What if the previous developer or agency will not cooperate?
We plan for it. Where the credentials sit with a vanished vendor, we name and scope the recovery separately, and it happens before the assessment clock starts. We never absorb it silently.
Do I have to use you for the fix?
No. The report is yours to take anywhere, and the severity of a finding does not change based on who does the work. If you want us to do the fix, we scope it separately after the assessment.
What if you cannot inspect everything?
We say so plainly. The evidence map records what could not be inspected and what we assumed, and it states the limits of a fixed-days look. We do not dress a guess up as a finding.
Is my code and my data safe with you?
Read-only by default, credentials you create and revoke, an NDA before anyone sees code, and no production change without your written approval. You hold the switch throughout.
What if my product is regulated?
The standard assessment does not buy regulated assurance. A genuinely regulated product, a medical device or similar, moves to separately scoped work, and we tell you that up front.
How fast can you start?
Work typically starts within two to three working days of access being confirmed. Critical findings are flagged the same working day we find them, in writing.
What does it cost?
From $5,000, typically $5,000 to $9,000, and €4,500 to €8,000 in Ireland, the UK and the EU. The number inside the band is set in a short scoping call, in your currency.