Skip to main content p.— 2026·06·06 2026·06·06 · 20:55 CR 9°56′N · 84°05′W
Enterprise Designed forenterprise decision-makers. Procurement documentation, security posture, compliance roadmap, and engagement model — consolidated for enterprise buyers.
Current Posture
Where we stand today. No aspirational claims. This is an honest assessment of current readiness, not a marketing checklist.
✓ Available◑ In progress○ Roadmap
✓ Bilingual delivery (EN/ES) All deliverables in English or Spanish, per client.
✓ Written scope + signed agreements Every engagement. No exceptions.
✓ Documented runbook on every system Operator runbook tested before delivery.
✓ Credential escrow + access control Credentials transferred to client vault at delivery.
✓ SOC 2 Type II infrastructure Vercel + Supabase, both certified. Studio itself not yet.
✓ NDA + data processing agreements Available and executed for every data-adjacent engagement.
✓ Continuity + backup operator plan Documented, shared with client pre-engagement.
✓ Verified delivery record 4,000+ hrs Upwork · 100% JSS · HPE · Granicus.
◑ Business liability insurance 2025 roadmap item. Available for specific engagements by arrangement.
○ Formal SOC 2 studio certification 24-month roadmap target.
○ ISO 27001 24-month roadmap target.
○ Vendor portal / procurement platform 12-month roadmap target.
Procurement Kit
Documents available on request. The following are available in writing for qualified enterprise engagements. Request any document on a discovery call.
✓ Scope of Work template Customized per engagement before signature.
✓ Non-Disclosure Agreement (NDA) Bilateral. English and Spanish.
✓ Data Processing Agreement (DPA) GDPR-aligned. Available for EU clients.
✓ Continuity & Backup Plan Includes backup operator contacts and runbook structure.
✓ Security Posture Summary Architecture, access control, encryption, disclosure policy.
✓ Proof of Record (LinkedIn + Upwork) Publicly verifiable. Links provided.
✓ Reference engagement summaries Sanitized case studies. Full details under NDA.
✓ Vendor questionnaire responses Completed for standard enterprise security assessments.
○ Business liability certificate In progress. Available Q3 2025 or by arrangement.
○ Formal compliance certification 24-month roadmap. Mitigation: SOC 2 infrastructure used.
Verified Trust Signals
Third-party verifiable. No self-reported claims. Live systems Atlas Criminalidad CR · Public · Running on production infrastructure
See live system ↗ Enterprise Readiness Roadmap
Where we are going, and when. This roadmap is public. We hold ourselves to it.
0–3 months
Immediate — Business liability insurance — in process — Formal vendor questionnaire template — complete — Privacy policy updated for GDPR + LATAM compliance — Security posture document — complete and published — Continuity plan — complete and available on request — DPA template finalized for EU engagements — Reference customer summaries — 3 sanitized case studies 3–12 months
Near Term — Vendor portal / procurement platform (self-serve) — Documented incident response plan — formal version — Annual penetration test on production systems — Formal contractor agreements with vetted specialist network — Partner disclosure and affiliate registry — LATAM regulatory compliance research — Costa Rica, Colombia, Mexico — Documentation portal — public runbook + API reference samples 12–24 months
Long Term — SOC 2 Type II certification — studio level — ISO 27001 readiness assessment — Formal SLA agreements with legal backing — Enterprise-grade support tier with named account management — Third-party security audit — annual — Formal advisory board — established with public profiles Engagement Model
How enterprise contracts are structured. 01 Discovery call No commitment. 45 minutes. We map your problem, constraints, and success criteria.
02 Written scope A detailed scope document with deliverables, timeline, dependencies, and fixed pricing. Returned within 5 business days.
03 Agreements NDA, scope agreement, DPA if applicable. Signed before work begins. Standard templates or your paper.
04 Milestone delivery Work proceeds in documented milestones. Weekly written status. Gate approvals before next phase.
05 Handoff package Runbook, recovery procedures, credentials, change log. Full transfer to your team or nominated technical owner.
06 Post-delivery support 30-day included. 90-day maintenance window available. Retainer arrangements for ongoing systems.
Reference Engagements
Past delivery at scale. Full details available under NDA.
Hewlett Packard Enterprise 2014–2019 Fortune 100 · Technology
150+ country portfolio delivery. Enterprise operations and digital infrastructure. Verified on LinkedIn.
Granicus 2019–2022 US Federal Government · GovTech
US government digital transformation. Public-sector SaaS delivery. Verified on LinkedIn.
Atlas Criminalidad CR 2024–present Civic Intelligence · Costa Rica
Public crime data atlas. OIJ data pipeline, interactive visualization, public deployment. Live and running.
Observatorio Municipal CR 2024–present Municipal Government
82 municipalities. Performance indicator tracking. Government transparency infrastructure.
Request the full procurement package. Discovery call required. We bring the NDA, scope template, security posture summary, continuity plan, and reference summaries to every first call. No forms, no automated sequences.
An AI engineering studio building the next generation of Costa Rican and Latin American software.
San José, Costa Rica · GMT-6
9°56′N · 84°05′W
Alvin Soto · AI Engineering Studio · Established 2024 Maintained from San José. Typeset in self-hosted Instrument Serif & Geist. Built in TypeScript on Vite. ES ink rs@sotoprojdev.com