FAQ
Frequently asked questions
The questions clients ask before they sign — answered the way a senior engineer would answer them over coffee, not the way a sales deck would. If yours is not here, ask us directly.
7 questions
Working With Us
How an engagement actually starts, who you talk to, and what we need from you.
How do we start working together?
A 30-45 minute call where you describe the problem and we ask uncomfortable questions about it. If it looks viable, we follow up with a written scope: phases, deliverables, assumptions, exclusions and a price. You are not committed to anything until you sign that. We do not charge for the call or the scoping document.
Who will I actually be talking to day to day?
The engineers doing the work, plus one delivery lead who owns the timeline. We do not run an account-manager relay where your technical question takes two days to reach someone who can answer it. You get a shared Slack or Teams channel and the people in it are the people writing the code.
What timezone overlap can you offer?
Our engineering team is in Lahore (PKT (UTC+5)) and we have a North American presence in Canada (PST (UTC-8)). For European clients we overlap most of your working day. For North American clients we guarantee a fixed overlap window — typically your morning, our evening — for standups and live debugging, and we schedule releases inside it. Asynchronous work happens outside that window, so you tend to wake up to progress.
What is your minimum engagement size?
Roughly four weeks of work, or one dedicated engineer for a month. Below that, the cost of us learning your domain outweighs what we can deliver, and neither of us gets value from it. Small, well-defined pieces of work — an integration, an audit, a performance fix — are the exception, and we are happy to quote them.
Do you work fixed-price or time-and-materials?
Both, and the choice should follow the uncertainty. Well-understood scope with a stable spec: fixed price, so you carry no estimate risk. Discovery work, R&D or anything where the requirements will genuinely move: time-and-materials with a monthly cap, because a fixed price on unknowns just means we pad it and you pay for our uncertainty. Most projects start fixed-price for a discovery phase, then move to T&M or a retainer for build.
What do you need from us to be effective?
One decision-maker who can settle a question within a day or two, access to the systems we are integrating with, and someone who knows the domain well enough to tell us when we have misunderstood it. Projects rarely stall on engineering — they stall waiting for a decision or a credential.
Can you work with our existing in-house team?
Yes, and this is a large share of our work. We can staff into your sprints, your repo and your review process, or run a separate workstream with a clean interface between us. We will follow your conventions rather than importing ours — your team maintains this after we leave.
6 questions
Pricing & Contracts
Estimates, change requests, invoicing and what happens when the plan meets reality.
How do your estimates work, and how accurate are they?
We break scope into pieces small enough to be estimated in days rather than months, estimate each with a range, and publish the assumptions the range depends on. On well-defined work we usually land within 10-20% of the estimate. On anything touching a legacy system we do not control, the range is wider and we say so up front. An estimate presented as a single confident number is a sales tactic, not an engineering output.
What happens when the scope changes mid-project?
Scope always changes — that is not a failure, it is what learning looks like. Small changes that net out against something else, we absorb without ceremony. Anything that materially moves the date or the cost gets a short written change request: what changed, the delta in days, the new date. You approve it before we build it. What we do not do is silently absorb changes and then surprise you with a slipped deadline.
How and when do you invoice?
Monthly in arrears for time-and-materials and retainers, on 14-day terms. Fixed-price projects are billed against milestones — typically an upfront percentage, then payments tied to delivered, demonstrable phases rather than calendar dates. Timesheets are shared for T&M work so you can see what the hours went to.
Are there costs beyond your fee?
Yes, and we itemise them at scoping so they do not surprise you: cloud infrastructure, model API usage, third-party SaaS, app store fees, and paid licences. These are billed to your own accounts wherever possible — you should own the vendor relationship and the credentials, not us. We do not mark them up.
What if we are not happy with the work?
Raise it early — at a sprint review, not at the end. If we shipped something that does not match the agreed spec, we fix it at our cost; that is a defect, not a change request. Retainers and T&M engagements can be ended with 30 days notice for any reason, with no termination penalty. A client who wants to leave and cannot is a client who will tell everyone about it.
