Skip to content

The build standard

Built like it matters.
Because it does.

Every Kernow.ai build ships to the same written standard — the engineering discipline big firms demand, applied to tools for Cornish businesses.

The standard

01

Security by design

Threat-modelled from the first line, not patched after. OWASP-aligned, least-privilege access, secrets kept out of the code.

02

UK GDPR compliance

Your customers’ data handled lawfully — minimised, purpose-bound, and stored in properly secured systems.

03

Live fault monitoring

Every production build reports its own errors in real time. Faults get found and fixed before you feel them.

04

Validation & rate-limiting

Every input checked, every public form protected, every endpoint limited. The boring engineering that stops the bad day.

05

Accessibility & performance

WCAG 2.1 AA and Lighthouse 90+ as the floor. Fast for your customers, usable by all of them.

06

No shortcuts

The most professional, secure option every time — never the quick fix. That’s the standard, unprompted.

Building your own?

AI will help you build it. It won't make it safe.

More business owners are building their own tools by describing what they want to AI — and it genuinely works. What it doesn't do is secure the result. AI-built apps routinely ship with leaked keys, missing access controls and open doors onto customer data.

That's where I come in. A straight-talking security review of what you've built, plain-English answers on UK GDPR and the incoming AI rules, and honest advice on when DIY is right — and when it's cheaper to have it built properly once.

Ask about a review

Straight answers

Why does security matter for a small business tool?
Because your tool holds customer names, addresses, jobs and money. A leak is a UK GDPR problem, a reputation problem and a cost problem — and small firms are targeted precisely because attackers assume the builds are soft. Ours aren’t.
What is "vibe coding" and should I worry?
Building software by describing what you want to AI. It’s powerful and getting more common — but AI-generated builds often ship with open doors: leaked keys, no access control, unvalidated inputs. Worth doing; worth doing safely.
Will the new AI rules affect my Cornish business?
If you only trade in the UK, today it’s mostly UK GDPR and ICO guidance that binds you. If you sell to EU customers, the EU AI Act can reach you too. I keep this page of the map current and tell clients plainly what applies to them — and when it’s a question for a lawyer.