Standards & Quality

We ship proof, not promises.

Software you can verify — auditable from the first idea to release. Even when speed matters, we hold our course.

Binding standards, not a marketing claim.

The chain of trust

Five hands on deck — none is skipped

Every change runs through the same chain of five responsibilities. Even the smallest hotfix. No link is left out, not even for „small and fast“.

1

Code review

House rules & consistency

Correctness and consistency across both languages — including a check that no link and no button leads nowhere.

2

Compliance

Data & provenance

New dependencies, outbound traffic, personal-data flows and the origin of every asset are reviewed on every change.

3

Tests

Prove behaviour

Every new logic path needs a test. Pages are checked in both languages, shared logic on happy path and edge cases.

4

Pre-flight

Automated check

An automated build, asset and visual check runs in both languages. On a visual bug we stop instead of patching over it.

5

Integration & release

Safely ashore

Consolidation, staged merge and a release log — so it stays traceable who shipped what, and when.

Our bar

Quality you can make fast

We'd rather state our binding targets than a flattering snapshot. Measured continuously — not claimed.

BDD & TDD
test first — prove behaviour, don't guess code
95 %+
test coverage as a binding target
99.9 %
targeted uptime in operation
0
tolerated open security findings
2+
languages — always multilingual

These are our standards — the real per-project figures we share openly with customers and auditors.

The gate

One check that blocks faulty releases

Before every deploy a single pre-flight script runs build, asset-size, migration and SEO checks. A failed check stops the release — without override. The same script runs locally and in the pipeline, so the check is identical everywhere.

Test first

The test before the code

We write the test before the implementation — especially for new features. A test must prove behaviour (that the attack now fails, that the translation actually appears), not just that a pattern exists in the source. Code without a matching test is not merged.

Data minimisation

We store what's needed — and nothing else

GDPR-first isn't a label here, it's how we build:

The marketing site is statically generated: no backend, no login, no tracking, no analytics SDK.

No external fonts or CDNs in production — fonts and icons are self-hosted.

Exactly one functional cookie: your language choice. Nothing else is stored about you.

In the platforms the public endpoint serves only the minimum; logs are checked for personal data.

Traceability

A trail you can really follow

Certificate- and compliance-relevant events are recorded append-only — readable, never silently rewritten.

Content lives versioned as plain text in Git instead of a black-box CMS.

Every deploy lands in a release log — the history of the live state stays transparent.

Depth

Proven tech with a ten-year horizon

Mainstream over fashion: both stacks have large communities and stay maintainable. No exotic frameworks nobody will maintain in two years.

Backend
Rails 7 · JSON API · PostgreSQL · Sidekiq
Frontend
Nuxt 3 · Vue 3 · Vuetify 3 (Material Design)
Auth
LDAP / AD on-prem · local fallback with TOTP MFA
Hosting
Swiss data centre · CH / DE / AT selectable

From drawing board to water

To market in waves — no waterfall

01

Bullet points

You bring the idea, we bring the right questions. Set the scope, spot risks early.

02

Prototype

A clickable prototype in days, not months, visible live to everyone involved.

03

MVP in waves

Each wave is signed off with real reviews — iterative instead of long upfront planning.

04

Launch & support

Go live and stay supported: hosting, maintenance, further development.

Safely moored

Security & operations

Hosting in Switzerland, Germany or Austria — data sovereignty stays with the customer.

On-premise option for organisations that want to keep everything in-house.

MFA required and login against the org directory (LDAP/AD) instead of cloud lock-in.

Security gaps aren't just fixed — each is permanently secured by its own regression test.

More standards

What else we take seriously

Multilingual

Every page checked end-to-end in each language — translations are tested, not just entered.

Performance

Statically generated, lean assets, fast load times as a measurable promise rather than chance.

Accessibility

Sufficient contrast, keyboard operation and semantic HTML are standard, not a bonus.

Documentation

Docs are part of the product, not an afterthought — so handover and operation stay solid.

What we stand by

Four principles

Proof over promises

What we claim can be verified — otherwise we don't say it.

Data sovereignty with you

Your data stays your data. On-prem, own hosting, clear boundaries.

Honest about the unfinished

We name what's still missing instead of papering over gaps.

Quality as a habit

Not a one-off audit, but a bar that holds on every commit.

A living course

We tighten the gates over time

The chain of trust isn't set in stone. We review it after every major sprint, learn from what slipped through, and sharpen the gates. Quality as a habit, not a one-time act.

See for yourself

No login, no sign-up — just come aboard and look. Try the products and judge the quality directly.

Explore ValidLearnExplore ValidSlots Talk to us