Three tiers. Fixed prices.

No retainers to start, no hourly billing surprises. You know the price before you commit.

Tier 1 · Audit

CHF 1'490
€1'550

one-time · 3 business days

A complete written security and production-readiness review of your vibe-coded app.

  • Row-Level Security policy review (Supabase, Postgres, Firestore)
  • Secrets & environment hygiene
  • Auth / session / token review
  • Stripe / webhook signature verification
  • GDPR / DSGVO compliance callouts
  • Dependency CVE scan
  • Severity-ranked PDF + 30-min walkthrough call
Order audit
recommended after audit

Tier 2 · Hardening Sprint

CHF 9'900–24'900
€10'300–25'900

fixed scope · 2–4 weeks · quoted from audit

We fix every critical and high finding from your audit, on staging, with your approval gate.

  • All Tier 1 audit findings patched
  • CI/CD pipeline + automated security scans
  • Monitoring, alerting, backups
  • GDPR-conform logging & data-deletion paths
  • Staging-first deploy with approval gate
  • One-click rollback on production
  • Re-audit included on delivery
Request quote

Tier 3 · Managed Hosting

CHF 690–2'490 / month
€720–2'590 / month

recurring · 24h response SLA

Your hardened app hosted in EU regions, patched and monitored continuously. Includes the optional EU-only LLM mode for sensitive workloads.

  • EU hosting (Frankfurt default; region of your choice)
  • Optional EU-only LLM mode (Bedrock-EU / Mistral / Ollama)
  • Automatic dependency & CVE patching
  • Monthly security scan
  • Daily backups, 30-day retention
  • Quarterly re-audit · 24h response SLA
Talk to us

Tier 4 · Replatforming

Your Lovable / Bolt / v0 app is fundamentally past its limits and you need it rebuilt on a stable, maintainable stack. We do this — quoted per project, typically CHF 40'000–120'000 (€41'500–125'000). Talk to us if you've hit the wall.

Discuss your project →

Questions you might be asking yourself

Why fixed prices?

Because hourly billing punishes us for being fast. With fixed prices the incentive is aligned — we do good work, you know what it costs.

What if my app isn't Lovable / Bolt?

We audit any vibe-coded app — Cursor, v0, Replit, Windsurf, hand-prompted Claude / GPT output. If a human and an AI worked on it together and it's now in production, we'll audit it.

Why EU hosting?

Because your enterprise prospects ask. Hosting your customer data on AWS-US blocks B2B deals with most European Mittelstand and regulated industries. We host in EU regions (Frankfurt by default), you can answer Yes on the procurement form.

What about the LLM? Doesn't Claude run in the US?

Honest answer: by default, yes — agent reasoning calls go to Anthropic's API which runs on AWS US. No data is persisted there (per Anthropic's standard DPA). On Tier 3+ you can flip on EU-only LLM mode, which routes inference to Claude on AWS Bedrock eu-central-1, to Mistral (Paris), or to your own self-hosted Ollama deployment. Pick the trade-off that fits your compliance posture.