Pricing

Two ladders. One named operator.

Four web tiers (Lite / Maintained / Growth / Embedded) and two email tiers (Practice / Enterprise). Pick a rung that fits the relationship you actually need — custodian, operator, or fractional CTO. EU-sovereign infrastructure throughout. Cancel any time on every tier.

Commodity WordPress maintenance

Webhive Digital

£350/mo

Plugin updates + backups
Generic shared hosting
Email ticket support
No named technical contact
No source-code escrow
No emergency SLA

CTO-led custodianship

UKWM Lite

£295/mo

Named technical contact on your compliance file (Jordan, by name)
Source-code escrow — your private GitHub repo, you're a collaborator from day one
4-business-hour emergency SLA in writing
Annual audit declaration the practice can hand to its regulator
24/7 uptime monitoring, daily encrypted off-site backups, monthly Lights-On report
EU-sovereign infrastructure (Vercel lhr1)

£55/mo less, materially more accountability. Lite is the floor of the ladder — not the bottom of a value chain.

Web infrastructure

Four rungs of relationship.

Pick the rung based on what you want Jordan accountable for — custodianship, steady forward motion, an embedded growth operator, or a fractional CTO seat on the organogram.

Lite

Monitored & on call

295 / month

Annual £2,832 (£236/mo equiv, save 20%)

No setup fee.

Someone watching your site so you don't have to. No growth work.

Best for: Established 5-15-person UK regulated practice with a stable site.

Named operator
Source-code escrow
4h SLA

Included

24/7 uptime monitoring
SSL / certificate renewal
Domain-expiry alerts
DNS custodianship (changes ≤1 business day)
Daily encrypted off-site backups (30d retention + 12mo monthly)
Monthly security patching
1-page monthly Lights-On report (uptime, response time, security events)
GDPR / cookie compliance baseline
Monthly form-delivery integrity check
Named technical contact on compliance file
Source-code escrow (private GitHub repo, you are a collaborator)
Quarterly 30-min review call
4-business-hour emergency SLA

Explicitly excluded (so we agree upfront)

Content changes >15min or >2/quarter
New pages
SEO / growth work
CRM / email infrastructure
Third-party integrations beyond what existed at onboarding
Email mailbox provisioning (separate Email ladder)
Compliance certification project work
<4h emergency SLA

Upgrade trigger: >2 substantive change requests per quarter, OR site traffic crosses 1,500 unique/mo, OR form submissions >5/mo.

Start Lite — £295/mo WhatsApp a question

Maintained

495 / month

Annual £4,752 (£396/mo equiv, save 20%)

£0 setup on annual prepay; £495 setup on monthly.

Custodianship plus one substantive growth move every month.

Best for: Practice Owner at a £600k-£2M regulated UK firm wanting steady forward motion.

Single-point-of-contact
1 substantive piece/mo
Capsule CRM included

Included

Everything in Lite
Managed hosting on Vercel Pro (lhr1 EU-sovereign)
1 substantive content piece per month (1,200-1,800 word article OR equivalent page rebuild OR CRO experiment) delivered by 20th
Monthly performance report (Plausible + Search Console + technical SEO change log) by 7th
Quarterly compliance posture review (GDPR/PECR, DPA status)
Up to 2h/month copy edits (rolls 1 month if unused)
Managed DNS + email-auth posture (SPF/DKIM/DMARC p=quarantine min, MTA-STS, TLS-RPT)
Capsule CRM Free tier provisioned + connected to forms
Helpdesk inbox (single named operator, 1 business day ack, 2 business day resolution)
Quarterly 30-min strategy call
Light technical-SEO maintenance (monthly broken-link scan, sitemap, schema.org)
Source-code custody (transfer to client repo on request from month 13)
Annual brand-asset refresh (1 round at month 12)

Explicitly excluded (so we agree upfront)

Lead-gen infrastructure
Newsletter / broadcast
Paid-channel work
>1 substantive piece/mo (£150 each ad-hoc, or upgrade to Growth)
Full rebuilds
EU-sovereign mailboxes (separate Email tier)
Compliance certification projects
Clinical / case-management software integration beyond form intake

Upgrade trigger: Form submissions >10/mo for 2 consecutive months, OR client requests a 2nd article, OR traffic crosses 5,000 unique/mo, OR lead-magnet / newsletter / ad campaign integration.

