Managed website infrastructure for UK businesses.
Hand-crafted, AI-assisted UK website systems. EU-sovereign by design.
| live UK sites | industries shipped | PageSpeed (desktop) | starting tier · /mo | engineer answers your email |
- What we run
- How it works
- UKWM vs the traditional agency
- Verifiable proof
- Engineering principles
- The stack
- Compliance + security
- Recent thinking
- Get in touch
- About this organisation
Not project work — infrastructure. Every site we ship is designed, built, hosted and continually upgraded by the same engineer, every month. Three tiers from £45/month, cancel any time under UK Consumer Contracts Regulations.
| Vertical | What we ship |
|---|---|
| 🏥 Healthcare | Clinic, dental practice, GP websites — EU-sovereign hosting, named compliance posture |
| ⚖️ Legal + accountancy | Solicitor + accountant websites — SRA / ICAEW confidentiality posture, fixed-fee guidance |
| 🛠 Trades + construction | Builder, electrician, gas, roofer, removals — tap-to-call, service-area focused |
| 🍽 Hospitality + retail | Restaurant, takeaway, café, car dealer — menu-led, stock-led, conversion-first |
| 📅 Service businesses | Booking and ordering modules via TWHQ — first-party, no third-party iframes |
90+ live UK sites across 19 industries.
flowchart LR
A[Free audit] -->|20s · URL only| B[One-page PDF]
B -->|If you want to talk| C[15-min intro call]
C -->|If we both want to proceed| D[Pick a tier]
D -->|£45 · £195 · Bespoke| E[Build + ship]
E -->|Same engineer, same hands| F[Continually maintained]
F -->|Cancel any month| G[You own the result]
style A fill:#fcd34d,stroke:#0b0620,color:#0b0620
style B fill:#fff,stroke:#5b4fe5,color:#0b0620
style C fill:#fff,stroke:#5b4fe5,color:#0b0620
style D fill:#5b4fe5,stroke:#5b4fe5,color:#fff
style E fill:#5b4fe5,stroke:#5b4fe5,color:#fff
style F fill:#5b4fe5,stroke:#5b4fe5,color:#fff
style G fill:#0cce6b,stroke:#0b0620,color:#fff
No sales pitch, no proposal deck, no agency-onboarding theatre. The audit is the pitch. If you want to keep going after reading it, we set up a tier and ship.
| UKWM | Typical UK web agency | |
|---|---|---|
| Pricing model | Subscription, £45 / £195 / quoted | One-off £3k–£15k project + maintenance retainer |
| Setup fee | None | £500–£2,000 |
| Who builds it | One engineer, same one, every month | Junior team, account-manager handover, offshore implementer |
| Code | Hand-crafted Astro, no themes | WordPress + paid theme + 30 plugins |
| Hosting | EU-sovereign edge, included | Shared cPanel hosting at extra cost |
| Updates | Continuous; same engineer | Quarterly review meetings |
| Cancellation | Any month, no penalty | 12-month minimum contract |
| Page speed | 99/100 desktop, 91/100 mobile | Often 30–50 mobile |
| Accessibility | WCAG 2.2 AA built in | Overlay widget bolted on |
| Owner of the site | You, transferred on request after 12 paid months | "Yours" but locked to the agency's hosting and CMS |
| Pricing on the website | Public, visible, simple | "Get in touch for a quote" |
Our own site, captured today on Google PageSpeed Insights:
| Performance | Accessibility | Best Practices | SEO | |
|---|---|---|---|---|
| Desktop |  |
 |
 |
|
| Mobile |  |
|
|
|
→ Verify on Google PageSpeed Insights
What we believe about how a website should be built + run:
- A managed website is infrastructure, not pages. Treating it like project work creates the death spiral of stale, broken, abandoned UK small-business sites. We treat it like the production system it is — same engineer, same hands, every month.
- Speed is a feature. Every 100ms of delay costs you a booking. Core Web Vitals are designed into the first commit, not bolted on at the end.
- Hand-crafted code, AI-assisted velocity. AI writes the boilerplate. We write the parts that matter to your customers.
- EU-sovereign by design. Customer data lives in the EU; no transatlantic data transfers without an explicit business reason.
- Accessibility is built in, not bolted on. WCAG 2.2 AA from day one. If a site needs an accessibility overlay, it isn't accessible.
