When NOT to pick Hayaiti

Most agency homepages spend their copy explaining why they're the right fit for everything. The problem with that pitch is it's almost never true. Productized engineering studios are a *shape* of vendor, not a universal one — and the shape doesn't fit some real, common buyer needs.

This is the public list. We update it when we notice a new pattern.

Pick someone else if your scope is genuinely staff-aug

If you need 5+ engineers embedded into your codebase for 3+ quarters, running standups with your PMs, owning a roadmap you set monthly — that's a staff-augmentation engagement. Our SKUs are bounded deliverables shipped on a calendar. The unit of accountability is different.

Vendors that fit that shape better: BairesDev, Toptal pods, regional nearshore firms with bench depth. We've written more on this at /alternatives/bairesdev.

Pick someone else if you need a SOC 2 / ISO / HITRUST attestation

We do compliance *readiness* — we map your controls, identify gaps, ship the technical work the auditor wants to see. We do not issue attestations. We are not a CPA firm and we are not HITRUST-authorized.

Compliance evidence platforms: Vanta, Drata, Secureframe. Each automates the evidence treadmill across your stack. Our pentest work feeds into their dashboards as evidence; they don't replace each other.

Pick someone else if you need continuous bug-bounty pressure

Bug bounty programs find a class of vulnerabilities that point-in-time pentests structurally miss — chained vulnerabilities discovered weeks after a deploy, novel attack vectors from researchers with unusual specializations, the "long tail" of issues that emerge when thousands of eyes look at the same surface.

HackerOne and Cobalt.io own that machinery. Our scheduled pentests complement that work, but they're not the same thing.

Pick someone else if you need sub-millisecond HFT engineering

Kernel-bypass NICs, FPGA acceleration, co-location at CME, microwave links between Aurora and the carry — that engineering discipline is not us. We're great for daily-to-intraday trading software (5-minute bars and slower), broker dashboards, and trading platforms. For HFT itself we'll refer you to specialist shops.

Pick someone else if you need brand-name pedigree

If your enterprise procurement requires a vendor whose logo on the invoice helps the deal close — Big Four consulting, named-account nearshore firms with thousand-engineer benches, the firms that show up at industry conferences with sponsored booths — that's a different buying surface than ours. We sign NDAs, MSAs, and standard contractor terms quickly for projects under $25K. We are not currently SOC 2 attested. If your procurement gauntlet requires SOC 2 Type 2 from your vendors as a precondition, we won't pass that gate today.

Pick someone else if your stack is genuinely exotic

We work in modern web (Next.js, React, Node, Python, Go), modern mobile (Swift, SwiftUI), modern cloud (AWS, GCP, Cloudflare), standard auth (OAuth, SAML, magic links). For 15-year-old Java EE applications, SAP ABAP migrations, COBOL maintenance, mainframe work, ICS/SCADA security — we'll tell you upfront. Larger benches exist for that work; ours doesn't.

Pick someone else if you want to validate this weekend on $0

No-code tools (Webflow, Framer, Bubble, Glide, Softr) are the right answer for "will anyone use this?" pre- revenue questions. Spending engineering money on a hypothesis that hasn't been validated is the wrong order of operations. Validate with a Webflow page, then come to us when you need a real codebase.

Pick someone else if your timeline is "ASAP / ~1 week"

We have a free 24-hour audit. We have 5-day landing pages and 7-day security audit + fix SKUs. Beyond that — anything that touches custom data models, auth flows, multi-screen UI, or integration testing — needs more than 7 days of calendar time done right. If "ASAP" really means 72 hours, we're not the right shape.

Why publishing this is actually marketing

The longest-tenured customer relationships start with the buyer trusting that we'll tell them the truth even when it costs us a deal. The cost of saying "we're not the right fit, here's who is" on a single bad-fit deal is small. The compounding upside is the kind of trust that survives discovery cycles, scope changes, and the occasional production incident.

If you read this list and we're still the right fit — book a SKU on /pricing. If you read this list and someone else is — the links above are real, those vendors are good, and we'd rather you go to them than be unhappy with us.