Sprint Studio / Capabilities / Site care

Keep it live. Keep it patched. Keep it shipping.

The unglamorous half of running a website or web app — maintenance, security patches, version updates, the small changes that pile up — handled by the engineers who shipped it. Or by us, on a site somebody else shipped, after a one-week onboarding audit.

See pricing

what's covered

Three things, treated seriously.

Maintenance, security, and updates aren't a single line on an invoice — they're three different bodies of work with three different cadences. We do all three properly, or we don't do them.

⟳

Maintenance

The boring work that stops your site degrading. Done monthly, logged in writing, so nothing piles up to the “it's now a rescue” moment.

Dependency updates (npm / pip / system)
Framework upgrades on a planned cadence
Broken-link sweeps
Performance audit + budget enforcement
Accessibility fixes (a11y regressions)
Database housekeeping & backups verified
Asset / image optimisation passes

⛨

Security

Patches against disclosed vulnerabilities, regular sweeps for the things that haven't been disclosed yet, and a real incident path when something does land. Auth audited, headers honest, CSPs real.

CVE scanning across the dependency tree
Security patches applied within agreed SLA
SSL renewals, auth audits, header reviews
CSP + permissions-policy reviewed quarterly
Backups tested, not just taken
Incident response path with named on-call
Pen-test remediation when commissioned

Updates

The small changes that don't warrant a sprint engagement — copy, imagery, a new page, a tweaked form, a new integration. Done within the month, scoped from the request.

Copy & image swaps
New marketing pages / landing pages
Form changes & integrations
Small feature additions
Analytics / tag changes
Content publishing & SEO tweaks
CMS configuration & user permissions

care plans

Three plans. Pick the one that fits.

Monthly retainers, paid in advance. Cancel with 30 days' notice, no minimum term beyond the first month. Unused hours roll forward up to one month so you don't lose what you paid for.

Baseline

Watchtower

For sites that mostly just need to keep running. Patches landed, dependencies current, uptime watched, monthly note.

from £600 / mo

≈ 3 hours / month · 30-day notice

Uptime monitoring + alerts
Dependency & framework patching
Security CVE scanning
Monthly summary in writing
Backups verified monthly
Incident path: 8h response, business hours

Most common

Care & updates

Watchtower plus a real monthly allowance for small changes — the things that used to take you a week of chasing.

from £1,800 / mo

≈ 12 hours / month · senior engineer + designer

Everything in Watchtower
Monthly hours for content, copy, design tweaks
Small feature additions & integrations
Quarterly performance & a11y audits
Analytics / SEO hygiene
Incident path: 4h response, business hours

Active product

Active care

For products with real users and continuous evolution. A senior engineer on call alongside the small-change allowance, with a structured roadmap conversation each month.

from £4,800 / mo

≈ 32 hours / month · pod-light · roadmap call

Everything in Care & updates
Monthly roadmap call + planning
AI feature evolution & eval drift watch
Quarterly pen-test remediation budget
Out-of-hours support window (agreed)
Incident path: 1h response, 24/5

When something does go wrong

Real incident response. Not a ticket queue.

Every care plan comes with a defined incident path: the channel, the on-call name, the SLA. The same senior engineer who knows your codebase — not a triage team three contracts down.

We'll write a one-page post-incident note within 48 hours of resolution. Plain English, what happened, what we did, what we're changing so it doesn't happen again. You can show it to a board, a regulator, or a customer with no rewrite.

Watchtower8h · business

Care & updates4h · business

Active care1h · 24/5

P0 / data loss30 min · 24/7

Post-incident note48h, written

What care covers

Sites & web apps we built — enrolled at handover
Sites we didn't build — after a one-week onboarding audit
Maintenance, security, and update work as scoped above
Incident response within the SLA on your plan
One named senior engineer + designer on call
Monthly written summary of everything we touched

What care isn't

A help desk for your end users — that's a different product
Hosting, SaaS, or domain bills — charged at cost or to your accounts
Major redesigns or new product lines — those become a fresh engagement
Native-mobile, desktop, or backend-only systems — we build for the browser
An unlimited-hours retainer — hours are scoped per plan
A way to keep us cheap once we've shipped — we'll say if you'd be better off in-house