Case studies.
Three engagements anonymised at customer request. Technical detail plus timelines plus outcomes are accurate. We include what did not improve as carefully as we include what did, because case studies that read as uniformly positive are the case studies that nobody trusts.
Five weeks. Three million emails per month. Schrems II compliant. →
An FCA-regulated UK payments platform migrating from SendGrid to a Slovenian d.o.o. corporate counterparty before the May 2025 contract renewal. SPF over the 10-lookup limit, DKIM at 1024-bit keys still being rejected by Apple iCloud, DMARC at p=none with no aggregate reports, and a fourth domain nobody knew was active.
Six titles. Twelve million sends. Bavarian DPA inquiry resolved. →
A Berlin-based media group migrating off in-house Postfix during an active regulatory inquiry. 18-month log retention vs. 30-day published policy, a reversible bounce-handler hash, an SPF chain that resolved differently on Tuesday than on Friday. Six months. Three teams. The infrastructure can answer fast — the organisation around it answers as fast as the slowest team.
Eighty hospitals. OVH Canada. HDS recertification. →
A French e-health platform forced off OVH after the September 2025 Canadian ruling, with five months to migrate and pass the March 2026 HDS recertification audit. We are not HDS-certified. Honest about that on the first call. The platform's general counsel found a derogation route in the CNIL filing that worked.
Why the cases include what didn't improve
Case studies that read as uniformly positive are the case studies that nobody trusts. We include the deal we declined to expand, the segment we paused and never re-engaged, the food title that under-performs because of mailbox provider mix, the DSAR response time that fell only to 11 days at the organisational level despite the 90-minute number our infrastructure produces in isolation.
Each engagement also has things we got wrong mid-way and corrected. Those are the parts that signal the work is real.