pdPurpledecks
Software project rescue · Codebase takeover

Find out if your software can be saved, and whether you own it.

Your developer vanished, your agency went quiet, or you inherited a codebase nobody understands. Or it was built fast with AI tools and now it has to be real. Senior engineers take a hard, honest look and hand you a decision: rescue it, rebuild it, or stop. Onshore, no juniors.

Talk to an engineer See what the assessment gives you →
For the founder in trouble

A senior team that has opened more than forty codebases. The truth about yours, fast.

For the AI-built founder

Your app works. We tell you whether you own it, whether it can be maintained, and whether it survives real users.

For the fractional CTO

Keep your client. Get an independent, evidenced decision you can defend.

EST. 2012 · 53.7°N -7.8°W · IRELAND · EU
§ 01 · Does this sound like you?

One look, whatever brought you here.

These arrive under different words. Codebase takeover, software project handover, a rescue. They are the same engagement: a senior team gets inside the code, the accounts and the infrastructure, and tells you where you stand.

01 · AI-built · pre-crisis

It works. But do you own it?

You shipped fast on Lovable, bolt.new, Replit or Base44. A vibe-coded app that now has to be real. The thing runs, and the question underneath is quieter: do you own it, can anyone but the tool maintain it, and does it survive real users? A Cursor or Windsurf build lands in the same place.

02 · The in-house prototype

Someone inside proved the idea works.

A PM, a security lead, an intern, somebody technical enough hacked it together, and it has real potential. Building a proof and building for production are different jobs. We tell you what carries forward, what gets rebuilt, and what it takes to make it real.

03 · The team is gone

Your developer or agency is gone.

The developer disappeared. The agency controls your accounts and stopped answering. You are locked out of your own app. First question we answer: can you deploy without the people who left?

04 · Still there, not working

You're not happy with your current developers.

The team is still in place, but the product is drifting and the answers are thin, and you're quietly weighing a change. We give you an independent read of where the thing actually stands, under NDA, before you say anything to anyone. Discretion is the default.

05 · Inherited

You inherited a codebase.

A handover with no handover. Nobody understands the code, and you need to know what running it actually takes, and who holds the repos, the cloud accounts and the keys.

06 · Save or rebuild

Is it worth saving?

Maybe it limps along, maybe it is stalling under real users. You need a straight answer, rescue it, rebuild it, or stop, with what each one costs.

§ 02 · What you get

A decision, and the register that proves it.

The assessment prices the look, not the rescue. You get a written report and a live readout call. It leads with the decision and with who owns what, because those are the two things a code scanner structurally cannot tell you.

Leads the report

The decision, up front

Rescue, rebuild, or, where it is the honest answer, stop and contain. Three options, costed with their assumptions, so you can see why the recommendation is the recommendation.

The differentiator

An ownership and control register

Repos, environments, domains, cloud, app store accounts, signing keys, credentials, third-party services, billing. Who holds each one today, and what that means for you.

The salvage line

What is kept, what is binned, and why.

A risk register

Severity, impact and remediation effort per finding, scoped to what bears on the decision. Not a full technical-debt inventory.

An evidence map

What was reviewed, what could not be inspected, what was assumed, and the limits of a fixed-days look, stated plainly.

A recovery plan

Sequenced. Stabilise, secure, then fix, itemised well enough that any competent firm could price the same plan. For AI-built products it includes the platform question: what stays in the tool, what moves to a repo you own, and what a normal engineer needs to take it over.

A one-page summary you can share

The plain-English layer for a board member, an investor, a bank or a solicitor, kept separate from the technical detail.

A technical appendix

Architecture sketch, deploy path, dependency snapshot, and our confidence level on the estimates.

Delivery rule · same working day

Critical findings the day we find them. If day one turns up leaked keys or an open database, you hear it that working day, in writing, as an interim advisory.

Delivery rule · inside a week

The report inside a week. The look takes two to seven working days. The written report lands within two working days of the look finishing.

§ 03 · The offer

One price for the look. The fix is a separate conversation.

The Rescue Assessment
From $5,000

Typically $5,000 to $9,000. €4,500 to €8,000 in Ireland, the UK and the EU.

This is the founder and SME look. One product, a handful of services, a team that was under ten. Larger estates get a separate conversation.

The number inside the band is set in a short scoping call, in your currency. What moves it: how many platforms and codebases, the size and age of the thing, whether it holds sensitive data, and whether you hold your own keys.

