From lead to launch, and beyond.
What working with QUANT LAB USA actually looks like. Seven stages, concrete artifacts at every step, and pricing transparency we do not hide behind a Contact Sales button.
What this page is for
Most agencies are vague on process because vagueness preserves their negotiating leverage. We do the opposite. The more you know up front about what an engagement looks like, the better the engagement runs.
This page is the customer-facing version of our delivery process. For the engineering internals — sprint structure, CI, security review — see our methodology page. For who is doing the work, see team & leadership.
30 to 45 minutes
Stage 1: Intro Call
Artifact you receive
Honest verbal fit assessment
The first call is real. You describe what you are trying to build or test. Bill asks the questions that determine whether we are the right shop and gives you a straight answer in the same call. If we are not the fit, we tell you immediately and try to point you somewhere better.
There is no presentation deck, no junior salesperson, and no follow-up nurture sequence. You are talking to the engineer who would do the work, from the first minute.
1 week
Stage 2: Discovery
Artifact you receive
Written SOW + technical specification
Discovery is a paid, time-boxed week. We sit with stakeholders, map current workflows, identify integration points, and write down what the software actually has to do. By the end of the week you own a written statement of work and a technical specification.
Discovery output is yours regardless of whether you proceed. If you take it to a different shop, that is fine. We have lost engagements that way and we will lose more. We would rather have you walk away with a useful document than push you into a build that is not right.
Within 1 week of discovery
Stage 3: Proposal
Artifact you receive
Fixed-fee proposal + sprint plan + payment milestones
Proposals at QUANT LAB are fixed-fee with line-item deliverables. You see the sprint count, the deliverable for each sprint, the payment milestone for each, and the total. No hourly mystery meat.
Where genuine unknowns exist, we time-box them as research spikes with explicit caps. You always know the maximum cost of an unknown before you authorize it. The proposal includes an optional maintenance retainer for after launch — you decide whether to bundle it at signing or later.
1 to 3 days
Stage 4: Kickoff
Artifact you receive
Signed contract, deposit, repos, environments, cadence calendar
On signing you pay a deposit, we sign a mutual NDA if you want one, and we provision: GitHub repository in your organization, staging and production environments on Vercel, a Postgres database (Neon by default), Sentry project, and the email or Slack channel where day-to-day communication will happen.
We agree on cadence: a weekly stand-up, a sprint review demo every two weeks, and a written status update every Friday. Calendar holds get set for the full engagement at kickoff so nothing slips because of scheduling.
Two-week cycles
Stage 5: Sprints
Artifact you receive
Working software + sprint review + written changelog
Sprints are two weeks. Each starts with a planning call, ends with a live demo of working software in staging, and is followed by a written changelog and a feedback form you can fill out in your own time. The product is functional at the end of every single sprint, not just at the end of the engagement.
Change requests are normal and they are tracked explicitly. If a request adds scope, we re-estimate and surface the cost impact before doing the work. We do not absorb scope quietly and then surface it later as a budget overage.
Final sprint
Stage 6: Launch
Artifact you receive
Production deploy + smoke test pass + runbook + handoff session
Launch sprint is dedicated to production readiness: final security review, load testing where appropriate, smoke tests against production, monitoring confirmed live, alerts confirmed firing into the right inbox. The runbook gets written, reviewed by your team, and committed to your repo.
On launch day, we sit on a video call while traffic hits production. Any incidents in the first 48 hours are covered by the engagement — they are part of launching, not a separate billable. After day three, production support transitions to maintenance.
Optional, monthly
Stage 7: Support & Maintenance
Artifact you receive
Monthly maintenance report + dependency update PRs + on-call coverage
Most clients sign a maintenance retainer at launch. It covers: dependency updates and security patches, weekly automated dependency PRs reviewed and merged on a schedule, deploy support, monthly health report, and a fixed allotment of feature work hours. Anything beyond the allotment gets quoted up front.
Without a retainer, the code is fully yours and you can run it yourself or hand it to another team. We do not lock clients into our maintenance contract by withholding documentation or repository access. Independence is the design goal.
Pricing Transparency
Real ranges, before the call.
Hiding pricing wastes everyone's time. Here is what engagements actually cost. Final pricing is fixed-fee and depends on the outcome of discovery, but the ranges below are honest from the very first email.
Discovery week
$3,500 – $7,500
Paid, fixed fee. Output is yours regardless of whether you proceed.
Custom software build
$25,000 – $150,000+
Fixed-fee per project, milestone-billed. Scoped against the SOW from discovery.
Custom CRM build
$35,000 – $120,000
See the full breakdown in our CRM development guide for what drives the range.
Web app penetration test
$8,000 – $25,000
Scoped against application size and attack surface. OWASP ASVS Level 2 aligned.
Network or AD pentest
$10,000 – $35,000
Scoped by host count and complexity. Authenticated and unauthenticated tracks.
Maintenance retainer
$2,500 – $8,000 / month
Covers patches, dependency updates, deploy support, and a feature work allotment.
For an in-depth breakdown of pentest pricing, see penetration test cost 2026. For CRM cost structures, see the custom CRM development guide.
What We Will Not Do
The honest part.
We will not take engagements where we do not believe the scope can be delivered. We will not bid against a fixed budget by stripping the scope until the budget fits, because that is how clients end up with software that works for the demo and breaks in week three of production.
We will not undercut on price by skipping security review, CI, or written documentation. Those are baked into every engagement and are part of how the work gets done responsibly.
We will not hide the work of contractors. If a contract engineer is on your project, you will be told who, what they are working on, and that every line they ship passes through founder review before merge.
We will not take engagements that violate our terms or anyone's privacy expectations. Read more about how we handle data on the security practices page.
Where the Process Plugs In
Same process across services.
The seven-stage process above is the same whether you are engaging us for custom business software, a custom CRM, a mobile app, penetration testing, or a web app pentest.
For security engagements, the sprint stage is replaced with a test phase, but everything around it stays the same: paid discovery, fixed-fee proposal, kickoff, time-boxed execution, written deliverable, and optional retest retainer.
Start at Stage 1.
Book a free 30 to 45 minute intro call. You describe the problem, we tell you whether we can help.
Call (770) 652-1282or emailbeltz@quantlabusa.dev