Start Maintained — £495/mo WhatsApp a question

Most chosen

Growth

Active acquisition engine

1,495 / month

Annual £14,352 (£1,196/mo equiv, save 20%)

£1,495 one-time setup — covers Vercel lhr1 migration, Capsule provisioning, Resend EU + Listmonk wiring, DMARC monitoring, Plausible install, lead-source attribution setup, 2 weeks of co-design.

A CTO-operated growth function: CRO, content cadence, and integrations that compound monthly.

Best for: Practice Owner / MD investing in acquisition; wants the engine ads pour into.

Most chosen
Fortnightly cadence
Embedded CTO operator

Included

Everything in Maintained
Fortnightly 45-min strategic call (calendar-locked Tue/Thu) — pipeline metrics, content roadmap, CRO experiment results
4 long-form articles/mo (1,200-2,000 words, AI-assisted research with human edit, structured for your named service lines, SEO-optimised)
1 monthly CRO experiment with documented hypothesis / before / after / statistical confidence / rollback plan
1 lead-magnet build per quarter (gated PDF / calculator / postcode-checker) wired into Capsule
2 newsletter broadcasts per month (curated practice update + service-line educational) on Listmonk / Resend EU
Capsule CRM operation — pipeline configuration, lead-source tagging, hot-lead alerts to your phone, weekly hygiene pass
Up to 2 third-party integrations live & maintained (Cliniko/Acuity → Capsule, Stripe → Xero, WhatsApp Business etc.)
Quarterly competitor + SERP audit (top 5 named local competitors)
Up to 6 substantive site changes per month (new pages, landing pages, navigation, design adjustments)
Active uptime monitoring + 4-business-hour SLA on incidents
EU-sovereign infrastructure baseline (Vercel lhr1, Cloudflare Email Routing, SPF/DKIM/DMARC at p=reject, IPv6, HSTS, CSP, structured monitoring)
Direct WhatsApp/Signal access to Jordan (4 business hour response on questions, 24h on small changes)

Explicitly excluded (so we agree upfront)

Paid media management (Google/Meta/LinkedIn ad-spend bought/optimised)
Custom application development beyond webhook integrations
Compliance certification work (Cyber Essentials Plus, ISO 27001, DSPT, DPIAs)
Phone/video consultations outside fortnightly slot (ad-hoc CTO time at £1,000/hr)
Real EU-sovereign mailboxes (separate Email tier — Cloudflare Email Routing forwarders are baseline)
Multi-site / multi-brand operation (1 primary + up to 2 supporting microsites)
Print/video production
Vendor management on client's behalf

Upgrade trigger: Client takes >8h/mo of Jordan's time outside scope for 2 consecutive months, OR integration count exceeds 3 active or requested, OR client acquires another business / opens 2nd location, OR client crosses 25 staff or asks for board-level technology reporting, OR regulatory burden materially shifts.

Start Growth — £1,495/mo WhatsApp a question

Embedded

Fractional CTO

6,000 / month floor

Annual £57,600 (£4,800/mo equiv, save 20%)

£3,000 one-time onboarding — 2-day discovery + written baseline technology assessment + 12-month roadmap. Waived on 12-month annual prepay.

Your fractional CTO across every site, mailbox, vendor and audit — embedded, accountable, on call.

Best for: Founder / MD of a £1.5-£8M regulated multi-site group with a technology bottleneck.

Bespoke pricing above floor
WhatsApp / call only
Board-level accountability

Included

Named Fractional CTO seat on the organogram
Monthly 90-min executive technology review
Quarterly board pack (technology section: KPI movement, risk register, vendor spend, headcount needs)
12-month technology roadmap ownership (live in Linear/Notion, monthly formal review)
Multi-site web operation (up to 4 sites on EU-sovereign infra with shared design system)
Full email + identity infrastructure (DMARC at p=reject across every sending subdomain, MTA-STS, TLS-RPT, weekly digest)
Vendor + contract negotiation (Jordan signs off with Director countersignature)
Compliance posture management (DSPT, Cyber Essentials, Cyber Essentials Plus, ISO 27001 readiness, GDPR ROPA)
Hiring + team-build support (up to 4 hires/year on the interview panel)
Incident response (4h business / 12h OOH SLA on tier-1 incidents)
Quarterly architecture review
Embedded helpdesk inbox (help@ alias, business hours)
Annual full-day strategy session (written technology plan output)
Acquisition / integration diligence (up to 2 deals/year included)
Out-of-scope work at preferential ad-hoc CTO rate

