RefoundRefound
DE

Services

Build it right. Fix what's broken.

Five focused engagements — whether you're starting from scratch or rescuing a system that's holding your business back.

01 / Fullstack Development4–12 weeks

Build it right from day one.

Starting from scratch is the best chance to do everything correctly — clean architecture, proper testing, a CI pipeline, and a codebase your team can actually work in. I build websites, web apps, and anything that runs in a browser: from marketing sites to complex data-driven applications.

A production-grade web product you fully own — with clean code, real test coverage, and documentation that means your next developer isn't starting from zero.

Deliverables

  • Project scoping and technical architecture document
  • Design system — tokens, components, documented patterns
  • Frontend in Next.js / React (TypeScript, fully typed)
  • Backend API and database design (Supabase / Postgres or equivalent)
  • Authentication, authorisation, and session management
  • CI/CD pipeline with automated tests and preview deployments
  • Performance and accessibility audit before handoff
  • Full source handoff with documentation

How it runs

  1. 1
    DiscoveryDefine scope, users, constraints, and success criteria.
  2. 2
    ArchitectureChoose stack, data model, and deployment strategy.
  3. 3
    Design systemBuild the component foundation before pages.
  4. 4
    BuildIterative delivery — working software at every checkpoint.
  5. 5
    QA & launchPerformance, accessibility, and security checks before go-live.
02 / System Audit2–3 weeks

Know exactly what you're running — and what it's costing you.

Most teams have a rough sense that their legacy system is fragile. An audit turns that sense into a prioritized, actionable list of risks, bottlenecks, and technical debt — with effort estimates attached. You'll know what to fix first and why.

A clear picture of your system's risk profile — not a generic checklist, but a specific map of your codebase with an actionable sequence for what to tackle next.

Deliverables

  • Full codebase health report (complexity, coverage, dead code)
  • Dependency CVE scan with severity ratings
  • Infrastructure and deployment pipeline review
  • Authentication and session management assessment
  • Prioritized remediation roadmap with effort estimates
  • Executive summary — one page, no jargon

How it runs

  1. 1
    Discovery callUnderstand the system, team, and business constraints.
  2. 2
    Access provisioningRead-only access to repo, infra, and logs.
  3. 3
    AssessmentStatic analysis, manual review, and infrastructure scan.
  4. 4
    Report deliveryWritten report with findings ranked by risk and effort.
  5. 5
    Review callWalk through findings, answer questions, agree on next steps.
03 / Refactoring & Migration6–16 weeks

Modernize without stopping the business.

Big-bang rewrites fail. I use an incremental approach: run the old and new systems in parallel, migrate functionality piece by piece, and deprecate legacy code only when its replacement is proven in production. The service stays live throughout.

A maintainable codebase your team can move fast in — with a CI pipeline, test coverage, and no more "only one person understands this" single points of failure.

Deliverables

  • Strangler fig migration plan — no big bang, no downtime
  • Test suite written alongside refactored code
  • CI/CD pipeline setup or modernization
  • Database migration scripts with rollback capability
  • Documentation for the new architecture
  • Knowledge transfer sessions for your team

How it runs

  1. 1
    Architecture reviewMap the current system and define the target state.
  2. 2
    Seam identificationFind natural boundaries to extract incrementally.
  3. 3
    Parallel buildNew modules built alongside legacy, traffic shifted gradually.
  4. 4
    ValidationEach migrated piece is tested in production before proceeding.
  5. 5
    Legacy retirementOld code removed only after new replacement is stable.
04 / Security Hardening3–8 weeks

Close the gaps before someone else finds them.

Abandoned applications accumulate security debt quietly. SQL injection, unpatched dependencies, exposed credentials, insecure sessions — they're common, exploitable, and fixable. I work through your threat surface systematically, not reactively.

A defensible security posture with documented evidence of remediation — useful for compliance conversations, customer security reviews, and your own peace of mind.

Deliverables

  • OWASP Top 10 assessment with evidence of findings
  • Dependency audit and update plan (CVE-linked)
  • Secrets management review — rotation, vaulting, CI exposure
  • Authentication and authorisation hardening
  • TLS/HTTPS configuration and certificate management
  • Security headers and CSP implementation
  • Remediation log suitable for compliance evidence

How it runs

  1. 1
    Threat modellingDefine assets, trust boundaries, and attack surfaces.
  2. 2
    Vulnerability assessmentAutomated scanning plus manual verification.
  3. 3
    Dependency triageCVE inventory, severity scoring, and update sequencing.
  4. 4
    RemediationFixes applied in priority order, each verified before the next.
  5. 5
    Hardened configInfrastructure and runtime configuration locked down.
05 / UX Modernization4–10 weeks

Same domain logic. Interface your team and users can actually use.

Legacy frontends are productivity traps. Slow pages, unclear workflows, no mobile support, and a codebase that fights every change. I replace them with fast, accessible interfaces without touching the core business logic — or the database.

A frontend your users understand on first use and your developers can extend without a four-hour onboarding session. Measured against real performance and accessibility standards.

Deliverables

  • UX audit of the existing interface with friction map
  • Component-based frontend in Next.js or React
  • Accessibility audit against WCAG 2.1 AA
  • Performance budget and Core Web Vitals baseline
  • Design system (tokens, components, documented patterns)
  • Handoff to your team with Storybook or equivalent

How it runs

  1. 1
    UX auditMap the current interface — what works, what doesn't, what's missing.
  2. 2
    Design sprintWireframes and high-fidelity mockups for key flows.
  3. 3
    Component buildBuild the design system and page components.
  4. 4
    IntegrationConnect to existing APIs and backend — no backend changes.
  5. 5
    Performance & a11yAudit, fix, and document before handoff.

Not sure where to start?

Just get in touch.

Tell me what you're working with — a new project idea, an existing system that's causing pain, or something in between. I'll tell you honestly what makes sense and what doesn't.

Get in touch