A studio · AWS-native builds

A SaaS developer building production Next.js applications, deployed on your AWS.

An e-commerce or marketplace frontend, a full-stack SaaS build with AI where it earns its place, or hardened infrastructure with a compliance handoff. Built with Next.js, deployed to your AWS account, documented, and yours to own.

Novendor lock-in.

Noblack-box hosting.

Nohand-off cliffs.

What we build

Three kinds of project. One of them is yours.

Full-stack applications, headless frontends, and migrations to AWS — all built with the same stack, the same baseline security, and the same operational rigor.

Frontend Build

E-commerce and marketplace applications.

Storefronts and marketplaces built on the backend you already trust — Shopify, Stripe, a custom API, whatever runs your commerce. We build the buyer and seller experience, the product and checkout flows, the frontend that actually converts. Next.js, deployed to your AWS.

>_>_ Your commerce backend. A frontend worthy of it.

Built for

● E-commerce brands outgrowing a template theme
● Marketplaces needing buyer + seller experiences
● Teams with a solid API and no frontend to match it
● Founders who own the backend and need the storefront

Full-Stack Build

The whole product, end to end.

Frontend, backend, database, auth, billing, and cloud deployment — the entire development cycle for a SaaS product. AI features where the product genuinely calls for them: streaming chat, RAG, or agentic workflows, provider-agnostic. Already on Vercel or a no-code prototype? The same build moves you onto your own AWS. You get a production app, the infrastructure as code, and the keys.

>_>_ Zero to a SaaS you own.

Built for

● Founders taking a SaaS idea from zero to launch
● Teams between MVP and v2
● Companies that need one person to own the full stack
● Technical founders who need a force multiplier

>_Built on Next.js. Deployed via SST. Hosted on your AWS. Hardened to the controls every compliance framework expects.

Engagements

Two projects. Pick what you need built.

Project pricing is honest. Scope is written before kickoff. Hosting runs on your AWS account at actual cost — no markup, no platform fees, no surprise renewals. Need continuous engineering instead of a one-off project? See Continuous Engineering below.

E-commerce & Marketplace+ Security & Compliance
Storefront hardened to PCI and SOC 2 before launch.
Full-Stack SaaS+ Security & Compliance
HIPAA-eligible architecture from the first commit.

How we work

Five things, done well.

Design

Functional, clean interfaces. We’re not a Dribbble-tier visual design shop, but we build UIs that work — responsive, accessible, fast, and easy to navigate. If you’ve got a designer or a Figma file, even better; we’ll implement it precisely.

Build

Next.js with TypeScript, written like a real codebase: typed end-to-end, component-driven, properly tested where it matters. AI features wired in properly when the product needs them — not bolted on. Every frontend ships with a CMS so your team can update content without touching code. No template fragments, no AI slop. You get a repo you (or your future engineering team) can actually maintain.

Secure

Baseline security is included on every build: input validation, Cloudflare Turnstile on forms, Cloudflare proxy for DDoS mitigation, HTTPS enforced, secrets in a real secret store, and least-privilege IAM. For teams with compliance needs or sensitive data, our Security Baseline add-on hardens the entire AWS account against the controls every framework expects.

Deploy

SST or AWS CDK to your own AWS account. Custom domain, SSL, CDN, environment management, CI/CD via GitHub Actions, real observability. The infrastructure is code; the code is yours.

Hand off

Documentation that an engineer can actually use. Runbooks for the things that break. A walkthrough call where we show you the AWS console, the CI/CD pipeline, and how to deploy a change yourself. No lock-in to us; no surprises later.

Selected work

Real projects. Real websites.

A booking flow integrated with Square Appointments, payment intents through Square Checkout, and a marketing site with menu and hours. Built in Next.js, deployed to AWS via SST.

View project

A marketing site for a construction company with a CMS-driven projects gallery, contact handling, and AWS deployment.

View project

This site, built with Next.js App Router, Sanity for content management, Cloudflare Turnstile for form protection, and deployed to AWS via SST.

View project

Why Runtime Designs

Most freelance developers deploy to Vercel and disappear. We build on your AWS, harden it to real security standards, document everything, and hand you the keys.

Cloud-native, not platform-native

Five years of AWS cloud engineering before we ever built a website. We understand IAM, VPCs, secrets management, observability, and cost — and we build with that fluency. Your app runs on your account, your way.

Security baked in

Every build ships with input validation, Cloudflare Turnstile, Cloudflare proxy, HTTPS, and proper secret management. For teams with compliance scope, our Security Baseline add-on hardens the whole AWS account to the CIS AWS Foundations Benchmark — a foundation toward NIST, ISO 27001, SOC 2, PCI, and HIPAA. Security isn't a phase two; it's the floor.

