Services

What we sell is working software.

Six capability areas. Each one we ship to production for paying clients. None of them are pulled out of a deck just to fill a page.

01 / 06

Payments engineering

We design and ship payment processing — card-present, card-not-present, ACH, recurring, tokenized — with the failure handling that production payments actually require.

  • Card processing against FreedomPay (FCC), Stripe, Elavon, and CyberSource
  • ACH and bank-account payments via Dwolla, Plaid, and direct NACHA-rules-aware integrations
  • Tokenization, Level II/III line-item data, MOTO and recurring-billing flows
  • Idempotency, void/refund/chargeback handling, dispute reconciliation
  • PCI-DSS-aware architectures; we know what to keep out of scope and how to keep it that way
  • Multi-merchant, multi-subsidiary, and currency-aware processing for distributed organizations

02 / 06

NetSuite integration

Most NetSuite "integrations" are a Restlet, a screwdriver, and a prayer. Ours are SuiteApps, custom records, scheduled jobs, and external services that talk to NetSuite without bringing it down.

  • Custom SuiteApps and bundled SuiteScript modules (Suitelet, RESTlet, User Event, Map/Reduce, Scheduled)
  • OAuth 1.0 (HMAC-SHA256) and Token-Based Authentication across external services
  • Custom records, custom forms, custom transactions — designed to survive bundle updates
  • External Go and TypeScript services that integrate with NetSuite as a system of record
  • Migrations between subsidiary structures, chart-of-accounts changes, and legacy SuiteScript 1.0 → 2.x
  • Open-source Go libraries we maintain for talking to NetSuite from anywhere

03 / 06

Backend systems & APIs

Long-running, distributed, idempotent. The kind of services that handle real money or real inventory and don't get to lose either.

  • Go services on AWS ECS / Lambda / Fargate, with Temporal for stateful workflows
  • REST and gRPC APIs with type-safe contracts, auto-generated SDKs, and proper versioning
  • PostgreSQL schema design, migration discipline, and read-replica patterns
  • Background processing, retry budgets, dead-letter queues, exactly-once semantics where they actually matter
  • Observability that engineers will actually use: structured logs, RED metrics, distributed tracing
  • Authentication and authorization — WebAuthn/FIDO2, TOTP, OAuth 2.0, session management with device tracking

04 / 06

Web & mobile front-ends

Production-quality web applications and mobile-companion experiences for users who are paying for something or scanning into something.

  • Vue 3 (with Composition API and Pinia) and Vue 2/Vuetify for legacy maintenance
  • Angular for enterprise-scale forms, tables, and workflow UIs
  • React when it's the right call — including SPA admin consoles and embedded payment widgets
  • Apple Wallet (PKPass) and Google Wallet pass generation for tickets, IDs, loyalty, and payment cards
  • Accessibility (WCAG 2.1 AA), keyboard navigation, and color-contrast discipline
  • Mobile-first, performance-budgeted, and tested on the actual phones your users are on

05 / 06

Legacy modernization & rescue

When the original team is gone, the documentation lies, and the bug list is older than the code — that is when we are most useful.

  • Stabilization-first: stop the bleeding, document the system as it actually behaves, only then rewrite
  • Strangler-fig migrations from monoliths to service boundaries that match how the business actually works
  • Runbooks, architecture diagrams, and decision logs as deliverables, not afterthoughts
  • Database refactors with zero-downtime backfills, dual-writes, and reversible migrations
  • Framework migrations (Vue 2 → Vue 3, AngularJS → Angular, .NET Framework → .NET Core)
  • Salvaging value out of half-finished projects without throwing the whole thing away

06 / 06

Architecture & advisory

Short-engagement consulting for teams that want senior outside perspective before they commit money or burn calendar.

  • Architecture reviews for proposed systems — what's right, what's wrong, what's overengineered
  • Vendor selection: payment processors, ERPs, infra providers, observability stacks
  • Security posture audits — authentication design, secret handling, PII flows, access control
  • Hiring and team-shape advice for technical leaders building or rebuilding their engineering org
  • Code reviews on critical paths when an internal team wants a second pair of eyes
  • Written reports — the kind a CFO or board can read and act on, not a 60-slide deck

FAQ

Specifics, in plain English.

What's the difference between a SuiteScript and a SuiteApp?
A SuiteScript is a single script (Suitelet, RESTlet, User Event, Scheduled, Map/Reduce, etc.) that runs inside NetSuite. A SuiteApp is a packaged bundle of SuiteScripts, custom records, custom forms, and configuration that can be installed across NetSuite accounts and — if certified — listed on SuiteApp.com as Built for NetSuite. We do both, and we know which one fits your problem.
What is Level II / Level III payment processing and why does it matter?
Level II and Level III commercial card processing means submitting line-item data — purchase order numbers, ship-to addresses, item descriptions, tax breakouts — alongside the transaction. Card networks return lower interchange rates for B2B and corporate-card transactions when this data is present. For B2B businesses processing significant volume, Level III alone can pay for the integration work in months.
Can you help us migrate from SuiteScript 1.0 to 2.x?
Yes. SuiteScript 1.0 is deprecated and the migration is non-trivial — APIs are different, the SuiteScript 2.x runtime is stricter, and any code with implicit type coercion or loose error handling will break. We've done these migrations end-to-end without disrupting the production NetSuite account.
Do you do PCI-DSS-compliant payment processing?
We architect to keep PCI scope minimized — typically by tokenizing cardholder data at the processor or hosted-iframe boundary so internal services never see PANs. Whether the resulting system needs SAQ A, SAQ A-EP, or full SAQ D depends on your specific architecture. We've shipped against all three; the first call usually settles which scope is right for you.
Can you build Apple Wallet or Google Wallet passes?
Yes. We've shipped PKPass generation (Apple Wallet) and Google Wallet pass APIs end-to-end — for tickets, IDs, loyalty cards, and payment cards. The signing, image dimensioning, pass updates, and HTTPS hosting requirements are exacting; we know what trips up production deployments.
Are you US-based? Do you outsource?
Yes, US-based. Our registered office is Canyon Country, California. The senior engineer on every engagement is the founder. We do not subcontract code to anonymous offshore teams — when you talk to us, you talk to the people writing the code.
Do you sign NDAs?
Yes. We sign mutual NDAs before anything sensitive is shared. If a confidentiality agreement is a precondition for the first conversation, just say so in your initial message.

Not sure which of these fits your problem?

That is normal. Most of our engagements start with a 30-minute call where we figure out what you need, who else might be a better fit, and whether we should keep talking.

Book a discovery call