count drives your timeline estimate.
List every credential stored in Tines and identify the team owner of each
Credential re-authorization is typically the longest scheduling bottleneck in security-tool migrations. Start early.
Evaluate Supabase Vault for secret management before writing any code
Security contexts require proper secret handling from day one. Environment variables in plain text are not an acceptable long-term solution for SIEM keys and threat-intelligence credentials.
Define a parity cutover criterion for each story before starting the rebuild
SOC stories cannot be cut over on a schedule — they must meet explicit parity criteria and survive a live operational cycle. Document these criteria before writing a line of code.
Frequently asked questions
Can I export my Tines story logic as code?
No. Tines stories export in a Tines-signed format that can only be imported into another Tines instance. There is no automated code-generation from stories and no eject path to a different runtime. Migration means manually documenting each story's logic and rebuilding it as TypeScript Server Actions and fetch calls.
Is Tines shutting down?
No. Tines raised a $125M Series C on Feb 11, 2025 at a $1.125B valuation, bringing total funding to $272M. The platform is actively shipping enterprise features. The reason to migrate is architectural — proprietary runtime, self-hosting gated behind Enterprise sales, or pricing — not platform risk.
Can I self-host Tines?
Only on an Enterprise contract, after a sales conversation (documented at tines.com/docs/self-hosted/before-you-begin). Self-hosting is not available on Community or lower-tier plans and is not openly downloadable. If self-hosting is a requirement you cannot meet through Enterprise pricing, migration is the only path.
What happens to my users and credentials when I migrate off Tines?
Tines manages workspace auth and credential storage. User list export and password hash export are not documented as available. All users and access control must be rebuilt from scratch using Supabase Auth and RLS policies. More importantly, every credential stored in Tines (SIEM API key, Jira token, Slack token, threat-intelligence feeds) must be re-entered in Supabase Vault — document them all before starting.
How long does a Tines migration take?
Typically 8–12 weeks. The largest variables are the number of active stories, the average action count per story (stories with 8–10 external API calls take 3–5x longer than 2–3 action stories), and the number of credentials requiring re-authorization. Security contexts also require a parallel-running period before cutover, which adds 2–4 weeks.
How do I maintain SOC coverage during the migration?
Run the old Tines story and the new implementation in parallel. Define explicit parity criteria for each story (same alert enrichment, same ticket creation, same Slack notification) and a minimum parallel-running period before cutover. Do not cut over any security-critical story during an active incident. Migrate monitoring and alerting stories first; leave phishing triage and incident response stories last.
How much does a Tines migration cost?
DIY for a code-native security team with a small story library: near-zero software cost, 4–6 months part-time effort. Freelancer for well-documented stories: $3K–$10K. Fixed-price agency engagement for teams with 10+ stories, multiple SIEM integrations, or compliance requirements: $13K–$25K over 8–12 weeks. RapidDev offers a free scoping call to count your active stories and estimate effort at rapidevelopers.com.
Should I consider a hybrid approach — keeping Tines for analysts and rebuilding only engineer-owned stories in code?
Yes, this is often the most practical path. Tines' visual story builder genuinely benefits non-technical analysts who need to create and modify workflows without engineering support. A hybrid model — Tines for analyst-operated stories, custom code for engineer-owned complex automations — may deliver better ROI than a full migration, especially if your Community or Pro tier pricing is acceptable.
We migrate no-code apps to production code
- Fixed price — $13K–$25K (agency, fixed)
- No data loss, no downtime
- You own 100% of the code
30-min call. Quote within 48 hours.