Conduct.

We tell clients what we observe, not what they want to hear. We do not stage engagements for appearances. We do not sign off on structurally unsound work because a deadline is approaching. When a definition is wrong, we say so — even when saying so is commercially inconvenient.

This principle extends to how we describe our own capabilities. We do not claim certifications we have not achieved. We do not claim deployments we have not made. We do not inflate metrics.

We handle client information with the assumption that every engagement contains material, commercially sensitive, or personally identifying content. Access to client data is limited to the engagement team. Information is not used for any purpose outside the scope of the engagement.

Client names, project details, and outcomes are published only with explicit written consent — and field reports are pseudonymised where consent for naming has not been given.

Employees and contractors disclose any actual, potential, or perceived conflict of interest at onboarding and whenever circumstances change. Conflicts include: competing engagements, personal relationships with client stakeholders, financial interests in client vendors, and ownership positions in competing firms.

No engagement is accepted where a conflict cannot be mitigated to the satisfaction of the client and the Founder.

We compete on the quality of our work. We do not disparage competitors. We do not misrepresent competitor capabilities. We do not solicit confidential information from prospective clients about their current providers.

Proposals reflect the scope, timeline, and cost of what we are actually prepared to deliver — not a reduced-scope version designed to close a contract.

All processing of personal data is governed by the EU General Data Protection Regulation (Regulation 2016/679) and the Irish Data Protection Act 2018. We process personal data only where a lawful basis exists, for defined purposes, and under appropriate technical and organisational measures.

We do not transfer personal data outside the European Economic Area except under Standard Contractual Clauses or an equivalent legal safeguard, and every sub-processor in our supply chain is reviewed for GDPR alignment before engagement.

We do not tolerate harassment, discrimination, or retaliation in any form — inside our organisation or in interactions with clients, suppliers, or partners. Discrimination on the basis of race, gender, gender identity, sexual orientation, religion, age, disability, national origin, or any other protected characteristic is prohibited.

We expect the same standard from every party we engage with. Where a client or supplier environment materially departs from these standards, the engagement is reviewed and, if necessary, exited.

We invest in the continuing development of our people. This is not a perk — it is a structural requirement of the work. Definitional infrastructure requires deep domain understanding, and that understanding must be maintained against a changing regulatory, technical, and sectoral landscape.

Any employee, contractor, client, or third party may raise a concern about conduct that appears to breach this Code — or any applicable law — through the Whistleblowing channel. Concerns are handled confidentially. Retaliation against a person who raises a concern in good faith is itself a breach of this Code and is treated accordingly.

Breaches of this Code are investigated by the Founder and the relevant Chief Executive. Consequences range from documented warning to termination of employment or contractor engagement, and — where applicable — referral to competent regulatory or criminal authorities.

No client relationship, commercial consideration, or personal relationship exempts any person from the obligations in this Code.