Trust and due diligencecontracts and security, in plain language

How we contract, handle your data, and who we are.

A monthly plan with 30 days' notice. You own 100% of the code and your accounts from day one. We work inside your cloud, your systems, and your logins.

The principles we apply on every project.

We sell software development as a service, not access. Our contracts, our security practices, and the way we work all come from one simple rule: you should be able to stop the engagement on 30 days' notice, with no surprise costs and nothing stuck on our side.

  • You own access and accounts

    Your code, your cloud, your domain, and your release pipeline. We work inside your systems, not ours. Nothing about your product is locked behind us.

  • Only the access we need

    Named engineers with limited access, using single sign-on where possible. We start with the minimum, widen only if the work needs it, and log what we touch.

  • Your information stays private

    Whatever you share with us (roadmap, numbers, team details) stays with us. We never use any of it in public material without your written approval.

  • A long track record

    Five years as Antdragon. The founder has ten years of hands-on software delivery across regulated industries, enterprise clients, and venture-backed companies.

The commercial side.

Anything not listed here sits in the main services agreement. We are happy to sign under your template or ours, whichever is faster.

Who you contract with
Antdragon Sdn Bhd (Malaysia)
Type of engagement
Monthly plan, billed per month
Notice to pause or stop
30 days written notice, on any business day
Code and ownership
100% yours. All work is assigned to you in writing.
Billing
Monthly in advance. Payment terms of 14 days by default.
Refunds
Full refund if you cancel within the first 7 days
Currency
USD or MYR

How we handle security.

We do not hold a SOC 2 certification yet, but we follow a disciplined set of practices that have passed security reviews at banks, government programmes, and enterprise buyers. We can share the details in a questionnaire or on a call.

Access to live systems
Controlled by you. Single sign-on preferred.
Where your data lives
Inside your own cloud. We do not move it out.
How we handle logins and keys
Never shared over chat or email. Stored in a password manager, with named accounts.
Laptops and devices
Encrypted drives, with device management on managed laptops
Two-step login
Required on every service we use on your behalf
Code review
Every change is reviewed, with automated tests passing before it can be merged. No overwriting shared branches.
Checks for accidental secrets
Automated scans that catch passwords and keys before code is saved
When something goes wrong
A named lead, a written plan, and updates sent to you on the channel you choose