Service × vertical matrix complete (19 combos) + 5 alternative LPs + 3 blog posts + 3 help articles

Combos: matrix complete at 19 entries

Service × vertical landing pages, every realistic intersection covered:

• /web-for-trading — broker dashboards, charting UIs, retail trading platforms (TradingView Charting Library + Lightweight Charts integration patterns).
• /ios-for-trading — Robinhood-pattern mobile-first trader apps with biometric step-up auth, Apple Pay funding, App Store review survival for financial apps.
• /ios-for-ecommerce — DTC native iOS apps with Shopify Storefront API integration, App Clip for QR-commerce, Klaviyo / Postscript / Recharge wiring.
• /cybersecurity-for-trading — broker pentest, FIX protocol audit, market-data feed integrity, settlement-window attacks, fat-finger controls as a security boundary.

Combo total: 12 → 19. Service × vertical matrix now covers every realistic intersection of (web, software, iOS, cybersecurity) × (SaaS, healthcare, fintech, ecommerce, trading).

Alternatives: compliance-platform triad complete

Three new alternative-comparison LPs covering the most common SaaS-founder evaluation searches:

• /alternatives/vanta — honest "we complement, don't replace" framing for the compliance-evidence platform.
• /alternatives/drata — same positioning, different vendor.
• /alternatives/secureframe — third compliance platform; explicitly names all three as competitors with each other in the FAQ ("Pick whichever fits your team's preferences. Hayaiti is a different category — the manual pentest + remediation work").

Alternatives total: 6 → 11. Coverage now spans dev marketplaces (Toptal, Upwork, Lemon-io, BairesDev), productized agencies (DesignJoy, Webstacks), pentest platforms (Cobalt, HackerOne), and compliance platforms (Vanta, Drata, Secureframe).

Blog: 3 new technical + positioning posts

• /blog/multi-tenant-isolation-the-saas-pentest-gap (~600 words) — 5 specific cross-tenant gaps that standard pentests miss: IDOR, broken RLS predicates, JWT scope leaks, shared S3 paths, leaky webhook payloads. Each with how-we-test detail.
• /blog/pci-saq-a-vs-saq-d-a-10x-decision (~500 words) — the architectural decision (tokenize at the edge vs accept raw PAN) that determines $30K-$80K of compliance cost. Concrete bad patterns (Datadog APM body capture, Sentry exception traces, Redis session caching) and good patterns (Stripe Elements + middleware redact-list).
• /blog/when-not-to-pick-hayaiti (~750 words) — honest counter-positioning. 8 sections each titled "Pick someone else if..." covering staff-aug, SOC 2 attestation, bug-bounty pressure, sub-millisecond HFT, brand-name pedigree, exotic stack, weekend-validation, sub-72-hour timeline. Cross-links to 7 of the alternatives.

Help articles: 3 high-leverage pre-purchase Q&A

• /help/do-you-replace-our-vanta-drata-secureframe-subscription — the most common pre-purchase fence-sitter question on /cybersecurity-for-saas.
• /help/will-the-ios-app-work-with-shopify-plus — common ios-for-ecommerce buyer FAQ.
• /help/what-broker-integrations-have-you-done — covers all 4 trading combo pages.

Footer expansion

Added 3 high-value links so every page footer surfaces the new SEO depth:

• /compare ("Compare us honestly") — surfaces the full 14-competitor table including new Cobalt / HackerOne / Vanta / Drata / Secureframe.
• /services-by-vertical ("Solutions by industry") — surfaces all 19 combos via the index page.
• /press (was missing entirely from footer despite the page existing).

Drift fixes during the cluster

While building out the new content, we caught and fixed:

• A blog post quoting wildly wrong SKU price ranges ($48K marketing, $120K+ software, $85K iOS — actual catalog is 2-7x lower).
• An OG image at /services/software claiming "From $19,995" (actually a *web* SKU price; software starts at $2,495).
• An OG image at /services/ios claiming "From $34,995" (actually the App Store SKU price; iOS starts at $6,995 for TestFlight prototype).
• An OG image at /pricing claiming the SKU range "$995 to $49,995" (actual: $2,495 to $34,995).
• A fabricated "Cybertest Labs" 3rd-party MITRE coverage validation claim on /services/cybersecurity (replaced with honest internal-coverage statement).
• 8 /lp/*/opengraph-image.tsx palette/page-accent mismatches.
• 4 dead links (sample-report.pdf, mitre-coverage.pdf, pgp.txt, /docs/stripe-setup.md).

LiveTicker refresh

Added 3 anonymized ticker entries reflecting the new combo work mix: Lumen (multi-tenant pentest + RLS audit), Mintwall (double-entry ledger + Stripe Connect), Anvil & Oar (DTC iOS with Shopify Storefront API). Each entry's price + timeline matches a real SKU.

Why this batch matters

The combo + alternative + blog + help-article pieces all cross-link to each other intentionally — the internal SEO link graph is dense by design, not just 30 standalone pages. A SaaS founder Googling "Vanta vs pentest" lands on /alternatives/vanta, sees the link to /cybersecurity-for-saas, sees the link to the multi-tenant blog post, sees the help article addressing their procurement question, and ends up at /pricing with the entire context in their head. That's the conversion path the cluster is designed for.