From a stalled idea to a live, owned system, in one engagement.

• Scoping you can act on. A recommended architecture named in detail, a 3-month cost model your finance team can review, and an honest go, no, or conditional answer with the conditions named. Not a maybe, not a deck.
• The production architecture, built once, in your environment. The same cloud services, security boundaries, and logging that run in production, built in your own tenant behind your auth, on any cloud (your own AWS, GCP, Azure, or other account), on-premises, or hybrid.
• Real integrations. Connected to your actual production systems, read-only by default, write paths gated behind your approval. The build sees real load, real data shapes, and real auth flows, not synthetic fixtures.
• Logging and observability from the first request. Structured logs, metrics, and traces routed to your existing log store. Cost guards (per-user, per-tenant, and per-day caps) wired in so a single request cannot escape the budget.
• Monitoring and cost controls. Dashboards, alerting routed to your on-call, and cost ceilings with hard caps. Observability your team will actually use.
• Full handover. The code repository, the infrastructure-as-code, and the operational runbook (deploy, monitor, roll back, triage), written for your on-call team and walked through with them.
• 60 days of post-launch support. Bug fixes and minor tuning to the delivered scope, with a two business-day response target, not a standing retainer, so new features or integrations are a separate SOW. After that, an optional retainer or a clean exit. Your call.

You own everything from day one: the repository, the IaC, the runbooks, and any evidence pack. The contract gives Zyvra zero ongoing rights. You can take the system to any other engineer the day we ship.

Scoping is not a generic checklist. It is a targeted look at the dimensions that decide whether your build can clear a real security review in your environment:

• Security boundaries and tenant isolation. Where does the service run? Where does your data sit at rest, in transit, and in the system's working context? What's the blast radius if a key leaks?
• Data residency and regulatory exposure. UK GDPR and the sector-specific regulation that applies to you (FCA, MHRA, ICO guidance). What jurisdictions are in scope, and what does that mean for your storage and processing choices?
• Cost ceiling for the first 3 months. Compute, storage, networking, monitoring, third-party APIs. Modelled at your projected usage on your chosen deployment, with the line items called out so finance can see exactly where the money goes.
• Integration paths with your existing stack. The systems the new build must read from and write to. Auth, network, error handling, observability: how this becomes part of your stack, not a parallel one.
• If your build includes AI: inference cost modelling at projected volume, model selection trade-offs, and LLM-specific integration patterns. Deeper compliance evidence logging (Article 12, tamper-evident audit trails) is the Regulated tier.

If your environment introduces a dimension we haven't seen before, we name it on the scoping call and add it to the SOW before kickoff.

• Essential, £2,000. A single-task build, end to end. One read-only integration, one environment, single cloud region, not in a regulated sector, standard auth. Run cost £40 to £80 / month in your own environment.
• Standard, £5,000. A multi-step workflow across up to three production systems, with an audit-logging baseline and some compliance considerations. Run cost £150 to £400 / month.
• Regulated, £10,000. A regulated-sector starter (FCA, MHRA, ICO) with Article 12 logging, a full evidence pack, and support for one external auditor review; multi-system or audit-heavy programmes are quoted above tier. Run cost £300 to £900 / month.

Which tier you're in comes down to three honest drivers: integration count, compliance burden, and load. We confirm it on the free scoping call, then the price is fixed in the SOW. Fixed price means fixed scope. Each tier has hard limits (integrations, environments, support, handover sessions), and anything past them is a fixed-fee SOW amendment agreed before work starts. See the full per-tier scope and what's in or out →

These are introductory launch rates while the studio builds its case-study base, locked in for your engagement, rising after 30 September 2026.

• You have a build (AI or not) that's stalled at security review, integration, or cost, and you want it live and owned without a long enterprise engagement.
• You'd rather a fixed price agreed up front than an open-ended day-rate that drifts.
• You can provide an environment to deploy into (cloud account, on-premises capacity, or hybrid), or can provision one early in the build.
• Your team is willing to attend the operational handover and run the incident and rollback drills.

This engagement is designed for clean handover and full ownership transfer. If you'd rather a partner operate the system long-term, we're not the right fit and can point you at someone who is. If you're earlier than a build, still deciding whether to build at all, start the conversation anyway; the free scoping call will tell you honestly.

If AI is part of what you're considering, walk it through this checklist first. It covers the questions your compliance team will ask anyway: risk class, transparency duties, oversight, logging, governance. Bring the answered version to the scoping call and we'll start from where you actually are.

Send a brief description of what you're building, what your team has tried so far, and which environment it would live in. We'll reply within two business days. If it looks like a fit, we'll book 25 minutes, with an NDA in place first if you'd like one.