Custom Web Applications for SMEs
Glasgow Custom Software Development - Software Built Just for You
Web Apps & Internal Tools
A web app is software you log into. A website is somewhere visitors land. If your users need accounts, permissions, dashboards, or a workspace of their own, you need a web app. We build them for UK SMEs from our Glasgow team: internal tools your staff use every day, customer portals your clients log into, SaaS products you sell to other businesses.
What kinds of web apps we build
Five project shapes cover most of what we ship.
Internal tools. Workflow systems, approval queues, ops dashboards. Your team logs in and gets through work they used to grind through in spreadsheets. Example: a centralised order-and-inventory system replacing eight Excel files at a distribution company.
Customer portals. Your clients log in to track orders, raise support tickets, or pay invoices. Anything that used to be an email thread becomes a screen. Example: a job-status portal so end customers can check progress without phoning the office.
SaaS MVPs. A product you sell to other businesses on a subscription. Multi-tenant (each customer's data walled off), billing-aware, ready to onboard the first ten clients. Example: a niche industry compliance tracker pitched to other SMEs.
Marketplaces. Two-sided platforms with multiple user roles - buyers and sellers, clients and providers. Different dashboards for different people, all transacting in one place. Example: a regional services marketplace matching trades with property managers.
Member areas and paywalled content. Subscriptions, gated resources, course platforms. Stripe (the payment processor) at the door, content behind it. Example: a paywalled knowledge base for an industry association's members.
If your project doesn't fit neatly into one of these, it probably touches two. Real businesses don't sort themselves into product categories.
What this is NOT
This isn't the right page if you want a marketing website. Brochure sites, landing pages, blogs, standard e-commerce stores - sites where visitors arrive, read, and either buy or enquire without logging in - live on our website development service. Fixed-price, faster turnaround, different work.
The honest test: does a regular user need to create an account to get value from your site? If no, it's a website. If yes, it's a web app. Web apps need real databases, real authentication (login systems), permission rules, and a security review before launch. They cost more and take longer because they have to.
Common Questions
Q: What does a web app cost? A: Most SME web apps land between £20,000 and £60,000 fixed price. Internal tools sit at the lower end. Customer portals with payments and notifications sit in the middle. SaaS MVPs and marketplaces run higher. Fixed quote after a free discovery call, not an open-ended hourly meter.
Q: How long does it take? A: Eight to sixteen weeks for most builds. Simple internal tools can be live in six to eight. Multi-role marketplaces or SaaS MVPs typically run twelve to sixteen. You see working software every two weeks from week four onwards.
Q: What about user authentication and permissions? A: Built in from day one, never bolted on. We use AWS Cognito or Auth0 (managed login services) for password resets, multi-factor authentication, and session management - so we're not rolling our own crypto. Permission rules are designed during discovery, not improvised at week ten.
Q: Do you handle GDPR? A: Yes. Data minimisation, user data export, right-to-be-forgotten requests, audit logging, encryption at rest and in transit. We build apps that let you stay compliant - cookie consent, privacy policy hooks, retention policies. UK and EU data stays in UK/EU AWS regions.
Q: Can users see only their own data? A: Yes - this is row-level security, standard on every multi-tenant build. Customer A sees Customer A's data only. Staff see what their role permits. We test this with deliberate attempts to access other users' data before launch.
Q: Can it integrate with our existing systems? A: Almost always yes. Xero, Sage, HubSpot, Salesforce, Stripe, your old Access database, that ancient SOAP endpoint nobody wants to touch - we connect to it. If a system has an API (a way for software to talk to other software), we can wire it in.
Q: Do you do mobile apps too? A: Web apps work on phones - we build mobile-first, so the same login screen works on a laptop and an iPhone. If you need a native iOS or Android app (one users install from the App Store), see full-stack development for our broader app capability.
Q: What stack do you use? A: Python or Node on the back end, React on the front end, PostgreSQL for the database, AWS for hosting. Boring, proven, well-supported. We pick the right tool for your project, not the trendiest framework this week.
Looking for a marketing website instead?
If you've read this far and realised you actually need a brochure site, a landing page, or an online shop - no logins, just visitors - head over to website development. Different service, different work.
What it takes to build a web app
Web apps are not websites with a login bolted on. They're software, and they need to be built like software.
Discovery. We figure out who logs in, what they do once they're in, and what they're allowed to do. Roles, permissions, data ownership. This is a workshop, not a form. Get it wrong here and you rebuild the whole permission model at week ten.
Wireframes. Before any code, you see screens. Not visual design - structure. Where does login go? What does the dashboard show on first load? What's behind each menu? You sign off before we touch the database schema.
Working prototype every two weeks. From week four onwards, you log into something. Real database. Real authentication. Real data. You click around, find what's awkward, tell us. We adjust on the next cycle. No six-month black box.
Real database, real auth, from day one. We don't ship a "we'll add login later" prototype. Login, permissions, and a relational database (PostgreSQL) are in from sprint one. Bolting authentication onto a finished app is how security breaches happen.
AWS hosting. Same stack we use ourselves - AWS with CloudFront (a content delivery network), automatic backups, separate environments for testing and production. UK/EU data residency if you need it.
Security review before launch. OWASP Top 10 check (the standard web vulnerability list), penetration test on the auth flow, row-level security audit, secrets out of the codebase. We try to break it before someone else does.
Honest note: this is more work than a marketing site, and it takes longer. If budget is tight and you only need a brochure, we'll point you back to website development.
"Working with Dataface was seamless. They delivered exactly what we needed, on time and within budget. The ongoing support is excellent."