Frequently asked questions

No — they are realistic UK market ranges, not fixed quotes. Every project is different: scope, complexity, number of integrations, design requirements and hosting all affect cost. Your actual proposal is fixed (or phased, for larger work) only after we have understood your brief in a discovery call.

The ranges are published so you can self-qualify before reaching out. If our starting prices are outside your current budget, it is better for both sides to know that before a long conversation.

Our minimum engagement for a custom build is £2,500. Projects below this are typically better served by our starter products (DenNest, WolfSuite, CoinDen, etc.), which can be customised at lower cost than a fully bespoke build.

If you are not sure whether your project fits within that range, describe it to us — we will be honest.

Both, depending on the project:

• Fixed price — for well-scoped projects where requirements are clear. Gives you budget certainty; any scope change is handled via a documented change request before work proceeds.
• Time-and-materials with a cap — for exploratory or evolving briefs. You pay only for time spent, up to an agreed monthly ceiling. Better when the destination is clear but the route may shift.

We explain which model suits your brief during discovery and do not push you toward one for our convenience.

A typical structure is:

• 30% on contract signature to commence work.
• Milestone payments tied to agreed deliverables during the project.
• Final balance on sign-off and acceptance.

For longer programmes we set a phased schedule at the outset. For support retainers, invoices are raised monthly in advance. We do not ask for 100% upfront, and we do not invoice for work you have not accepted.

No. The initial email exchange and a first discovery call (typically 30 minutes) are at no charge. You are under no obligation to proceed after that conversation.

If your project requires a detailed technical assessment, scoping workshop or written discovery report before a quote can be produced, we may charge for that work — and will say so clearly before scheduling it.

Yes — this is the point of them. Our starter products (WolfSuite Core, WolfStock, DenNest, CoinDen, LairLink, CrewPulse and others) are pre-built, tested foundations that we customise to your brand, workflow and integrations. Starting from a foundation typically reduces project cost by 25–50% compared to a fully bespoke build for the same feature set.

Not every brief fits a starter product. We will tell you honestly during discovery whether one applies — and if not, why.

It depends entirely on scope. Rough guides:

• Personal utility / focused mobile app — 5–10 weeks to launch.
• Business module or department tool — 8–16 weeks.
• Multi-module platform — 3–6 months for a first production release.
• System integration — 4–12 weeks depending on complexity and API documentation quality.

We give a timeline estimate as part of the design sign-off, not before. A precise date quoted before seeing a scoped brief is a guess — we do not guess with your deadline.

Scope changes are handled through a documented change request process. When a change is proposed:

• We assess the impact on timeline and cost.
• We send you a written change request with the adjusted figures.
• Work on the change begins only after you approve it in writing.

We have never refused a sensible change — we just price and schedule it honestly. Small adjustments clearly within the spirit of the original scope are often absorbed in the current sprint without a formal change request.

We work in two-week sprints. At the end of each sprint, working software is deployed to a staging environment and you are invited to review it. You will never wait more than two weeks to see what has been built.

Sprint reviews are typically 30–60 minutes. We also send a brief written update at the end of each sprint for stakeholders who cannot attend live.

The main inputs we need from your side:

• A named point of contact who can make decisions (or reach someone who can quickly).
• Availability for sprint reviews — typically 30–60 minutes every two weeks.
• Prompt feedback on staging releases. Projects slow when feedback loops extend beyond a week — we flag this if it happens.
• Access to any existing systems, APIs or data sources the software needs to connect to.

You do not need to understand the technology. You do need to understand your own workflow — that knowledge is irreplaceable and is the foundation of a good brief.

Yes — this is often the wisest approach. A focused first module deployed to real users gives you evidence about what to build next that no amount of planning can replicate.

We design first modules with future expansion in mind: the data model, API design and authentication structure are built to accommodate growth, not retrofitted to it. You will not need to rebuild the foundation when you add module two.

