Own it. And prove it holds up.
Before a raise, an enterprise customer's security review, or a regulator, we tell you the truth about your software. Whether you own and control it. Whether it will survive the look. What to fix, and in what order. Built fast, with AI tools, no-code, or a team that has since moved on? That is exactly what we open.
An investor's reviewer is about to read your codebase. See it first, through the same eyes.
A big customer's security and procurement team will not sign until your software passes their check.
Your domain is regulated, and the evidence has to be there before anyone asks for it.
A control and readiness audit, not a code scan.
The Readiness Audit is a fixed engagement. Senior engineers look at your product before it faces outside scrutiny, and hand back an honest report and a plan. The code review sits inside it. The bigger question is whether you own the thing, whether you can run it, and whether it will survive a serious look.
Few firms lead with ownership and control as the central readiness question, especially for regulated and connected-product teams. It is the part a code scan never reaches, and it is the thing that stops a raise or a trial.
Control and ownership
Do you actually control your own product. Repositories, cloud accounts, signing certificates, domains, the accounts a former vendor may still hold. The lock-in that quietly stops a raise. This does not show up in a code scan, and it is where the most serious findings usually sit.
Technical health
Architecture and how it scales. Code quality, security and data handling, testing, the release process. The stack choices where a specific one is causing real, provable problems, not the ones that are merely unfashionable.
Process and continuity
Who owns and runs it on your side. Go-live, maintenance, tested backups, and the key-person risk if one person disappeared tomorrow.
Regulatory
Medical-device standards, and the newer regimes a buyer will ask you about. We know when the software evidence touches these and when to bring in RA, QA or legal. We are not a notified body, a certification body or a regulatory adviser, and we say so plainly.
A written report, and a straight readout.
For an audit at this level, a one-line verdict is not enough. You get a written report, and a call to walk through it with the people who did the work. The report is built to be used, not filed.
The point is not the document. It is that you can walk into the raise or the partner call and answer straight. Straight answers, backed by a plan, beat a polished pitch that falls apart under a follow-up question.
Deep access, earned in stages.
A real audit needs real access to the real product. A founder a month from a raise will not hand an unknown firm the keys on day one, and we would not ask. So access is phased. There is no shallow, keys-locked version, because a light report from a surface look is a guess dressed up as an assessment, and we will not put our name on it.
One price, in your currency.
A Readiness Audit starts from $15,000, or €13,000 in Ireland and the UK. It is close to the same number in two currencies, not two decisions. The final figure is fixed in a short scoping call, in your currency, because scope genuinely varies with the size and complexity of the product.
Regulated, medical-device and connected-product audits are scoped separately, and they cost more. The evidence, the access, the security work and the quality-system interfaces materially change the job. It is not a surcharge on the standard price.
The price rules out the tyre-kicker, and it is a straight signal of the seniority you are buying. We do not charge a day rate. You are buying the audit and the answer, not a number of days.
Built where getting it wrong is expensive.
We build software to the standard that applies, under your quality system. In medical devices that means IEC 62304 and IEC 62366-1, under your ISO 13485 quality system, with our software risk analysis feeding your ISO 14971 file.
The audit is only as good as the eye behind it. Fourteen years of builds where the margin for error is zero. We built the original Bluetooth Low Energy SDK for Fire1's implantable cardiac device, now in clinical trials. We have done biometric identity work at national scale. And we have opened and assessed more than forty codebases since 2012. That is the eye we bring to yours.
The findings stand, whoever fixes them.
If you want us to do the remediation, we can, and we will scope and price it separately. The audit earns that work on merit, not by selling. The severity of a finding is never changed by whether we can be the one to fix it, and you are free to take the report to your own team or to another firm. That independence is written into how we work.
This is the audit for a funded product facing a trigger. If the product is broken, the team is gone, and the money is in the fix rather than the assessment, that is a different piece of work. It is a Rescue, and it has its own page.
Book a Readiness Audit.
It starts with a short scoping call. A straight, senior read on where you actually are, and what a full audit would cover.
53.7°N -7.8°W · IRELAND
EST. 2012 · EU
hello@purpledecks.com