Explicitly excluded (so we agree upfront)

Daily hands-on coding
Day-to-day engineering management of >2-engineer in-house team
24/7 on-call (4h business / 12h OOH SLA is the cap)
Third-party software licences themselves (Microsoft 365, Proton, Capsule, ISO 27001 cert body fees, VMC certificate — pass-through at cost)
Lead-implementer role on ISO 27001 first-year cert
>4 sites under management (bespoke uplift)
Marketing strategy, paid-media buying, copywriting beyond technology comms
Litigation / expert-witness work

Upgrade trigger: TOP of ladder. Bespoke pricing layered above the £6,000/mo floor when scope exceeds the 15 deliverables below.

Book an Embedded discovery call Read the sovereignty case

Web + Email bundles

How clients usually combine them.

Bundle pricing applies 10% off the email base when paired with a same-band web tier. Seats remain pass-through at £15/seat/mo.

5-seat clinic

Composition: Maintained + Practice (5 seats)

Math: £495 + (£195 × 0.9) + (£15 × 5) = £645.50 → £670/mo

Single-site, single-domain, single-regulator. Most common entry bundle.

£670/mo
30-staff multi-site

Composition: Growth + Enterprise (30 seats)

Math: £1,495 + (£895 × 0.9) + (£15 × 30) = £2,840.50 → £2,840/mo

Growth-stage regulated practice with multi-jurisdiction email needs.

£2,840/mo
Multi-site group (Embedded)

Composition: Embedded + Enterprise (50 seats)

Math: £6,000+ + (£895 × 0.9) + (£15 × 50) = £7,555.50+ → from £7,645/mo

Bespoke pricing layered above the £6,000/mo Embedded floor as the scope grows.

from £7,645/mo

You may also need email infrastructure → Two tiers · From £195/mo + £15/seat

Email infrastructure

Two rungs of regulated email.

Practice for a single-domain UK regulated firm. Enterprise for a multi-jurisdictional group. Sovereign is an internal multi-domain uplift — quoted by Jordan when needed, not a public SKU.

Practice

Compliant encrypted email for a single regulated practice

195 / mo base + £15/seat/mo

Annual base £1,872 (£156/mo equiv, save 20%) · seats remain pass-through.

£395 one-time — covers DNS audit, migration runbook, scheduled out-of-hours cutover for up to 15 mailboxes, 14-day dual-delivery monitoring, MFA rollout session, and an offboarding kit.

Compliant, encrypted email infrastructure for a single regulated UK practice on one domain.

Best for: Single-site UK regulated practice, 5-15 staff, one apex domain.

EU-sovereign
Up to 15 mailboxes
DMARC p=reject within 30d

Included

DNS config of 1 apex domain (SPF hardfail -all, DKIM 2048-bit annual rotation, DMARC p=quarantine → p=reject within 30 days, MTA-STS, TLS-RPT)
Up to 15 EU-sovereign real mailboxes on Proton Mail Business (full IMAP/SMTP, calendar, contacts, 30-day deleted-item recovery)
Migration from incumbent (M365 / Workspace / GoDaddy / cPanel) including content, calendars, contacts, distribution lists
Monthly deliverability report (DMARC aggregate parsed, top sending sources, spam-folder rate)
Quarterly compliance evidence pack tailored to one regulator (DCB1596 for healthcare / SRA's encrypted-transmission requirement for law / ICAEW client-data guidance for accountancy)
Cloudflare Email Routing for unlimited additional aliases
MFA enforcement + password policy baseline
Encrypted attachment delivery flow
Same-business-day SLA on email incidents
Annual DKIM key rotation + MTA-STS refresh + TLS verification + DNSSEC verification
Offboarding-on-cancellation kit (mbox/EML exports, DNS zone file, DMARC archive, evidence pack)