Do you offer discounts for longer commitments?
For multi-month retainers and dedicated-team arrangements, yes — a committed pipeline lets us plan capacity, and that saving is real, so we pass some of it on. We do not discount to win a deal we would otherwise lose on merit, because a project priced below its cost gets staffed accordingly, and both of us end up regretting it.
7 questions
Engineering & Delivery
How we build, test and ship — and how you can see it happening.
How do you keep us informed about progress?
A demo of working software every two weeks, a written weekly summary covering what shipped, what is blocked and what changed, and a live board you can open any time. Progress is measured by what runs in a staging environment, not by percentage-complete on a plan. If something has slipped you will hear it from us in the weekly note, not discover it at the deadline.
What does your testing and QA actually cover?
Unit tests on business logic, integration tests across API and database boundaries, and end-to-end tests on the flows where a failure costs money — auth, checkout, anything that writes to a ledger. All of it runs in CI on every pull request. We do not chase a coverage percentage; a suite at 90% coverage that misses the payment path is worse than useless, because it buys false confidence.
Do you write documentation?
Yes, and we treat it as a deliverable rather than a favour: README and local setup that a new developer can follow without asking us, architecture decision records explaining why a choice was made, API reference, runbooks for the things that break at 3am, and a deployment guide. Documentation that only lives in an engineer's head is a liability you inherit.
What happens if a key engineer leaves your team?
Every project has at least two people familiar with the codebase, work happens in your repository with reviewed pull requests, and decisions are written down rather than remembered. Handover is a week of overlap, not an email. We have staff turnover like everyone else — the design goal is that you should not have to care.
Will we get the code as you go, or at the end?
As we go, from day one. Work happens in your Git repository — or in ours with you as an owner, transferred at no cost whenever you ask. You can read every commit as it lands. Any arrangement where code is withheld until final payment is a hostage situation, and we do not work that way.
How do you handle technical debt?
We name it and price it rather than hiding it. When we take a shortcut to hit a date, it goes on a visible list with the cost of fixing it later. Roughly 10-20% of ongoing capacity goes to paying that list down. If you need us to go faster than is sustainable, we will do it and tell you exactly what the invoice looks like in six months.
Can you take over a project another agency started?
Often, yes — it is a meaningful part of our work. We start with a fixed-price audit: what is the actual state of the code, tests, infrastructure and dependencies, what is salvageable, and what would a rewrite really cost. Sometimes the honest answer is that the existing code is fine and you had a communication problem. We would rather tell you that than sell you a rebuild.
7 questions
AI & Data
What we do with your data, what the model vendors do with it, and when AI is the wrong answer.
Is our data used to train anyone's model?
No. On the enterprise and API tiers we build against — OpenAI, Anthropic, Azure OpenAI and AWS Bedrock — inputs and outputs are contractually excluded from training by default. We configure zero-retention where the provider offers it, and we will show you the specific policy for the specific tier before you sign anything. Where the guarantee is not strong enough for your data, we deploy an open-weight model such as Llama or Mistral inside your own infrastructure and nothing leaves your network.
How do you stop an AI system from making things up?
You constrain it and you measure it. Answers are grounded in retrieved documents from your own corpus and cite the source paragraph, so a claim without a citation is visibly a problem. Outputs are validated against a schema. When retrieval coverage is thin, the system refuses or escalates rather than improvising. And we hold an evaluation set of real cases with agreed correct answers that runs in CI on every prompt or model change. You cannot eliminate hallucination; you can make it rare, visible and caught before a human sees it.
Will you tell us if AI is the wrong tool for our problem?
Yes, and we do it regularly. If your rules are fixed and written down, you want a deterministic system with a test suite — cheaper, faster, auditable, and it will not drift. If the data does not exist or your own experts cannot agree on the correct answer, no model will resolve that for you. We would rather lose the project than build something that quietly degrades and damages our reference list.
What does an AI project cost to run, not just to build?
