Rescue services
Fixed scope, fixed price, fixed turnaround. No open-ended hourly tab.
Secrets & Access Lockdown
3 business days
- Rotate every exposed key; move privileged calls server-side
- Lock down CORS to an explicit allow-list
- Add rate limiting on auth and form endpoints
- Stop debug/stack-trace leaks in error responses
- Fix authorization (row-level security) gaps
- Valid TLS + HSTS
- Put admin routes behind real auth
- Fix mislabeled client-exposed secrets
- Publish SPF/DKIM/DMARC mail records
Not included: Backups, restore testing, monitoring, and hosting migration (see the Full Production Rescue).
Start with a free auditFull Production Rescue + Migration
7–10 days
- Everything in Secrets & Access Lockdown
- Nightly backups with a timed, tested restore drill
- Uptime monitoring with phone alerting
- Move your app onto Stackbastion managed hosting
- 1 month of your matching subscription tier included
Not included: Multi-app cleanup and GDPR documentation work (see Enterprise Shadow-App Cleanup).
Start with a free auditEnterprise Shadow-App Cleanup
2–3 weeks
- Full Production Rescue + Migration scope, per app
- Inventory every shadow app in scope
- GDPR records-of-processing documentation
- Signed data processing agreement (DPA)
- Migrate every in-scope app onto managed hosting
Not included: App-code bug fixes or new features (always out of scope, at any tier).
Start with a free auditExample scenario
"ExampleCo" scored 12/30 on our free audit: a database key exposed in the frontend bundle, no working backup, and no uptime monitoring. A Full Production Rescue + Migration fixed the key exposure, stood up tested backups and monitoring, and moved the app onto managed hosting in under two weeks. (This is a labeled example, not a real customer, until we have one to share — see `ops/audit-report-template.md`.)
Full scope detail, mapped to each audit check: see docs/rescue/rescue-skus.md.