Explicitly excluded

DMARC on multiple sending subdomains (Sovereign-bundle uplift)
Dedicated transactional outbound subdomain or warm-up campaign
BIMI / VMC issuance
Fractional CTO time / architecture review
Clinical-software SMTP integration
Phishing simulation programme
Mailbox content recovery beyond 30 days
Additional domains

Upgrade trigger: Seats cross 15 OR a 2nd domain enters scope OR practice starts sending automated transactional email OR DMARC needs reconciliation across shadow senders → Sovereign-bundle uplift (+£100/mo). Any of those + multi-regulator burden + >30 seats → Enterprise.

Start Practice email — £195/mo + £15/seat Bundle with a web tier (10% off email base)

Enterprise

Multi-jurisdictional regulated email infrastructure

895 / mo base + £15/seat/mo

Annual base £8,592 (£716/mo equiv, save 20%) · seats remain pass-through.

£4,500 one-time — 60-90 day migration project for up to 40 seats, DMARC ramp from p=none → p=quarantine → p=reject with weekly aggregate review.

Multi-jurisdictional regulated email infrastructure with named operator accountability.

Best for: Operations Director at a 30-100+ staff regulated multi-site practice.

Multi-jurisdictional
Multi-subdomain DMARC p=reject
BIMI / VMC optional

Included

DMARC at p=reject across all sending subdomains
Dedicated outbound subdomain architecture (mail.firm.co.uk / txn.firm.co.uk / partners.firm.co.uk)
Multi-jurisdiction mailbox hosting (Proton EU-sovereign for partner/FCA/Caldicott + M365 hybrid for client-facing mailboxes)
Quarterly Compliance Posture Pack (signed PDF mapping email infra against applicable regulators)
Monthly DMARC + deliverability review call (45-60min with compliance officer)
4-hour SLA on email-spoofing reports / deliverability incidents
Annual DKIM rotation + TLS posture review
BIMI + VMC/CMC standup if elected
Self-hosted Listmonk for partner / client-marketing newsletters
Sub-processor register maintained
Staged migration from incumbent stack
Secure-email portal integration (Egress / Galaxkey / Microsoft Purview Message Encryption)
Annual phishing-simulation campaign
Named contact in client's regulator-facing artefacts (ICO record-of-processing, SRA Lexcel, ICAEW evidence)

Explicitly excluded

Day-to-day non-email IT support
End-user mailbox training
SaaS practice-software integration debugging beyond SMTP relay
Litigation hold / e-discovery / expert-witness
Drafting substantive regulatory policies
Custom software dev
>2 outbound broadcasts/mo via Listmonk
On-premises Exchange / hybrid AD

Upgrade trigger: TOP of the email ladder (Sovereign uplift is implicit at this scale). Beyond this the conversation is Embedded web + Enterprise email as a bundle.

Book an Enterprise email discovery call Bundle with a web tier (10% off email base)

Want email only? See the dedicated /email page →

How CTO-led pricing works

Why CTO-led pricing isn't an agency rate.

Three reasons the ladder is priced the way it is — and why the relationship is the product, not the page count.

Custodian → operator → embedded — the relationship changes by rung

Lite buys a named technical custodian whose phone number is on the contract when something breaks. Maintained adds a single-point-of-contact and one substantive growth piece every month. Growth is an embedded CTO-operated function on a fortnightly cadence. Embedded is a fractional CTO seat on the organogram, answerable to your board. The deliverable list is downstream of which relationship you want.
Modern stack, defaulted to EU-sovereign

Vercel lhr1 hosting, Proton Mail Business for real mailboxes, Cloudflare Email Routing for aliases, Resend EU for transactional outbound, Listmonk for broadcasts, Capsule UK for CRM, Plausible Germany for analytics. DMARC at p=reject is standard from Maintained up; on Lite the email-auth posture is at minimum p=quarantine. Encrypted by default, regulator-legible by design.
One human's name on the contract

Every tier has Jordan Gilbert as the named accountable technical contact on your compliance file. Source-code escrow on day one — your code lives in a GitHub repo you're a collaborator on. Cancel any time and you keep the code, the DNS zone file, the DMARC archive, the evidence pack. The price is for the accountability; the maintenance is the floor underneath it.