What the fee buys
The look
2 to 7 working days
The report
within 2 working days of the look finishing
Start
typically 2 to 3 working days after access is confirmed
Critical findings
flagged the same working day, in writing
Payment
the scoped fee, up front
Phase pricing · lift it whole

The assessment is phase one of any fix or rebuild we do, so the assessment fee comes off the first invoice for that work, up to $5,000 (€4,500 in Ireland, the UK and the EU). The findings are the findings regardless: severity is independent of who does the work, and the report is yours to take anywhere.

We can do the fix

If you want us to, the rescue itself, the fix or the rebuild, is a normal project. We scope and price it after the assessment, in the conversation, never off a menu on this page.

Independence

The severity of a finding does not change based on whether we do the fix. The report is yours, and you can take it to anyone.

§ 04 · Access and confidentiality

A look needs less access than a takeover. Here is how we handle it.

For a buyer who has been burned once, this matters more than the price. So it is a written protocol, not a promise. You get it before any engagement letter.

Read-only by default
We ask for the least access that lets us see the code, the accounts and the infrastructure, nothing more.
You create and revoke
Credentials you create and revoke. You grant the access, you hold the switch, and everything we touch is logged.
NDA before code
An NDA before anyone sees code. Signed first, every time.
No production change
No production change without your written approval. A look does not touch the running product.
A clean exit
When we are done, we recommend rotating the credentials you gave us.
Recovery

Where the keys sit with a vanished vendor and have to be recovered first, we name and scope that separately, and it happens before the assessment clock starts. We never absorb it silently.

§ 05 · Honest fit

Who this is for, and who it is not.

For you if

You have real users or real money at risk, an ownership or a survivability question, and the budget to act on the answer. You want a decision you can defend, not a patch over the top.

Not for you if

There are no real users and no sensitive data, no ownership problem, and no budget for the fix if fixing is the answer. A two-thousand-euro tidy-up is a different job, and we will say so.

The regulated line

The standard assessment does not buy regulated assurance. A genuinely regulated product, a medical device or similar, moves to separately scoped work. We say that plainly rather than wave it through.

For the fractional CTO

Brought in by a founder to shortlist? You keep the client and get an independent, evidenced decision you can put your name to.

§ 06 · The proof

The look is only as good as the eye behind it.

Fourteen years of builds where getting it wrong was expensive, and more than forty codebases opened and assessed since 2012. Rescue is not a sideline here. Some of our clearest wins started as a rescue that came in by referral.

One worked example

One founder came to us with no budget for a full audit. We ran the assessment as phase one. Once the problem was actually understood, they committed to a fix several times the size of the assessment fee, with the money going where the problem actually was.

The look, proven on paper

A sample report shows the depth, the registers and the severity scale we work to. The same eye reads your code the same way.

See a sample report → What we find when we open other people's code → How the Readiness Audit works →
§ 07 · Common questions

The awkward questions, answered.

What if the previous developer or agency will not cooperate?

We plan for it. Where the credentials sit with a vanished vendor, we name and scope the recovery separately, and it happens before the assessment clock starts. We never absorb it silently.

Do I have to use you for the fix?

No. The report is yours to take anywhere, and the severity of a finding does not change based on who does the work. If you want us to do the fix, we scope it separately after the assessment.

What if you cannot inspect everything?

We say so plainly. The evidence map records what could not be inspected and what we assumed, and it states the limits of a fixed-days look. We do not dress a guess up as a finding.

Is my code and my data safe with you?

Read-only by default, credentials you create and revoke, an NDA before anyone sees code, and no production change without your written approval. You hold the switch throughout.

What if my product is regulated?

The standard assessment does not buy regulated assurance. A genuinely regulated product, a medical device or similar, moves to separately scoped work, and we tell you that up front.

How fast can you start?

Work typically starts within two to three working days of access being confirmed. Critical findings are flagged the same working day we find them, in writing.

What does it cost?

From $5,000, typically $5,000 to $9,000, and €4,500 to €8,000 in Ireland, the UK and the EU. The number inside the band is set in a short scoping call, in your currency.

Start here

Talk to an engineer.

It starts with a short call, and we qualify hard before we take founder time: your users and your revenue, how urgent it is, what access you can grant, where the previous team stands, and whether any of this is already heading for a solicitor. A senior engineer, not a sales layer.

We answer the awkward questions directly: how we protect your code and your accounts, how we handle a vendor who will not cooperate, insurance, continuity and references.

PURPLEDECKS
53.7°N -7.8°W · IRELAND
EST. 2012 · EU
hello@purpledecks.com

Best fit is a founder or a small team with a product that has real users or real money behind it, and a decision to make about saving it. If it is a two-thousand-euro tidy-up, we will tell you.

WORKING SINCE 2012 · SENIOR ENGINEERS ONLY · NO OFFSHORE HAND-OFF · REFERENCES ON REQUEST