How do you price engagements?

Fixed-price Discovery sprints ($15k–$25k). Production builds are milestone-based, typically $120k–$400k depending on scope. Ongoing monitoring and evolution runs on a monthly retainer. No hourly billing, no surprise invoices — every scope is written down before work starts.

What does a typical timeline look like?

Discovery: 1–2 weeks. Prototype: 2–4 weeks. Production: 4–12 weeks depending on integrations and compliance surface. Most clients see a working prototype inside 30 days and shipped production inside 90. Regulated rollouts (HIPAA / state cannabis) sometimes add 2–4 weeks for audit review.

Who owns the IP and the models?

You do. Every line of code, fine-tuned weight, prompt, and eval harness is delivered under a full assignment. No vendor lock. We can host and operate it for you — or we can hand the keys to your team on day one. Your call.

Do you sign a BAA? What about PHI?

Yes — standard BAA signed before any PHI is shared. All PHI workflows run on HIPAA-covered infrastructure (AWS BAA, Vercel Enterprise, Anthropic / OpenAI BAA endpoints). De-identification and minimum-necessary patterns are baked in by default, not bolted on.

Which LLMs do you use, and why?

We're model-agnostic. Most production builds route across Claude (Anthropic) and GPT (OpenAI) with a fallback layer — chosen per workload by cost, latency, and accuracy. For sensitive data we deploy open-weight models (Llama, Mistral) on your VPC. The choice is evidence-based, not ideology.

Can you work with our in-house engineers?

That's how about half our engagements run. We plug into your repos, your Linear/Jira, your on-call. We pair on architecture reviews and code-review your team's AI PRs. The goal is always your team owning it — we're the accelerant, not the dependency.

What if the AI gets it wrong in production?

Every production build ships with human-in-the-loop checkpoints on high-risk actions, confidence thresholds that route edge cases to review queues, and rollback switches. We treat AI like any other dependency: expect failure, instrument everything, design for graceful degradation.

Back to the Briefing

Issue 001 · EU · ES

Issue 001 — The EU AI Act, explained for operators

What shifts in 2026, what you have to do, and what you can ignore.

April 4, 20266 min readEU AI Act · Compliance · Regulation

This is a template issue scaffolded by the handoff. Replace the body with real copy before launching to readers.

Why it matters

Replace this section with the operator-facing summary of the EU AI Act: phase-in timeline, prohibited practices, high-risk classification, transparency obligations, and conformity assessments.

What you need to do before Q3

Map every AI system you run against the four risk tiers (unacceptable, high, limited, minimal). Publish the mapping. Maintain a data-processing register aligned with GDPR Article 30.

What we are watching

AEPD guidance on cannabis-club member verification, the first NIS2 enforcement decisions, and the harmonised standards work at CEN-CENELEC JTC 21.

Subscribe to The Briefing