/01
Client-owned accounts
Production hosting, database, email, analytics, payment, and AI-provider accounts are set up under the client when the project requires them.
/SECURITY + HANDOFF
Custom software should not trap your data, source code, vendor accounts, or operating knowledge inside a developer relationship. The engagement is scoped so the client can own the system after launch.
/01
Production hosting, database, email, analytics, payment, and AI-provider accounts are set up under the client when the project requires them.
/02
Admin roles, participant links, exports, and internal tools are scoped so people see only what they need.
/03
Assessment responses, HR-style records, patient intake, payment data, and customer records are treated as first-class product constraints.
/04
Handoff includes the repository, deployment notes, environment-variable map, and enough documentation for another developer to continue.
/CLIENT OWNS
Source-code repository
Cloud and vendor accounts
Database and production data
Deployment configuration
Environment variable map
Project-specific IP
/SCOPED BEFORE BUILD
Which fields are personal, confidential, regulated, client-owned, exportable, or safe to keep out of the product entirely.
Who can create records, invite participants, view responses, approve reports, export data, or administer accounts.
Which services touch email, storage, analytics, AI, payments, PDFs, or notifications, and whose account pays for them.
What must exist for another developer to continue safely: docs, repo access, deploy steps, schema notes, and account ownership.
Bring the workflow, data types, user roles, and current manual process. The discovery call will separate product scope from data and access decisions before any quote is final.
BOOK A SECURITY-MINDED BUILD CALL