Yes. When the project is paid in full, all bespoke source code and agreed assets transfer to you under contract. This is not conditional on maintaining a relationship with HILLMAY SOFT — you can take the code elsewhere the day after handover.

What does not transfer: third-party libraries and open-source components, which remain under their own licences. We document every dependency in the handover pack so you know exactly what you have received and under what terms.

Starter products (WolfSuite, DenNest, etc.) work differently. The customisations and extensions we build for your project transfer to you. The underlying product foundation remains licensed — we retain ownership of the base platform and you retain a perpetual licence to use it.

The exact terms depend on the product and are set out clearly in your contract before you sign. Ask us to walk through the terms during discovery if this matters to your decision.

Hosting is your choice. We can deploy to:

• A cloud provider account you own (AWS, Azure, Google Cloud, DigitalOcean, Hetzner, etc.)
• Your existing on-premises or co-located infrastructure.
• A managed hosting account we help you set up, in your name.

We deliberately avoid arrangements where you depend on us for hosting. All credentials, deployment scripts and infrastructure documentation are handed over at launch. You can move or re-deploy the software without our involvement.

Yes. The full source code repository (Git history included) is delivered to a repository you control at project close. We also provide a handover document covering: architecture overview, environment setup instructions, deployment process, third-party service accounts and credentials, and a runbook for common maintenance tasks.

We choose the technology that fits the brief, not the one we happen to prefer. Current working stack:

• Web / backend: TypeScript, React, Next.js, Node.js, Python, .NET
• Mobile: Flutter (cross-platform), Swift (iOS), Kotlin (Android), React Native
• Desktop: Electron, .NET / WPF, Swift / SwiftUI, Qt / Python, Tauri
• Data: PostgreSQL, SQLite, Redis, SQL Server
• Infrastructure: Docker, GitHub Actions CI/CD, major cloud providers

If your existing system uses a stack not listed here, tell us — we will assess whether we can work with it or should recommend a specialist.

Usually yes. We regularly integrate with: Xero, QuickBooks, Sage, FreeAgent (accounting); HubSpot, Salesforce, Pipedrive (CRM); Shopify, WooCommerce (e-commerce); Stripe, GoCardless (payments); Microsoft 365, Google Workspace, Slack (productivity); and many bespoke internal APIs.

Feasibility depends on whether the platform has a documented API and what it exposes. We assess this during discovery — no charge for the assessment.

Both — the choice depends on your requirements and budget. We explain the trade-offs honestly:

• Flutter (cross-platform) — our default for most apps. One codebase, iOS and Android, near-native performance, good offline support.
• Swift / Kotlin (native) — best when you need deep platform API access (ARKit, HealthKit, NFC) or a premium feel that benefits from platform-native components.
• React Native — strong when your web team already works in React and you want to share logic between web and mobile.

Security is considered at architecture stage, not bolted on at the end. Standard practices include:

• Role-based access control with least-privilege defaults.
• Encrypted data in transit (TLS 1.2+) and at rest where appropriate.
• Dependency scanning for known vulnerabilities before release.
• Input validation and parameterised queries to prevent injection attacks.
• Audit logs for significant actions.
• Backup and recovery planning documented before go-live.

For regulated sectors (healthcare, finance, legal) or high-risk data, we discuss specific compliance requirements during discovery.

Yes, in many cases. We can adopt third-party codebases that use technologies within our stack. The process:

• Code audit to understand the existing state and identify risks — charged at our standard rate, credited against the first support invoice if you proceed.
• Documentation pass — we write what is missing.
• Agree a baseline of "as built" versus "new feature request."
• Commence support under standard retainer or ad-hoc terms.

Contact us with details of the stack and approximate codebase size and we will tell you whether adoption is realistic.

No. A rough description of the problem you want to solve is enough to start a useful conversation. In fact, arriving with a 50-page specification sometimes causes more problems than it solves — requirements written without developer input often over-specify the wrong things and under-specify the things that actually matter.

