Per engagement. We quote after scope, not before. Production builds start at $25K. Most fall between $50K and $250K. Enterprise systems scale up from there.

How fast can you start?

Two engagements per quarter. If the current availability isn't right, we can usually find a window within 30 days.

Sometimes, on the right product bets. Never as a substitute for cash, and never before we've delivered real work.

Do you work with non-technical founders?

Yes — if you have product conviction and can decide quickly. We're not the right team if you need us to run your roadmap for you.

St. Louis, Missouri. Our clients are global. Most engagements run fully remote with a weekly async report and a bi-weekly call.

Security and compliance posture

Our posture at a glance

We build and ship AI systems for healthcare, financial services, legal, and government-adjacent operators — clients whose data handling is regulated by default. That means every production build we ship starts from a compliance-aware baseline, not a retrofit.

HIPAA-aware

PHI handling, minimum-necessary access, BAA available, audit-ready workflows. Shipped for dental, medical, and mental health clients.

SOC2-aligned

Controls mapped to SOC2 Type II criteria. Access review, change management, monitoring, and incident response documented.

GDPR-ready

Data residency options, DPAs available, right-to-delete workflows, and consent-aware data flows.

Private cloud

Optional deployment inside a client-owned VPC (AWS, GCP, Azure) for engagements where data residency or isolation is non-negotiable.

Controls we run

Encryption in transit

TLS 1.2+ end-to-end

Encryption at rest

AES-256 via platform vendors

Access control

Role-based, least-privilege

Audit logging

Every model call, tool call, admin action

Secret management

Platform-managed secrets · zero hard-coded keys

Incident response

24-hour disclosure for confirmed incidents

Vendor review

Only SOC2 + ISO27001 platforms in production

Dependency scanning

Automated CVE monitoring on every build

Human-in-loop gates

Configurable review paths for sensitive actions

Infrastructure partners

We ship on vendor-grade infrastructure: Vercel (SOC2 Type II), Supabase (SOC2 Type II, HIPAA-eligible), Anthropic Claude (SOC2, HIPAA, ISO27001), OpenAI (SOC2 Type II, GDPR), Stripe (PCI DSS Level 1), Telnyx (SOC2 Type II, HIPAA-eligible). We do not run custom crypto or proprietary auth systems unless required.

Data handling

Client data is processed only for the scope of the engagement, is never used to train external models, and is purged on request or at engagement close. We sign BAAs and DPAs as required.

Model interactions route through zero-retention API endpoints where available. For Claude and GPT, we use opt-out modes that disable training use of prompts and completions.

Audit and human oversight

Every enterprise engagement ships with an audit trail covering model calls, tool invocations, and administrator actions. Human-in-the-loop review paths are standard for any AI system touching regulated data, customer money, or clinical decisions.

Incident response

We commit to 24-hour disclosure on any confirmed security incident affecting client data or systems. Enterprise engagements include a named security contact, documented escalation path, and post-incident review within 10 business days.

Document requests

The following are available on request with a signed MSA or NDA: security overview deck, SOC2 alignment documentation, sample DPA, sample BAA, data flow diagrams, and vendor list.

Request security pack SLA commitments →

Security.Built in, not bolted on.

Our posture at a glance

Controls we run

Infrastructure partners

Data handling

Audit and human oversight

Incident response

Document requests

Security.
Built in, not bolted on.