Model API usage, vector database hosting, and the compute behind retrieval and ingestion. It is genuinely variable, so we estimate cost-per-request during the prototype and design against it — caching, routing easy requests to smaller models, batching, and trimming context. Cost per request is a metric we monitor in production alongside latency, because an AI feature that works but costs more than the work it replaces has not actually succeeded.
How long before we see whether an AI use case works?
Two to four weeks to a prototype measured against a real evaluation set — not a demo, a number. That phase is deliberately cheap and deliberately early, because its job is to kill bad use cases before they consume a budget. Production hardening, integration, review workflows and monitoring is where the remaining time goes; the model is usually the smallest part of the project.
Can AI systems run entirely on our own infrastructure?
Yes. Open-weight models served with vLLM on your own GPUs or your own cloud tenancy, with the vector database and pipelines alongside them. Nothing crosses your network boundary. Expect to trade some quality against the frontier hosted models and to take on GPU cost and operational burden — for regulated data, that is frequently the right trade, and we will help you make it with real numbers rather than a policy reflex.
Who reviews the AI's output before it affects a customer?
That is a design decision we make with you, based on what a wrong answer costs. Where the cost is real, high-confidence outputs pass through and everything else routes to a human review queue with the source document and the model's reasoning attached. Reviewer corrections are captured as labelled data and fed back into the evaluation set, so the review queue makes the system better rather than just catching it being wrong.
7 questions
Security & IP
Who owns what, who can see what, and what we sign before we see anything.
Who owns the source code and the IP?
You do — fully, on payment, with no ongoing licence back to us and no restrictions on your use of it. Ownership transfers as work is delivered, not at some final milestone. This covers code, designs, documentation, prompts, fine-tuned model weights and data pipelines. The only exception is pre-existing open-source dependencies and our own generic internal utilities, which we licence to you perpetually and free — and we list them explicitly in the contract rather than leaving them as a surprise.
Do you sign NDAs?
Yes, before any detailed discussion, and we are happy to work from your paper rather than insisting on ours. Our standard mutual NDA is available if you would rather move quickly. We will not sign anything that prevents us from working in your entire industry, but confidentiality on your business, data, code and roadmap is a given regardless of whether the project proceeds.
Can you work under our compliance requirements (HIPAA, GDPR, SOC 2)?
We build to those constraints routinely — encryption in transit and at rest, least-privilege access, audit logging, data-residency controls, PII redaction, retention policies and BAAs with the relevant subprocessors. To be precise about what we are claiming: we build systems that meet these requirements and we support your certification process; we are not ourselves a certified auditor, and any certification is for your organisation to hold.
How do you handle access to our production systems?
Least privilege, always. We ask for the narrowest access that lets us do the job, prefer read-only and staging environments, and use your SSO and your credential vault rather than shared logins. Access is time-bound and revoked at project end — and we will send you the list to revoke rather than waiting for you to remember. We would generally rather you keep production deploy rights in-house and have us ship through your pipeline.
Do you use our code or project as a portfolio reference?
Only with your written permission, case by case. No logo on our site, no case study, no mention in a sales call unless you have said yes to that specific use. Silence is not consent and the default is no. Many of our engagements are ones we cannot discuss at all, which is why our public portfolio understates what we do.
What are your security practices during development?
Secrets in a managed vault and never in the repository, dependency and vulnerability scanning in CI, mandatory code review before merge, hardware-backed MFA on every system that touches client data, and encrypted disks on every developer machine. On security-sensitive projects we recommend budgeting for an independent third-party penetration test before launch — an audit by the people who wrote the code is worth less than it appears.
What happens to our data and credentials when the project ends?
Client data is deleted from our environments on request and by default within 30 days of project close; access is revoked, keys rotated on your side, and we confirm in writing what was removed. We keep the contract, invoices and, where you have agreed, the repository — nothing else.
6 questions
Support & Maintenance
What happens after launch — which is where software spends most of its life.
What happens after launch?
Launch is the start of the interesting part. We include a warranty period — typically 30 days — where anything that does not match the agreed spec is fixed at our cost. After that you choose: a monthly support retainer with us, a structured handover to your own team, or nothing at all if the system is stable and you would rather call us when you need us. All three are legitimate, and we will tell you which one we think fits.