Questions about pricing

The things people ask first.

Is it really £295 a month?

Yes, on the Lite tier — a named-operator custodianship covering 24/7 uptime monitoring, SSL + domain expiry watch, daily encrypted off-site backups, monthly security patching, source-code escrow (your repo, you're a collaborator), a 1-page monthly Lights-On report, a 4-business-hour emergency SLA and Jordan Gilbert's name on the contract as the technical custodian. No setup fee. £295 charges on the same day every month until you cancel. Maintained (£495), Growth (£1,495) and Embedded (£6,000+) are the rungs above — they add growth work, fortnightly cadence, and fractional-CTO scope respectively.

When does the first charge land?

Today, the day you start your subscription. Stripe charges the monthly amount immediately and then on the same day every month after, until you cancel. No surprise bills; you can cancel from your Stripe email any time and the next month simply doesn't bill. Growth and Embedded carry one-time setup fees (£1,495 and £3,000 respectively, the Embedded fee waived on annual prepay) — Lite and Maintained do not.

What if I want to cancel?

Cancel any time — one-click from your Stripe email. The subscription ends at the end of the month you've already paid for. Within the first 14 days you have a full statutory cancellation right under the Consumer Contracts Regulations 2013. Source code lives in a repo you're a collaborator on from day one — cancellation means I step out of the collaborator role and you keep everything. Email-tier cancellation also returns an offboarding kit (mbox/EML exports, DNS zone file, DMARC archive, evidence pack). See /refund for the precise framing.

What if I already have a website?

Even better — send it over. Lite assumes the site already exists and just needs a custodian; Maintained will nudge it forward; Growth or Embedded will rebuild it properly on EU-sovereign infrastructure as part of the setup phase.

Can I pay annually for a discount?

Yes — 20% off on every recurring product on annual prepay. Lite £2,832/yr (£236/mo equiv), Maintained £4,752/yr (£396/mo equiv), Growth £14,352/yr (£1,196/mo equiv), Embedded £57,600/yr (£4,800/mo equiv — and the £3,000 onboarding fee is waived). On email: Practice £1,872/yr (£156/mo equiv) + seats, Enterprise £8,592/yr (£716/mo equiv) + seats. Cancellation rights are identical — 14-day statutory refund under the Consumer Contracts Regulations 2013; after that, annual prepay isn't refunded pro-rata but you keep the service until renewal.

What is the Sovereign email tier?

Sovereign is an internal multi-domain attachment, not a public SKU. If you grow past 1 domain or add shadow-senders, your existing Practice tier becomes Sovereign-equipped via a £100/mo uplift, quoted by Jordan when needed. You don't pick it cold from a menu.

What if Jordan disappears?

Every tier includes source-code escrow on a private GitHub repo you're a collaborator on from day one — if I vanish, you already have the code, the DNS zone file, and the documented handover SOP. Practice and Enterprise email tiers include an offboarding kit (mbox/EML exports, DNS zone file, DMARC archive, evidence pack) on cancellation for the same reason. Embedded carries an additional written 12-month roadmap living in Linear/Notion that an incoming CTO can pick up.

Do I need both web and email tiers?

No. Most clients pick one. Bundle pricing gives 10% off the email base when paired with a same-band web tier, but standalone is fine — buy a web tier without email, or run a Practice email subscription on a site I don't maintain. The ladders are deliberately independent.

Looking for more? See the full FAQ on the home page, or WhatsApp me and I'll answer straight.

Not sure which tier?

Not sure which rung?

WhatsApp me. I'll ask about your practice in plain English and tell you straight which rung fits — or whether you'd be better served elsewhere.

WhatsApp me Start on Lite — £295/mo

Two ladders. One named operator.

Four rungs of relationship.

Included

Included

Included

Included

How clients usually combine them.

5-seat clinic

30-staff multi-site

Multi-site group (Embedded)

Two rungs of regulated email.

Included

Included

Why CTO-led pricing isn't an agency rate.

Custodian → operator → embedded — the relationship changes by rung

Modern stack, defaulted to EU-sovereign

One human's name on the contract

The things people ask first.

Not sure which rung?

Ready for the web + email infrastructure your practice should already have?