Home Blog Wiki Contact
Policy

Guarantees & Ownership

Quality standards and code rights

Your Security, Your Code

One of the primary fears for clients is “Vendor Lock-in” (being tied to an agency forever). With kodav.dev, this risk does not exist. We believe in total transparency and client ownership of their digital assets.

Code Ownership

Upon final payment, the intellectual property and source code are transferred entirely to you. There are no hidden clauses or usage limitations.

What you receive exactly:

  • Full Git repository access: Private repositories on GitHub/GitLab with the complete commit history, branches, and tags.
  • Unlimited license: You can modify, extend, resell, or re-host the software without paying royalties or additional licenses.
  • Future freedom of choice: You will have full autonomy to decide whether to continue with our team, switch to another provider, or manage the software internally.

No technological lock-in

We don’t use proprietary frameworks or custom solutions that tie you to our team. All code is written with standard, open-source technologies, widely documented and supported by the global community.

Any competent developer familiar with the technologies we use will be able to read, understand, and modify the code we’ve written.

Quality Standards

Software quality is non-negotiable. We implement rigorous processes to ensure every line of code meets the highest professional standards.

Code Review

No code goes to production without being checked by at least two senior developers. Every pull request is reviewed to verify:

  • Implementation correctness
  • Adherence to project coding standards
  • Absence of security vulnerabilities
  • Performance and optimizations
  • Code readability and maintainability

This process drastically reduces the risk of bugs and technical debt.

Security (Security by Design)

We implement security best practices according to OWASP (Open Web Application Security Project) standards to protect sensitive data:

  • Input Validation: All user inputs are validated and sanitized to prevent injection attacks (SQL, XSS, Command Injection).
  • Authentication & Authorization: Robust authentication systems with password hashing (bcrypt/Argon2), secure session management, and granular permission control.
  • Data Encryption: End-to-end encryption for sensitive data, both at rest (database) and in transit (HTTPS/TLS 1.3).
  • Security Updates: Continuous monitoring of dependencies for vulnerabilities and timely updates.
  • Penetration Testing: Upon request, we can arrange penetration testing with external security teams.

Technical Documentation

We always deliver comprehensive technical documentation that includes:

  • System Architecture: Diagrams and explanation of the overall architecture, patterns used, and technical decisions made.
  • Setup & Deployment: Detailed instructions for setting up the local development environment and deploying to production.
  • API Documentation: Complete documentation of all API endpoints, with request/response examples.
  • Code Documentation: Comments in code where necessary, with explanation of complex or non-obvious logic.
  • Testing Guidelines: How to run tests, how to write new ones, and how to interpret results.

This documentation allows future teams to work on the code without difficulty, reducing onboarding costs and future maintenance.

Testing & Quality Assurance

Every project includes automated testing:

  • Unit Tests: Testing of individual functions and components.
  • Integration Tests: Testing of interactions between different modules.
  • End-to-End Tests: Testing of complete user flows.
  • Performance Tests: Verification that the system can handle the expected load.

Tests are run automatically on every commit via CI/CD pipeline, ensuring that no changes break existing functionality.

Back to Wiki Back to top