We help shape the brief as part of discovery. That is not a service we charge extra for — it is part of how we scope accurately.

Projects are delivered remotely. Our registered office is in London, but we work with clients across the UK without requiring on-site presence. Discovery calls, sprint reviews and training sessions are conducted by video call.

For larger engagements or regulated environments where an in-person session is genuinely useful, we can discuss on-site time. This would be agreed as part of the project scope.

Yes. We act as a white-label development partner for digital agencies and design studios. The process is the same; the primary communication channel is the agency rather than the end client. We are experienced at working without direct end-client contact where preferred.

Contact us to discuss referral arrangements or ongoing subcontract partnerships.

The contract includes a formal acceptance process at each milestone. If delivered work does not meet the agreed specification, you document the gaps and we resolve them before payment for that milestone is due. The 30-day post-launch warranty covers in-scope bugs discovered after go-live at no additional charge.

Beyond formal mechanisms: we show you working software throughout the build so surprises at the end are rare. If something is going wrong, the sprint review process surfaces it quickly enough to correct course.

Yes. We regularly start engagements where the client knows there is a problem but not yet the solution. A discovery session — which can be booked without commitment — is designed exactly for this. We map the current situation, the desired outcome, and the constraints, and from that we can produce a written brief and rough cost range.

If after discovery the right answer is an off-the-shelf tool rather than custom software, we will say so.

We build with UK and EEA data protection requirements in mind as a default, not an afterthought. Typical measures include:

• Data minimisation — collecting only what the application genuinely needs.
• Role-based access control so users see only the data relevant to their role.
• Audit logs for data access and modification.
• Documented data flows so you can complete or update your ROPA (Record of Processing Activities) easily.
• Deletion and export mechanisms where required for data subject rights.

We are not a law firm and cannot provide legal compliance guarantees — you remain the data controller and are responsible for your own compliance obligations. What we can do is build software that makes compliance straightforward rather than difficult.

Yes. A mutual NDA is available on request before you share commercially sensitive brief details. We treat all client information as confidential as a matter of practice regardless, but we understand that some organisations require a signed document before the conversation starts. Ask and we will send one within one business day.

Minimal. Contact form submissions are processed only to respond to your enquiry and are not shared with third parties. We do not currently run advertising or sell data. Full details are in our Privacy Policy and Cookie Policy.

On some projects we work with trusted specialist collaborators (designers, QA testers, specialist engineers). Where this occurs:

• Subcontractors are bound by confidentiality obligations equivalent to those in your contract with HILLMAY SOFT.
• They are not given access to client data beyond what is necessary for their specific task.
• We remain the accountable party — you always deal with HILLMAY SOFT, not subcontractors directly.

If your contract requires you to approve any subcontractor involvement, tell us and we will accommodate that requirement.

It is a fair question. The company is new; the underlying practice and experience are not. We address this risk structurally rather than just asking you to trust us:

• Milestone-based payment — you pay in stages for delivered and accepted work, not upfront for promises.
• Source code ownership confirmed in contract — if the company ceased trading tomorrow, you already have what you paid for.
• Accounts filed at Companies House on schedule and publicly verifiable.
• References available on request from completed work.

We are also transparent about what we are: a focused studio, not a large agency. If you need the reassurance of an established enterprise vendor for a critical system, we will say so.

Due to client confidentiality, most delivered projects are not publicly showcased. We can:

• Discuss relevant experience in a discovery call without naming clients.
• Provide references from completed engagements on request.
• Walk through our starter product foundations (WolfSuite, WolfStock, DenNest, etc.) live so you can assess code and UX quality directly.

Email is the right starting point: support@hillmaysoftltd.co.uk. Describe the problem you want to solve — a rough paragraph is enough. We reply within one UK business day (Monday–Friday, 09:00–18:00).

You can also use the contact form on our Contact page, which includes fields for service type, budget range and timeline to help us respond more specifically to your situation.