SaaS, Web Applications & Smart Websites. Built to Scale, Designed to Convert.
Whether you need a SaaS platform, a complex web application, or a smart website that does more than just look good, I build it. Ruby on Rails and Next.js power everything from MVPs and internal tools to fully custom, GDPR-compliant websites that replicate and optimise your business processes. Production grade, fast, maintainable, and ready to grow with you.
The risks of trusting AI prompt developers
Your business data, your customers, your revenue. Read why AI-only development is a liability and what the alternative looks like.
Powered by the Frameworks Behind the Fastest Growing Products
Ruby on Rails, Next.js, Remix, React and React Native give you speed, control and serious firepower across web and mobile.
Unmatched flexibility.
Build smarter. Launch faster. Scale without limits.
Own every part of your SaaS, web application, or smart website, from backend to mobile. I use proven frameworks like Ruby on Rails, Next.js and Remix to turn complex ideas into fast, flexible and future-proof software.
- Custom SaaS Backends
From user management and billing to analytics and admin panels, I build secure, scalable backends that power your product and grow with your users.
- eCommerce Platforms
Beyond templates, beyond plugins. I build or customise platforms tailored to your product lines, checkout flows and integration needs.
- Mobile Apps That Match Your Web
Using React Native and shared logic, I deliver consistent mobile experiences on iOS and Android without duplicating your stack.
Growth Marketing
Without Platform Limits
Bespoke SaaS and web applications give you total freedom to connect your marketing stack, track user behaviour in real time, and run high-performance campaigns without relying on clunky third-party plugins or limited integrations.
- Tracking & Analytics Tailored to You
- I integrate GA4, Plausible, Segment and custom pipelines so you can measure what matters, from signups to conversions to LTV, without data gaps.
- First Party Data Ownership
- Own your data. I build and integrate systems that give you direct access to raw user behaviour, without relying on third party cookies or black box tools.
- Conversion Optimised UX
- Speed, structure and semantics all affect conversion. I optimise layout, performance and on page flows to improve funnel outcomes.
- A/B Testing Built In
- From simple split tests to multivariate experiments, I integrate robust experimentation frameworks that tie results directly to your analytics stack.
- Email, CRM and Lifecycle Automation
- Trigger personalised emails, onboarding flows and retention sequences using deep integration with platforms like Klaviyo, Customer.io or custom SMTP.
- SEO and Performance From the Ground Up
- Fast page loads, structured data, semantic markup and clean URLs. SEO is built into every frontend I ship.
Why Ruby on Rails?
Battle Tested for Speed, Scale and Simplicity
Ruby on Rails has powered some of the world's most successful SaaS and marketplace platforms, from Shopify and GitHub to Airbnb. It is not just a framework. It is a philosophy: optimised for developer productivity, maintainable code and rapid iteration.
- Rapid development
- Convention over configuration means less boilerplate, fewer decisions and faster iteration. Ideal for MVPs or ambitious roadmaps.
- Robust APIs out of the box
- Easily expose REST or GraphQL APIs that map cleanly to your business logic and scale with your product.
- Rich ecosystem
- Thousands of well maintained gems for billing, authentication, analytics and admin tools save you time and reduce risk.
- Proven in production
- Used by platforms like Shopify and GitHub, Rails has scaled with some of the most successful SaaS companies on the internet.
- Secure by design
- Rails includes security features like CSRF protection, strong parameter filtering and encrypted sessions by default.
- Background jobs made easy
- Run emails, billing cycles and onboarding flows at scale using Sidekiq and other background job frameworks.
- Powerful admin tooling
- Quickly build internal dashboards or admin interfaces for your operations and support teams using tools like ActiveAdmin.
- Built in testing culture
- RSpec and Minitest make it easy to write automated tests, adopt test driven workflows and catch issues early.
- Readable and maintainable code
- Ruby's elegant syntax makes code more enjoyable to write and easier to maintain as your product and team scale.
Why Next.js?
Modern Frontends. Full Stack Power. Blazing Fast.
When your product needs a sleek, fast and highly interactive frontend, Next.js is the tool of choice. It combines React's component model with server rendering, static generation and full stack capabilities. Perfect for marketing sites, portals or fully interactive dashboards.
- Server and static rendering
- Get the best of both worlds with server rendered pages and pre rendered content, optimised for speed, SEO and UX.
- Built in API routes
- Create backend endpoints directly inside your frontend project, keeping architecture clean and tightly integrated.
- Tight React integration
- Build on the React ecosystem with full support for hooks, components, and frontend libraries your team already knows.