What do your support retainers include?
A block of monthly hours covering bug fixes, dependency and security updates, monitoring and alert response, and small enhancements. Unused hours do not roll over indefinitely — usually one month — because otherwise you are just pre-paying for capacity you never use. Retainers are month-to-month with 30 days notice.
What are your response times if something breaks?
On a support retainer: production down, one business hour; degraded but working, four business hours; everything else, next business day. Genuine 24/7 on-call with out-of-hours paging is available but priced separately, because it means real people on a rota rather than a promise in a PDF. Without a retainer we work on a best-effort basis — we will always try, but we cannot commit ahead of retained clients.
Can you maintain software your team did not build?
Usually. We start with a paid audit of the codebase, tests, infrastructure and dependencies, and come back with an honest assessment and a support proposal. If the system is in bad enough shape that we cannot support it safely, we will say so and price the remediation rather than accepting a retainer we know we will fail on.
What if we want to bring the work in-house later?
Good — that is a healthy outcome and we design for it from the start. Handover means a documented codebase, runbooks, architecture decision records, a walkthrough with your team, and a few weeks of paid overlap where your engineers work and we answer questions. There are no exit fees and nothing is locked to us. An agency that makes leaving painful is telling you what it thinks of its own work.
Do you monitor systems in production?
On a retainer, yes: uptime and health checks, error tracking, performance and latency percentiles, log aggregation, and alerts routed to a real person rather than an inbox nobody reads. For AI systems we add quality monitoring — refusal rates, retrieval misses, output validation failures and cost per request — because a model API returning 200 OK tells you nothing about whether the answer was any good.
14 questions
Questions About Specific Services
Pulled from our individual service pages — the questions clients ask most about each offering.
Website & Web App Development: Can you build both simple websites and complex web apps?
Yes. We handle everything from fast marketing sites to dashboards, portals, and multi-tenant SaaS applications.
Website & Web App Development: Will the website be optimized for SEO?
Yes. We structure pages, headings, metadata, performance, and content layout with SEO best practices in mind.
Custom Software Development: Can you replace spreadsheets or manual processes with software?
Yes. Many of our projects start by turning fragmented spreadsheets and manual steps into one centralized platform.
Custom Software Development: Can you integrate with our existing systems?
Yes. We often connect custom software to CRMs, billing systems, telephony tools, shipping APIs, and internal databases.
Mobile App Development: Do you build for both iOS and Android?
Yes. We typically build cross-platform apps that support both ecosystems efficiently.
Mobile App Development: Can the mobile app connect with our existing backend?
Yes. We can integrate with existing APIs or help redesign the backend for mobile readiness.
AI, LLM & Automation: Can you build AI into our current platform?
Yes. We often integrate AI capabilities into existing portals, CRMs, or internal systems.
AI, LLM & Automation: Do you only work with chatbots?
No. We also build OCR pipelines, retrieval systems, document intelligence, voice workflows, and backend automations.
DevOps, Cloud & SRE: Can you improve an existing deployment setup?
Yes. We can audit and improve current cloud, Docker, CI/CD, and observability setups.
DevOps, Cloud & SRE: Do you support ongoing DevOps work?
Yes. We can help as a long-term engineering partner for release, monitoring, and reliability improvements.
E-Commerce & Payments: Can you handle subscriptions and invoices too?
Yes. We build payment flows that cover subscriptions, invoices, customer billing journeys, and reporting.
E-Commerce & Payments: Can you integrate payments into an existing platform?
Yes. We can integrate secure payment functionality into your existing product architecture.
Maintenance & Support: Can you maintain software built by another team?
Yes. We can review the current system, understand the codebase, and take over structured support and improvements.
Maintenance & Support: Do you offer monthly retainers?
Yes. We can support maintenance through retainers or structured support cycles depending on your needs.
Still have a question?
If your question is not answered above, it is probably a good one. Send it over and a senior engineer — not a chatbot and not a sales rep — will get back to you within 24 hours.