Real infrastructure as code

Every project ships with SST or CDK infrastructure code, versioned in your repo. No “click here in the console to deploy.” If you ever need to migrate to another developer or hire in-house, the infrastructure is documented and reproducible.

The handoff is the product

The deliverable isn’t just a running app. It’s a repo, an IaC stack, deployment docs, runbooks, security configuration, and a handoff walkthrough. The point is for you to own this, not depend on us to keep it running.

No platform tax

Vercel, Netlify, and Heroku mark up AWS by 3–10x and charge per request, per build minute, per seat. On your own AWS account you pay AWS prices directly — typically $20–$200/mo for production workloads instead of $500–$2,000. The savings compound for the life of the app.

You work with the engineer

No account manager, no offshore handoff, no junior dev assigned to your project while the senior pitches the next one. You talk directly to the person writing the code and deploying the infrastructure. Decisions happen in hours, not sprints.

How it works

Five steps. That's it.

01
Discovery call
A 30-minute call to understand what you’re building, who it’s for, and what success looks like. Free, no pitch. If we’re not a fit, we’ll tell you and try to point you somewhere better.
02
Scoped proposal
A written proposal with milestones, deliverables, fixed or hourly pricing, timeline, and any security or compliance add-ons. You’ll know exactly what you’re getting before we start.
03
Build in your repo
We work in your GitHub (or set one up for you on day one). Daily commits, weekly check-ins, preview deployments for every PR. You see progress in real time, not at the end.
04
Deploy to your AWS
SST or CDK deploying to your AWS account from your CI/CD pipeline. Custom domain, SSL, baseline security, monitoring, alerting, the operational layer. You own all of it from the moment it’s live.
05
Handoff and ongoing
Documentation, runbooks, and a walkthrough call. From there, you can take it in-house, hire someone else, or keep us on a retainer for ongoing work. No lock-in.

For the curious

A look under the hood.

Every project we ship is real, hand-written code, deployed via infrastructure as code, with security wired in from day one. No drag-and-drop, no black boxes. Here's what that actually looks like.

Hand-written code, not template fragments
Infrastructure as code via SST or CDK
CMS-managed content on every frontend
Cloudflare Turnstile, input validation, and HTTPS on every form
Auth, payments, and integrations wired up properly
Versioned in Git — every deploy traceable
Yours to read, fork, and edit forever

>_ If this all looks like Greek, that's fine — you don't have to read it. We do.

sst.config.ts

Engagements

Three projects. Pick what you need built.

Project pricing is honest. Scope is written before kickoff. Hosting runs on your AWS account at actual cost — no markup, no platform fees, no surprise renewals.

E-commerce & Marketplace

Storefronts and marketplaces on the backend you already trust.

5–8 weeks$20K–$50K

Next.js frontend deployed to your AWS account
Integration with Shopify, Stripe, a custom API, or your existing commerce backend
Buyer and seller flows, product and checkout experience — wired to the chosen backend
Typed code, IaC, CI/CD, observability — production-ready
Scope written before kickoff — fixed scope, fixed price
30 days of post-launch support included
Source, infrastructure, and runbooks transferred at handoff

Most engagements

Full-Stack SaaS

End-to-end SaaS, with AI when the product calls for it.

8–12 weeks$30K–$75K

Full-stack SaaS on Next.js + SST, deployed to your AWS account
Auth, database, billing, storage, queues, CI/CD, observability — production, not demo-ware
AI features when the product calls for them — streaming chat, RAG, tool use, or agentic workflows, provider-agnostic
Existing Vercel app or no-code prototype migrated onto your AWS as part of the build
Per-feature cost and usage observability where AI is in scope
Scope written before kickoff — fixed scope, fixed price
30 days of post-launch support included
Source, infrastructure, and runbooks transferred at handoff

>_ Add to any project

Production-grade security, built in.

Engineering implementation of the controls that recur across every major compliance framework, plus a mapping document to the one your client cares about. Attaches to any tier above.

+ ADD-ON

Security & Compliance Baseline

Eight control families. One framework mapped.

2–3 weeks$15K–$22K

Eight control families

Identity & AccessAudit & LoggingEncryptionNetworkThreat DetectionBackup & RecoveryChange ManagementInventory & Tagging

Framework mapping included — pick one

HIPAA § 164.312SOC 2 CC6.xPCI DSSISO 27001

Additional frameworks: +$3K–$5K each

Not in scope: framework certification or audit, HIPAA/SOC 2/PCI/ISO/NIST implementation, the certification audit itself, legal review of BAAs or DPAs, written policies and procedural documents, penetration testing, or continuous monitoring services.

Let's talk

Tell us about your project.

We respond within one business day. No sales pitch, no pressure — just a real conversation.