- Automatic code splitting
- Only ship the JavaScript users actually need, improving performance and reducing load times without extra setup.
- Optimised for SEO and accessibility
- Structured routing, metadata and performance help you rank better and deliver a better experience for all users.
- Flexible routing with file based structure
- Pages are defined in the file system, giving you intuitive control over routes, nested views and dynamic parameters.
- API and frontend in one deploy
- Simplify DevOps by deploying your full stack app as one unit. Ideal for serverless hosting on platforms like Vercel.
- Edge ready and cloud native
- Deploy to the edge or scale globally with minimal configuration. Next.js works out of the box with platforms like Vercel and AWS.
- Built for incremental growth
- Add pages, features and API endpoints gradually as your product grows. No need to replatform or rebuild.
Built With Confidence
Why Testing Matters for Your Business
Every line of code I write is backed by behaviour driven specifications using RSpec and Minitest. These are not just developer conveniences. They are insurance policies that protect your product, your investment and your peace of mind.
- Fewer bugs, every release
Automated tests catch regressions before they reach production, so you can ship features with confidence and avoid costly downtime.
- Living documentation
Behaviour driven specs double as readable documentation, making it easy for anyone on your team to understand what the system does and why.
- Easy handover at any stage
Clear tests and specs make it painless to bring in new developers, onboard partners, or transfer ownership without confusion or tech debt.
- Faster onboarding for new developers
New team members can read tests to understand how the system works, reducing ramp up time and preventing accidental breakage.
- Protect your core logic
Business critical features are backed by repeatable, automated tests. No more 'it worked yesterday' moments.
- Confidence to refactor and scale
With full test coverage, you can refactor or extend features without fear of breaking something elsewhere in the system.
Smart Websites
Not Just a Website. A System That Runs Your Business.
Most businesses do not need a simple brochure website. They need a smart website that is fully custom, 100% GDPR and DSGVO compliant, and built around their actual business processes. I build websites that do real work: capture leads, automate workflows, manage bookings, handle payments, and give you full control through an admin backend. Every smart website is tailored from the ground up to how your business operates.
- 100% Custom, Zero Templates
- Every smart website is designed and built from scratch around your brand, your processes, and your customers. No themes, no page builders, no compromises. The result looks and works exactly how your business needs it to.
- GDPR and DSGVO Compliant From Day One
- Cookie consent management, data minimisation, right-to-deletion workflows, consent tracking on every form, and hosting in the EU (Frankfurt or your preferred location). Compliance is not an add-on. It is built into the foundation.
- Business Process Automation
- Your website should not just display information. It should automate your operations. Online bookings, enquiry forms with automatic task creation, payment processing, automated email workflows, and customer management. All tailored to exactly how your business runs.
- Full Admin Backend
- Every smart website comes with an admin panel where you manage content, bookings, customers, enquiries, and payments. No developer needed for day-to-day operations. Your team stays in control.
- Built for Performance and SEO
- Fast load times, structured data, clean URLs, responsive design, and proper meta tags. Every page is optimised to rank well in search engines and convert visitors into customers.
- Ongoing Support and Scalability
- Smart websites are built on proven technology (Ruby on Rails, Next.js) that scales with your business. Need a new feature in six months? I build it in. Same codebase, same quality, same day turnaround for most changes.
14+ Years of Real Engineering
Your Business Data Deserves More Than an AI Prompt.
There is a growing wave of 'developers' who string together AI-generated code without understanding architecture, security, or why the code works. When it breaks, and it will, they have no idea how to fix it. I bring over 14 years of hands-on experience in software development, system architecture, and database design. Every system I deliver is properly planned, rigorously tested, and built to handle the real world. If your business relies on financial data, customer records, contracts, or anything that actually matters, it needs to be in the hands of someone who understands what they are building.
- Proper Architecture, Not Guesswork
Every project starts with an in-depth analysis of requirements and a technology decision based on real trade-offs. I understand the strengths and limitations of Ruby on Rails, Next.js, Python, PostgreSQL, Redis, and the broader ecosystem. The right tool gets chosen for the right job, not whatever an AI suggests first.
- TDD and BDD as Standard Practice
Every feature is backed by automated tests written before or alongside the code. Test Driven Development and Behaviour Driven Development are not buzzwords here. They are how I work. Tests do not change their mind between prompts. They run the same way every time, catch regressions before they reach production, and serve as living documentation that both developers and stakeholders can read.
