GDPR in engineering
GDPR is not paperwork · it's engineering. How we keep systems compliant and audit-ready.
Cybersecurity →Notes from the studio.
- 22 April 2026 · Mobile app (iPhone + Android) · CybersecurityMobile analytics without cross-app tracking · 2026 reality~65% of iOS users decline tracking. Here's how we run product analytics for mobile apps anyway.
- 22 April 2026 · AI solutions · CybersecurityAgentic AI · the safe tool-use pattern we ship by defaultAgentic AI that can send email and move money is not just a chatbot. Here's the safe tool-use pattern we ship.
- 22 April 2026 · Website & online shop · CybersecurityMulti-tenant SaaS on Postgres · the RLS-first playbookBuilding multi-tenant SaaS on Postgres? RLS is non-negotiable. Here's the playbook we ship.
- 22 April 2026 · Cybersecurity · Website & online shopHungarian fintech regulatory calendar 2026 · what MNB, NAV, and NAIH actually require this yearMNB, NAV, and NAIH all have 2026 obligations that hit Hungarian fintechs · this is the compact calendar of what's due and when.
- 22 April 2026 · Blockchain · CybersecurityEIP-712 meta-transactions · gasless UX without compromising securityGasless UX is a product win. Meta-tx relayers are a security surface. Here's how to ship both safely.
- 22 April 2026 · Website & online shop · CybersecurityPayment gateway integration in Hungary · SimplePay, Stripe, Barion, Revolut Business in 2026Four payment gateways, Hungarian-market reality check. Which we pick for which job, with fee math and integration pain points.
- 22 April 2026 · Blockchain · CybersecurityFoundry invariant testing · the patterns we write on every auditEight invariant patterns worth stealing · we run these on every audit and they keep finding real bugs.
- 20 April 2026 · Cybersecurity · Website & online shopKYC integration for Hungarian fintech · the 2026 practitioner's guidePractical KYC integration for EU + Hungarian fintech · provider comparison, MNB requirements, and the integration mistakes we won't repeat.
- 20 April 2026 · AI solutions · CybersecurityWhat an AI security audit actually checks in 2026AI security isn't a checkbox. Here's the nine-point audit we run on every LLM system we ship, plus which bugs turn up most often on systems we didn't build.
- 20 April 2026 · CybersecurityNIS2 for SaaS: minimum checklist for 2026What NIS2 actually demands from a mid-size SaaS: incident reporting, supply-chain, access control, and 3 basic rules we run ourselves.
- 18 April 2026 · AI solutions · CybersecurityLLM prompt injection playbook · the 2026 attack surfaceThe prompt injection surface is not a single bug · it's five categories, each with a distinct defence. Here's our playbook.
- 22 March 2026 · Blockchain · CybersecuritySmart contract audit checklist · the one we actually useA checklist for the last days before mainnet: threat model, tests, fuzz, deploy, monitor · 30+ items we never skip.
- 05 March 2026 · AI solutions · CybersecurityGDPR + AI: training on user data in 2026 · what's allowed, what isn't'We train on user data' · one sentence most startups drop without friction. In 2026 it opens a GDPR door. Here's the concrete checklist.
- 18 February 2026 · AI solutions · CybersecurityEU AI Act for SaaS: what you actually have to do in 2026AI Act is live. Who it affects, which tier you're in, deadlines · and the three things worth starting now.
SHIPPED WORK
- 2026 · AI solutions · CybersecurityUse AI EasilyAn AI firm's website · home of Hungary's first dedicated AI-security practice.
- 2026 · Cybersecurity · AI solutionsPhisGuardAI-powered phishing simulation campaigns for companies · realistic scenarios, live tracking, automated awareness training.
- 2026 · AI solutions · CybersecurityMCP Security LayerA security layer between an AI agent and its tools · checks every tool call at the intent level, blocks or approves, logs.
- 2025 · CybersecurityCVE-2023-27350 · PaperCut RCE PoCOne HTTP request, full SYSTEM shell · the PaperCut CVE-2023-27350 auth bypass, live from recon to reverse shell.
CASE STUDIES
- fintech · AI solutions · CybersecurityAI support copilot for an EU neobank · 42% cost drop, 18% CSAT liftA fast-growing EU neobank's support team was drowning in Tier-1 tickets. We built a retrieval-augmented copilot with strict guardrails, live traffic in week four, metered against real CSAT.
- saas · Website & online shop · CybersecurityFrom single-tenant to multi-tenant SaaS in 14 weeksA 40-tenant B2B SaaS hit the ceiling of its single-tenant architecture. We migrated to Postgres RLS, custom domains, and metered Stripe billing · with zero downtime.
- fintech · Blockchain · CybersecurityDeFi lending protocol audit · 7 critical findings before mainnetPre-mainnet audit of a lending protocol on Ethereum L2. Invariant-based + fuzz + manual review. 7 critical, 12 high, 28 medium findings · all fixed before first tx.