Security by default
We consider access control, data minimization, logging, backup, updates and simple operational routines from the beginning, so a solution is not only finished visually but can also be used responsibly.
For client projects we generally recommend MFA for relevant accounts, least-privilege access, separated development and production environments, and clear ownership of domains, hosting, analytics and third-party services.