- Penetration Testing with Linux Kali
Every system I deliver is penetration tested using industry-standard tools from the Kali Linux toolkit. I run Burp Suite for web application scanning, Nmap for network reconnaissance, SQLmap for SQL injection testing, Metasploit for exploit verification, Nikto for server misconfiguration detection, and OWASP ZAP for automated vulnerability scanning. This is not a checkbox exercise. It is a systematic audit that finds the vulnerabilities before an attacker does.
- Secure APIs That Protect Your Data
APIs are the backbone of modern systems, and they are also the most common attack surface. I build APIs with proper authentication, rate limiting, input validation, HMAC request signing, and granular permission systems. Your financial data, customer records, and contracts are protected by real engineering, not generated boilerplate.
- Automated Test Suites as Documentation
The test suite is not just a safety net. It is the definitive specification of what your system does. Tests are defined together with you, run automatically before every release, and serve as documentation that never goes out of date. When a new developer joins the project, they read the tests to understand the system. No guessing, no outdated wikis.
- Built to Scale, Built to Last
Systems I build are designed for growth from day one. Database schemas are normalised and indexed properly. Background jobs handle heavy lifting asynchronously. Caching strategies are in place where they matter. When your business grows, the technology grows with it, without emergency rewrites or surprise bottlenecks.
- Every Common Attack Vector, Tested
SQL injection: attackers read or destroy your entire database. Cross-site scripting (XSS): malicious scripts steal user sessions and credentials. Cross-site request forgery (CSRF): attackers trick users into performing actions they did not intend. Authentication bypass: unauthorised access to admin panels and customer data. Insecure direct object references (IDOR): users access data belonging to other users. Server-side request forgery (SSRF): attackers reach internal systems through your application. Broken access control: privilege escalation lets regular users do admin-level actions. I test for all of these, systematically, on every project.
- What Happens When Security Is Skipped
A single SQL injection can expose every customer record, every financial transaction, every contract in your database. An XSS vulnerability can steal login sessions from your users and give attackers full access to their accounts. A misconfigured API endpoint can leak personal data that violates GDPR, resulting in fines of up to 4% of annual revenue or 20 million euros, whichever is higher. Credential stuffing attacks exploit reused passwords to take over accounts. Without penetration testing, these vulnerabilities sit in production waiting to be discovered by someone with bad intentions. The cost of a proper security audit is a fraction of the cost of a single breach.
Rapid development frameworks deliver faster than AI prompting
Ruby on Rails and Python Django are purpose-built for rapid development. Combined with TDD and BDD, projects move faster, ship with fewer errors, and deliver exactly to specification. Every feature is defined upfront, tested automatically, and verified before release. Compare that to AI-prompted development where non-developers have no visibility into what changed in the codebase, what side effects a change introduced, or whether a previously working feature just broke silently. When AI changes code, it also changes input requirements and output formats, often without telling you. If those inputs and outputs are connected to other processes, third-party systems, or external APIs, one invisible change can break an entire chain of integrations. With rapid frameworks and disciplined testing, you get predictable timelines, traceable changes, and a system that does precisely what was agreed upon.
A word of caution about AI-only development
AI is a powerful tool and I use it daily. But a system built entirely by prompting an AI, without understanding the architecture, the security implications, or the failure modes, is a liability waiting to happen. AI does not understand your business context. It does not plan for edge cases. It does not know what happens when the prompt runs out of context or a new conversation resets everything. As of April 2026, I am involved in two projects where third-party developers clearly demonstrated they have no understanding of basic principles: datatypes, architecture patterns, or API contracts, without consulting AI first. Every time they release a new AI-generated version of their application, the input and output formats change unpredictably, forcing us to redesign essential processes, causing major delays, budget overruns, and security risks. For anything your business genuinely depends on, you need someone who can think, plan, and take responsibility for what they build.
Development Velocity Over Time
TDD/BDD with rapid frameworks vs. AI-prompted development
Hover or tap the dots to learn more about each stage.
Sources: Veracode GenAI Code Security Report (2025), Ox Security Anti-Pattern Analysis (2025), arXiv: Debt Behind the AI Boom (2026), Georgetown CSET: Cybersecurity Risks of AI Generated Code (2024), CrowdStrike AI Code Vulnerability Research (2025).
Open Source: AI Code Detector
What started as a hobby project turned serious. Many companies overpay for codebases that are heavily AI generated and don't realise the risk until it's too late. I handbuilt an open source tool in Python that detects AI written code, so you can audit what you're actually paying for. It supports Python (most thorough), JavaScript, Ruby, Go, and Java.
Ready to build something that lasts?
Whether you need a SaaS platform, a web application, or a smart website that truly works for your business, I build it production ready from day one. Let's talk.