Custom software & SaaS

Custom software at the studio means shipping production systems with real users, not prototypes that demo well and then collapse under real load. Most work starts on Next.js or React on the front, Node or Python on the back, with PostgreSQL or MySQL as the source of truth and Prisma where the schema churns enough that a typed query layer earns its weight.

Payments and payouts, properly wired

Stripe handles subscriptions and one-off charges. Wise handles marketplace payouts in the patterns where Stripe's payout coverage doesn't fit the brief. PayPal goes in when the audience expects it; we don't push it as a default. The integration work behind any of these is more than the SDK call, it's webhook reconciliation, idempotency keys, replay safety, dispute handling and a deterministic source of truth for finance to reconcile against.

Security by default

Security patterns are wired in from the first commit, not bolted on at the end. AES-256 at rest for sensitive fields where it belongs (bank details, identifiers). Signed webhooks. Prepared queries through Prisma so SQL injection isn't a class of bug. Role checks at the middleware layer so a privileged surface fails closed by default rather than relying on a missing guard somewhere downstream.

APIs and real-time

Most products are only as good as the systems they talk to. We build REST and GraphQL APIs as first-class surfaces, versioned and documented, and reach for real-time infrastructure (WebSockets, and a message broker like MQTT) when a feature genuinely needs sub-second updates rather than polling. PineTrader is a case in point: a TradingView signal travels over an MQTT backbone to MetaTrader 5 and back to the browser over WebSockets with sub-second latency, because a trade that fires thirty seconds late is worthless.

AI features in real product flows

When AI belongs in the product, it goes in as a feature, not a banner. That means LLM calls wired into a real flow with cost and prompt engineering documented, retrieval grounded in the customer's own data, and guardrails at the boundary, the same rigour as any other integration. The first job in scoping is naming which part of the brief actually needs a model and which part is better as deterministic code.

Deployment and operations

Shipping is the start, not the finish. Builds are containerised with Docker and deployed through CI to platforms like Vercel and Render, with environments, database migrations and secrets handled so a release is boring and a rollback is one step. Observability and error tracking ship with the first release, so a regression is caught before a user reports it.

Rescue work

About a third of the SaaS engagements start as rescue, inherited codebases, half-finished MVPs, dashboards built on stacks the original team has moved on from. The first pass is an audit and a recovery plan with the trade-offs spelled out, the second is the work itself.