Built so your idea stays yours.

Your idea is confidential the moment you mention it.

From the first email through to a fully signed engagement, everything you share with Macroshifts is treated as confidential by default. You don't need an NDA in place before you pitch us — but we'll happily sign yours, and we'll send ours if you'd prefer to start with ours.

• Mutual NDA available on request — usually returned signed within 24 hours
• Internal access to your project is limited to the named team on your engagement
• Pitches and decks shared with us are never used to build competing products
• Investor introductions are only made with your explicit, written approval
• Confidentiality survives the engagement by five years from termination

Plain-language terms for every engagement.

Every engagement — sprint, studio partner, or managed retainer — comes with a short master services agreement (MSA) and a statement of work (SOW) that spells out scope, timeline, deliverables, and fee. No surprises buried in legalese.

• Scope: the SOW lists exactly what we'll deliver and what we won't
• Payment: net-14 on monthly invoices; 50% deposit for sprint engagements
• Change orders: anything outside the SOW gets a written change order before work starts
• Termination: either side can end an engagement with 30 days' written notice
• Warranty: 60-day warranty on shipped deliverables for material defects
• Liability: capped at fees paid in the prior twelve months
• Governing law: England & Wales unless your jurisdiction is named in the SOW

You own what we build for you.

On final payment, all intellectual property created specifically for your project — code, designs, copy, brand assets, and documentation — transfers to you. We retain rights only to background IP that existed before the engagement (frameworks, internal libraries, methodologies) and grant you a perpetual licence to use it within the deliverable.

• Full assignment of foreground IP on receipt of final payment
• Perpetual, royalty-free licence to background IP we used in your build
• Open-source components remain under their original licences and are disclosed in writing
• Right to reference your engagement in our portfolio with your logo and a short summary — unless you opt out in the SOW
• Source-code escrow available on request for retainer engagements

GDPR, UK GDPR, and CCPA aligned.

We act as a data processor when handling personal data on your behalf, and as a data controller for the information you submit to us directly (contact forms, pitches, contracts). Either way, we collect only what we need and we delete it when we no longer do.

• Data processing addendum (DPA) signed alongside the MSA when personal data is involved
• Sub-processors disclosed in writing; 30 days' notice of any addition or change
• Data subject access requests (DSARs) routed within the statutory 30-day window
• Pitch and contact data deleted after 24 months of account inactivity
• No marketing emails without explicit opt-in; one-click unsubscribe on every send
• Data hosted in EU / UK regions by default; other regions disclosed in the DPA

A security posture that scales with you.

For products we build and operate, security is a first-class concern from day one — not a Phase 2 chore. We follow the OWASP Top 10, ISO 27001 control families, and SOC 2 readiness practices for everything we ship and manage.

• Single sign-on (SSO) and 2FA mandatory on all internal tooling
• Encrypted storage at rest, TLS 1.2+ in transit, secrets vaulted (never in source)
• Quarterly access reviews; immediate credential revocation on offboarding
• Penetration testing available as a paid add-on prior to launch
• Incident response within 4 hours of detection on managed engagements
• Annual third-party security audit; summary available under NDA

Investment support, done properly.

When we facilitate warm introductions to investors or take an equity stake ourselves, we follow KYC and AML procedures aligned with FATF guidance. Founders verify identity and entity standing; we retain records securely for the period required by law.

• Identity verification for all individuals receiving equity-linked introductions
• Entity verification (registration, beneficial ownership) prior to any term-sheet work
• Sanctions and PEP screening before introductions to regulated funds
• No engagement with sanctioned jurisdictions or prohibited industries
• Equity allocations documented in a side letter, reviewed by your counsel

Templates & downloads.

The current versions of our standard agreements. Request a copy from the studio for the exact draft we'd put in front of you — every engagement starts with a tailored set.