How we work
Five principles. One SOW. Zero surprises.
A long version of the short version. The full picture of how we run engagements, what we sign, and what we will not.
01 · Principles
- I.
Ship working software, weekly.
A demo that runs in your repo on Friday beats a deck on Monday. Every sprint — code or campaign — ends with something you can click, read, or watch. If we couldn't demo this week, we say so on the call instead of dressing up a slide.
- II.
Tight scope. Honest price.
We over-scope our discovery, then under-scope our build. If we miss, the change order is on us, not on you. No retainers you can't cancel. No invoices that arrive without a Loom explaining what they cover.
- III.
You own everything.
Code MIT-licensed to you, day one. Ad accounts, CMS, repos, audience data, content briefs — all in your name. The day you stop calling, you take everything with you and the lights stay on without us.
- IV.
No juniors learning on your dollar.
Every engineer, strategist, and editor on our pods has shipped to production for at least 8 years. We don't farm out work to overseas shops. We don't use AI to ghostwrite a junior into seniority.
- V.
Disagree and commit, in writing.
If we think your spec is wrong, we say so on the call, write it down in the discovery doc, and ship what you asked for anyway. Then we measure. The doc is the receipt.
02 · Sample SOW
A real-shaped SOW excerpt.
This is the shape every engagement ships with. Names changed. Numbers honest. The full template is in the master MSA.
SOW · template-fixed-price.txt ● shared by default
SOW · acme-fintech / intake-agent ═══════════════════════════════════════════════════════ outcome : agent that triages support tickets success : ≥85% precision · <2s p95 · in-app duration : 4 weeks · fixed team : 2 engineers + 1 PM price : $96,000 (50% on signature, 50% on demo) ownership : you · MIT-licensed code, day 1 change-orders only on new scope (signed by both) refund : pro-rata if we miss the success bar warranty : 30 days, bugs in delivered scope, free
03 · Security & compliance
The boring promises.
The stuff your procurement and security teams will ask about.
SOC 2 Type II
Annual audit by an AICPA-accredited firm. Latest report available under NDA on day one of procurement.
GDPR / DPA
Standard DPA on file. EU SCCs ready. Sub-processor list maintained and shared on request, with 30-day notice on changes.
Background checks
Every engineer, strategist, and editor is background-checked at hire. We can re-run on a per-engagement basis if your security policy requires it.
Access & offboarding
Least-privilege access. Offboarding within 24 hours of engagement end — including SSO, repos, ad accounts, CMS, design tools, everything.
Master MSA
We sign yours, or we publish ours. Either way: no exclusivity, no IP assignment we wouldn't put in our own contracts, no auto-renewals.
Bug bounty
If you find a security issue in anything we shipped, we'll pay the bounty (within reason) and fix it on our dime, in or out of warranty.
04 · How a week looks
The cadence.
Same beat every week. Predictable on purpose.
~/process/weekly-cadence.txt
// every engagement, every week — code or campaign monday 09:30 standup with your team (30 min, recorded) 10:00 planning · what ships Friday 10:30 open PRs / drafts in your queue wed 14:00 midweek review (written, in Slack) 14:30 blockers escalated, decisions logged friday 14:00 demo / read-out (30 min, recorded) 14:30 one-page weekly note in your wiki 15:00 end-of-week commit + handoff every 4 wk : retro + scope check-in (45 min, written follow-up) every 12 wk: re-strategise (half-day, on-site if local)
Procurement done. Want to start?
If you've made it this far, you're either evaluating us or working in our finance team. Either way: book a call.