How we build software that actually fits

We've worked with schools managing hundreds of EHCPs, charities tracking complex service delivery, and startups turning ideas into products. Every project is different, but the process is the same: listen first, build in the open, and never disappear after launch.

Why most software doesn't fit

Schools & Colleges

Your MIS handles attendance and grades, but it wasn't built for EHCP annual reviews, provision mapping, or multi-agency coordination. So your SEND team fills the gap with spreadsheets, paper forms, and a filing system that only one person understands.

EHC plan numbers have doubled since 2016 — from around 0 to over 0 nationally. That's roughly 0 more EHCPs per school compared to five years ago. The admin hasn't scaled; your team has just absorbed it.

Each annual review means gathering professional advice two weeks in advance, running the meeting, writing the report within 10 working days, annotating the EHCP, updating the provision map, and submitting everything to the local authority within two weeks. For a school with 30 or more EHCPs, that's a near-continuous cycle.

Four stages. No black boxes.

1
Discovery (1-2 weeks)

We meet your team

We meet your team — the people who'll actually use the software, not just the person who signs off on it. We map current workflows, identify pain points, and agree on what success looks like.

What you get: a clear brief, a realistic timeline, and a fixed price. No surprises later.

2
Design & Build (4-8 weeks, varies by scope)

Working prototype in two weeks

Where a traditional agency might spend three months before you see anything, we deliver a working prototype within the first two weeks. AI accelerates the routine development work — scaffolding, boilerplate, repetitive code — so our developers spend their time on the architecture and logic that makes your system genuinely yours.

You check in regularly, try working software, and tell us what's right and what isn't. Nothing drifts because nothing happens behind closed doors.

Why it's faster: A traditional bespoke build takes 3 to 12 months. We typically deliver in 6 to 10 weeks. The AI handles what used to take the longest; the developers handle what matters most.

3
Security Audit & Penetration Testing

Two layers of security review

Before your team ever sees the software, it goes through two layers of security review.

Layer 1 — Automated scanning

Every build is scanned for OWASP Top 10 vulnerabilities, dependency risks, hardcoded secrets, and insecure data handling patterns. This runs on every single code change, not just at the end.

Layer 2 — Human code audit

A developer reviews the codebase for logic errors, permission flaws, data protection compliance, and anything automated tools miss. For systems handling children's data, safeguarding records, or sensitive personal information, this isn't optional — it's how we work.

Nothing goes live until both layers sign off.

4
User Testing & Refinement (1-2 weeks)

Real users, real scenarios

Your team uses the software in real scenarios. We watch, we listen, we fix. This isn't a polished demo; it's your system being tested by the people who'll rely on it every day.

5
Launch & Ongoing Support

Deploy and stay

We deploy to production, train your team, and hand over complete documentation. Then we stay — ongoing support means bugs get fixed, security patches are applied, questions get answered, and the system evolves as your needs change.

The boring truth about AI-assisted development

We should be honest about what AI does and doesn't do in our process.

What AI does

  • Generates boilerplate code, tests, and scaffolding — work that used to take weeks, done in hours
  • Runs automated security scanning on every build, catching vulnerabilities before they reach production
  • Performs penetration testing against common attack vectors (OWASP Top 10, dependency exploits, injection attacks)
  • Speeds up routine development so our developers focus on your specific requirements

What AI doesn't do

  • ×Make architectural decisions — that's a human developer
  • ×Replace code review — every line is reviewed by a developer who understands your system
  • ×Sign off on security — a human audits the code before anything goes live
  • ×Understand your workflow — that comes from sitting with your team and listening

What this means for you

  • Faster delivery — weeks, not months, because AI handles the repetitive work
  • Lower cost — fewer billable hours go to routine tasks
  • Stronger security — automated scanning catches issues continuously, human audits catch everything else
  • Full transparency — you see the code, the security reports, and we explain how it all works

You own everything

Code ownership

You receive the full source code. Built on open-source technology — Next.js, React, PostgreSQL, Tailwind CSS — that any competent developer can maintain.

Data ownership

Your data lives in your database. We help you set up infrastructure, but you control it. If you ever want to part ways, you take everything with you.

Security

Every build goes through automated security scanning and penetration testing, followed by a human code audit before release. GDPR compliance is built in from day one. For organisations handling children's data or sensitive personal information, we document our data protection approach and provide security audit evidence so you can demonstrate compliance to governors, trustees, or regulators.

Pricing

We give you a fixed price upfront. If scope changes, we tell you before it affects the cost. No drip-fed invoices, no "we'll see how it goes."