Services Hire Developers Pricing About Blog Case Studies Book Free Consultation →
Industry: SaaS

Software development for SaaS

Engineering for B2B SaaS founders and platform teams. We design multi tenant architecture that survives the move from twenty customers to two thousand, build Stripe billing that reconciles to the penny, and ship the SSO, SCIM, audit logs, and white label theming the enterprise tier was always going to ask for. SOC 2 Type 1 in progress; compliance-ready architecture from day one.

Get free assessment → View case studies

Industry challenges we solve

SaaS scaling pain is rarely about traffic. It is almost always about decisions made early, tenancy model, billing model, audit model, that are now expensive to undo. We focus on the patterns where teams routinely lose months to rework.

Tenant isolation done wrong. A tenant_id column with no row level security and no test coverage. A single missing WHERE clause leaks one customer's data into another's dashboard. The breach disclosure email writes itself.
Billing edge cases that break trust. Pro-rations off by a day, mid cycle plan changes that invoice twice, refunds that do not reverse usage counters, dunning that emails customers whose card already cleared. Finance loses confidence in the data, sales loses confidence in finance.
SSO and SCIM as an afterthought. The first enterprise prospect asks for SAML, Okta SCIM, and SOC 2. Sales says yes. Engineering needs four months and a refactor. The deal slips a quarter.
Audit trails that do not survive a real audit. The application logs everything to Datadog with a 30 day retention. The auditor wants seven years, immutable, with the actor and target on every event. Datadog is not the answer.
Status pages copy-pasted but never tested. The status page is hosted on the same infrastructure as the product. When the product goes down the status page goes down with it. Customers find out from Twitter.
White label theming that ships as five hundred lines of CSS overrides per tenant. Every brand refresh becomes a six week project and a regression risk. Operations refuses to onboard the next reseller until it is fixed.
Capabilities

Our SaaS capabilities

🏢

Multi tenant architecture

Row level isolation on PostgreSQL RLS for high tenant density, schema-per-tenant where blast radius matters, database-per-tenant for enterprise data residency. Tenant context propagated through middleware, never through query strings, and automated tests that prove cross tenant queries fail closed.

💳

Stripe billing & metering

Subscriptions, usage metered products, customer balance, dunning, smart retries, Stripe Tax, idempotent webhook processing with reconciliation, plan change pro-rations that finance can audit, and a self serve customer portal that does not require a support ticket for every change.

🔑

SSO, SCIM & RBAC

SAML 2.0 and OpenID Connect against Okta, Entra ID, Google, OneLogin, Ping, and bespoke IdPs. SCIM 2.0 provisioning with proper soft delete handling. Role based access control with custom role definitions, attribute based policies for fine grained permissions, and quarterly access reviews built into the admin console.

📜

Audit trails & activity log

Immutable, append-only audit log with actor, target, action, before / after state, IP, user agent, and tenant context. Long term retention to S3 Object Lock or equivalent. Customer-facing activity log surfaced in the admin console so end users can self serve security investigations.

🔌

Customer-facing API & webhooks

OpenAPI 3.1 specified endpoints with rate limiting, API key and OAuth client credential auth, signed outbound webhooks with replay protection, a developer portal generated from the spec, idempotency keys on every mutating endpoint, and a sandbox environment that mirrors production behaviour.

🎨

White label, status & admin tooling

CSS custom property design system for per-tenant theming, custom domains via Cloudflare for SaaS or ACM, status pages on independent infrastructure (Statuspage, Better Stack, or self-hosted), incident automation, and an internal admin console for impersonation, billing adjustments, and tenant management with full audit logging.

Compliance & regulatory considerations

SaaS compliance is mostly procurement compliance. The framework that matters is whichever one your largest enterprise prospect has put in their security questionnaire. We design the controls once and map them to whatever framework comes next.

SOC 2 Type 1 (in progress) ISO 27001 control mapping GDPR & UK GDPR CCPA / CPRA HIPAA-eligible architecture PCI DSS SAQ A scope Cyber Essentials Plus aware UAE Data Protection Law

SOC 2 is the lingua franca of B2B SaaS procurement. We are working through SOC 2 Type 1 readiness with our own auditor and we are honest about the stage we are at. For client engagements we deliver compliance-ready architecture against the SOC 2 Trust Services Criteria: access management with least privilege and quarterly reviews, change management through pull requests with required reviewers, vendor management with a documented sub-processor register, incident response runbooks tested with tabletop exercises, encryption at rest (AES-256) and in transit (TLS 1.3 only), structured audit logging with append-only retention, and BCP / DR plans with measured recovery point and recovery time objectives. When you need a Type 2 attestation for your enterprise customers, the controls and the evidence are in place; you run the audit with your chosen auditor.

