Services

Websites and web applications for small businesses, and practical IT, security and privacy help for individuals, across Toronto and the Greater Toronto Area. Every project starts with security.

For businesses

Websites and web applications

For small businesses across Toronto and the Greater Toronto Area that need to be found, and to be trusted once they are.

Website design for Toronto businesses

A fast, modern, accessible website that makes a small business look as serious as it is, and that Google can actually read.

Most small-business sites are slow, built on a pile of plugins, and quietly leaking data to a dozen third parties. We build ones that load in under a second, work on a five-year-old phone, and ship their words in the HTML, so a search engine or an AI assistant can read them on the first pass instead of waiting for a script.

The work starts with who you are trying to reach and what you want them to do, then structure, then copy, then design, in that order, because a beautiful page that says nothing converts nobody. You end up with a site you can update yourself, hosting that does not surprise you with a bill, and no dependency on us to keep it running.

What you get

  • Loads in under a second on a phone, on real data
  • Content in the HTML, readable without JavaScript
  • Search-engine and social-sharing metadata done properly
  • Accessible markup: screen readers, keyboard, contrast
  • Hosting and deployment set up, and explained to you
  • Yours to own: source, accounts, no lock-in to us

Web application design and development

Custom web applications built the way production software should be: typed, tested, threat-modelled, and still safe to change a year from now.

When an off-the-shelf tool nearly fits but not quite, a custom web application closes the gap: a booking system, an internal dashboard, a customer portal, a workflow only your business has. We build them the way we build our own products, in strict-mode TypeScript, with every input validated on the server and object-level authorization on every query, so one customer can never read another's data.

Security is decided at design time. Before any code there is a threat model, which is the reason the applications we ship do not end up in a breach notification. GoRich, on the Work page, is built to OWASP ASVS Level 2 and its threat model is public.

What you get

  • A threat model, written down, before any code
  • TypeScript end to end, in strict mode
  • Server-side validation and per-user authorization on every query
  • Automated tests and a CI pipeline that gates every deploy
  • Documentation you can hand to the next engineer

For individuals

Personal IT, security and privacy

In-person help across Toronto and the Greater Toronto Area, in plain language, with no jargon and no upsell.

Personal IT services

Practical help with the computer, the router, the backups, and the thing that stopped working, explained in plain language.

Technology gets sold to people and then abandoned by the people who sold it. We do the work that is left over: setting up a new machine properly the first time, untangling a home network, and getting backups running so a dead drive is an inconvenience rather than a catastrophe.

No jargon, no condescension, no upsell. If the honest answer is that your five-year-old laptop needs sixty dollars of memory rather than a replacement, that is the answer you will get, and you will understand what was done and why. The goal is for you to need us less over time, not more.

What you get

  • New devices set up properly, once, rather than repeatedly
  • Backups that actually run and that you have tested
  • A home network that works, in plain language
  • Honest hardware advice, including "do not buy this"

Cybersecurity and privacy help

Everyday security hygiene that sticks: password managers, two-factor authentication, device hardening, and cutting down who gets to watch you.

Almost nobody is targeted personally. Almost everybody is caught in something automated: a password reused on a site that was breached, an account with no second factor, a phone backing up everything to somewhere you never chose. The fixes are well understood and unglamorous, and most people never get shown them.

We sit down with you and put them in place: a password manager you actually use, two-factor authentication on the accounts that matter with recovery codes you can find, and devices configured so a stolen laptop is a lost laptop rather than a lost identity. The aim is proportion, not paranoia, and we will not pretend any of it makes you unhackable, because nothing does.

What you get

  • A password manager, set up and migrated to
  • Two-factor authentication where it counts, with recovery codes
  • Devices and accounts hardened against the common attacks
  • A privacy review: who is collecting what, and what to do about it

Have something in mind?

The first conversation is free and ends with a written scope and a fixed price, so you know what you are committing to before you commit.

Start a project