- One engineer answers your email. No account managers, no offshore handover, no escalation queue.
| Layer | What |
|---|---|
| Framework | Astro — static-first, hand-coded |
| Hosting | EU-sovereign edge, cached globally |
| Payments | Stripe Checkout (UK), live mode |
| Transactional email | Resend with verified custom domain DKIM |
| Booking + ordering | TWHQ — our first-party modules |
| Analytics | Plausible — privacy-friendly, no cookies |
| CRM (Growth Engine tier) | Capsule CRM |
| Search | Pagefind — client-side, no third-party tracking |
| CI / Deploy | GitHub Actions → Vercel; preview deploy per PR |
Accessibility — WCAG 2.2 AA, built in
Every site we ship is built to WCAG 2.2 Level AA. Not via an overlay or accessibility-widget plugin (these reduce accessibility, they don't improve it). Automated checks run on every Vercel preview; manual checks before any prod release.
Affected sectors with named frameworks: healthcare (NHS Service Manual + DAC alignment), legal (SRA), accountancy (ICAEW), schools (KCSIE).
Data protection — GDPR + UK GDPR posture
- Data residency: EU-sovereign hosting, no transatlantic transfers without an explicit business reason
- Cookies: Plausible analytics is cookieless. Marketing cookies only where the customer explicitly opts in
- Subject-access requests: handled directly by the data controller (each tenant of TWHQ services owns their data)
- Sub-processors: declared per service; standard contractual clauses where applicable
Each client site ships with a DPA template + privacy policy template that we maintain.
Sector-specific compliance — SRA · ICAEW · KCSIE · NHS
- SRA (solicitors) — confidentiality posture documented per matter; no third-party JS that exfiltrates form data
- ICAEW (accountants) — same confidentiality posture; sub-processor list reviewed per engagement
- KCSIE (schools) — safeguarding compliance, age-appropriate design, no third-party tracking
- NHS Service Manual (clinics) — design system + content standards aligned; EU data residency
Security — responsible disclosure + supply chain
- Responsible disclosure: email security@ukwebmarketing.com — we acknowledge within 24h, fix or document within 7d
- CSP: tight content-security-policy on every site;
script-src 'self' 'unsafe-inline'only where the platform requires it - Dependencies: Dependabot enabled on every repo; weekly security advisories triaged
- Secrets:
gitleaksruns on every PR; no secrets in commits - CodeQL: SAST on every PR
- HTTPS: HSTS preloaded on all production domains
- Backups: per-service, declared in the tier docs
SOC 2 / ISO 27001 — readiness, not yet attested
We maintain SOC 2 readiness documentation aligned to Common Criteria + the four elective Trust Service Criteria (Availability, Processing Integrity, Confidentiality, Privacy). 17 of 20 Common Criteria are operational; remediation queue is mapped for a future Type I attestation if a client engagement requires it.
We are not currently SOC 2 or ISO 27001 attested. We don't claim either.
A selection from the UKWM blog — sector-specific deep dives on why UK SMB sites fail, and what to do about it:
- 📚 Why your UK clinic website probably breaks GDPR
- ⚖️ Why your UK law firm website probably fails SRA confidentiality
- 🎓 Why your UK school website probably fails KCSIE
- 📊 Why your UK accountancy website probably fails ICAEW confidentiality
- 💰 Why I moved to monthly subscription pricing
- 🚀 When to upgrade Foundation → Growth Engine
| Channel | Where |
|---|---|
| Website | ukwebmarketing.com |
| Free audit | ukwebmarketing.com/audit |
| Direct links | ukwebmarketing.com/links |
| /company/ukwebmarketing | |
| @ukwebmarketing | |
| Profile | |
| Security | security@ukwebmarketing.com |
| General | hello@ukwebmarketing.com |
| +44 7553 070841 |
This GitHub organisation is operated by TicketWave HQ Ltd:
- Company no.: 17143167 (Companies House, England & Wales)
- Registered office: Radley House, Richardshaw Road, Pudsey, Leeds, LS28 6LE, United Kingdom
- VAT: registration pending; quoted prices exclude VAT until registered
Repositories under this organisation are private by default. This .github repo is the only public surface — same pattern Orenva uses. If you're here to verify a claim on ukwebmarketing.com, or to file a security disclosure, every channel you need is above.
Last updated: 2026-06-05 · This page is maintained at ukwebmarketing/.github