GDPR is engineering more than legal. Data subject rights (Articles 15 to 22) are first class endpoints, not customer support tickets. Records of Processing Activities, sub-processor registers, DPA appendices, and Standard Contractual Clauses for international transfers are templated and version controlled. EU and UK customer data is hosted in eu-west-2 (London), eu-west-1 (Ireland), or eu-central-1 (Frankfurt) by default, with US clients on us-east-1 or us-west-2. Cross border data flows are documented in the ROPA so the next data protection officer to join the company does not have to reverse engineer them.

HIPAA-eligible architecture for healthcare-adjacent SaaS is available on request: BAA-eligible AWS services only, customer-managed KMS keys, expanded audit logging on PHI access paths, and a separate environment if your customer profile requires it. We will not pretend to be a HIPAA certification body, because no such body exists, but we will deliver the architecture and evidence base your healthcare customers' compliance teams ask for.

Tech stack we use for SaaS

Boring, well understood technology that supports the SaaS shaped problems: tenancy, billing, identity, audit, and observability. We reach for novelty when it pays for itself, not before.

Node.js 20 + TypeScript React 18 + Next.js PostgreSQL 16 + RLS Redis + BullMQ Stripe Billing + Tax WorkOS / Auth0 / Clerk Okta & Entra ID SCIM OpenAPI 3.1 + Zod Cloudflare for SaaS AWS + Terraform Statuspage / Better Stack Datadog + immutable audit logs
New Product Development UK proptech · 14 weeks · 4 engineers

Multi tenant CRM SaaS for UK real estate agencies, built from scratch in 14 weeks

A UK proptech wanted a white label CRM specifically for independent estate agencies. We shipped a multi tenant SaaS with schema-per-tenant isolation, unified lead inbox ingesting Rightmove, Zoopla, and OnTheMarket, an XGBoost lead scoring model, automated property matching via the Google Maps API, and Stripe Billing with tiered subscriptions. Eight agencies onboarded at launch with sub five minute lead response times and 40% higher lead-to-viewing conversion than their previous tooling.

40%Higher lead to viewing rate
<5 minAvg lead response time
8Agencies onboarded at launch
14 wksConcept to production

Read full case study →

FAQ

Common questions

It depends on tenant count, blast radius tolerance, and per-tenant customisation. Row-level isolation (single shared schema with a tenant_id column and PostgreSQL row level security) scales to tens of thousands of tenants on a single cluster, keeps migrations cheap, and gives uniform performance. Schema-per-tenant (one PostgreSQL schema per customer) gives stronger blast radius isolation, easier per-tenant data export, and cleaner GDPR erasure, at the cost of slower migrations and lower tenant density. Database-per-tenant is reserved for enterprise tiers with regulatory data residency requirements. We pick per engagement based on your customer profile, not based on what is fashionable.
We default to Stripe Billing with subscription products, metered usage where the pricing model needs it, customer balance for credits and prepayments, and tax handled by Stripe Tax. Webhooks land in an idempotent processor with retry, dead letter queues, and a reconciliation job that reads back from Stripe daily to catch any drift. Self serve plan changes go through a dunning flow with smart retries and email cadence. Enterprise contracts use invoice billing with Stripe or hand-rolled NetSuite integration when finance demand it.
It means we have implemented the controls (access management, change management, vendor management, incident response, encryption, audit logging, BCP/DR), documented them, and are working through the readiness assessment with our auditor. Type 1 attests to the design of controls at a point in time. Type 2 attests to operating effectiveness over a period (typically 6 to 12 months). We are honest about which stage we are at and we will not claim a certification we do not have. For client engagements we deliver compliance ready architecture and the control evidence, and we coordinate with your own auditor where you need a Type 2 letter for your enterprise customers.
Yes. SAML 2.0 and OpenID Connect federation against Okta, Azure AD / Entra ID, Google Workspace, OneLogin, Ping, and bespoke IdPs. SCIM 2.0 provisioning with users and groups, idempotent on every endpoint, with proper handling of soft delete vs hard delete and role mapping that survives an IdP role rename. SSO and SCIM are usually a paid enterprise tier; we instrument them so they are billable from day one rather than an afterthought your sales team has to negotiate.
Every billable event is written to an append-only event log with an idempotency key (so a retried API call does not double-count). A daily aggregation job rolls events into per-tenant counters that feed Stripe metered subscriptions or your invoicing system. Customers get a real time usage dashboard so the invoice never surprises them. We reconcile aggregated counters against the raw event log monthly and publish the variance, which is usually under 0.01% when idempotency is done right.
Yes. We use a CSS custom property design system so each tenant overrides a small set of tokens (brand colours, logo, typography pair, border radius, density) rather than authoring a full stylesheet. Email templates use the same tokens via MJML. Custom domains are provisioned through a Cloudflare for SaaS or AWS Certificate Manager flow with automatic certificate renewal. When the parent brand refreshes, every tenant inherits the structural changes while keeping their own brand identity.
Free consultation, no commitment

Ready to ship?

Tell us about your project. Written scope, timeline and cost estimate within 48 hours.

Book a free consultation → Explore services →
Chat with us on WhatsApp