B2B SaaS · AI + physical security · PQC-ready

The full security-systems lifecycle, run by AI

Tanstaafl.info is a cloud platform for audit, generative design and 24/7 monitoring of low-voltage systems: fire alarm, evacuation, access control, video surveillance, cabling, building automation. Security is not devices — it is managing probabilities across design → construction → operation.

Why now

The tooling market is fragmented: PSIM, VMS, CMMS and BIM checkers each cover a slice of the lifecycle. Nobody covers it end-to-end — and nobody speaks the regulatory codebase in AI.

Design engineer

Manual device placement, recurring expert-review remarks, clashes with adjacent trades

Installation & service

Paper as-built docs, opaque volumes, false alarms eating the margin

Facility operations

A zoo of disconnected systems and contractor reports instead of independent data

Security & IT security

Physical and information security live apart; audit happens once a year

Owner / developer

Buys adjectives instead of probabilities: risks never priced in money

A platform of five modules

M1 · Audit

MVP core

BIM model (IFC) or a guided survey with photos → checks against a machine-readable rule base → findings map with R = P × C risk scoring and ALARP prioritisation. Every finding cites the exact code clause.

M2 · Design

phase 3

Generative placement of detectors, cameras and readers optimising coverage under code constraints; bill of materials in one click; IFC/Revit export.

M3 · Monitoring

phase 2

On-site edge gateway with 72-hour autonomy, a digital twin of the building, predictive maintenance, work orders and false-alarm statistics as a first-class metric.

M4 · Quantum module

differentiator

Crypto inventory of the site, prioritisation by secret lifetime, migration plan to post-quantum algorithms with hybrid schemes. Turns the hype into a checklist.

M5 · Identity

phase 4

Privacy-first identity: one credential in the form factor of your choice, a consent center, short-lived tokens instead of raw data, and a full access log for personal data.

Differentiation

  1. The full lifecycle in one product — from audit to operations
  2. The regulatory base as an AI service: answers cite exact code clauses
  3. Risks in money (ALE/ROSI), not in traffic-light colours
  4. Physical and IT security converge into a single event stream
  5. A post-quantum module — a moat no competitor is digging
  6. Methodology from a published book: product and content marketing reinforce each other

Roadmap

Timelines are indicative; each phase counts from its funding start. Calendar dates get fixed together with anchor pilots.

Phase 0 · Discovery

~1.5 months

Digitising the regulatory corpus, interviews with target roles, a clickable audit prototype, design system.

Outcome: Validated scenarios and the MVP backlog

Phase 1 · MVP “Audit”

~3.5–4 months

Portal, IFC import, rule engine (50–80 rules), findings with R = P × C, PDF reports, AI assistant citing code clauses.

Outcome: A sellable product: paid audits, first pilot clients

Phase 2 · Monitoring

~5 months

Edge gateway and protocol drivers, event core, live dashboards, maintenance base, predictive v1, mobile inspection rounds.

Outcome: Per-data-point subscription; sites under 24/7 monitoring

Phase 3 · Design + Quantum

~6 months

Generative placement, IFC/Revit export, edge video analytics, converged event correlation, the quantum module, on-prem distribution.

Outcome: Full lifecycle; entering design firms and critical infrastructure

Phase 4 · Identity & ecosystem

~8 months

Consent center and short-lived tokens, a marketplace of rules and templates, a vendor partner programme.

Outcome: A platform ecosystem with a data network effect

Team & participation

We are assembling a compact MVP team — 5–6 people, growing to 10–11 at peak phases. The methodology is published as a book and the product requirements are already written — nothing has to be invented on the fly.

Who we are looking for, by phase

Rails engineer (portal core and API) Python ML engineer (rule engine, RAG, predictive) Rust/C embedded (edge gateway, protocol drivers) Elixir engineer (event core) Node/React engineer (frontend, integrations, reports) QA engineer (regulatory and AI circuits) DevOps (IaC, environments, on-prem builds)

How it works: application → a short call → access to GitLab and the development dashboard → your first ticket from the MVP backlog.

Join the team

For investors

Stage

Pre-seed. Built on a coherent methodology from a published book and two registered product concepts; the MVP backlog is estimated and ready to start.

Business model

Subscription per data point (camera, door, detector) + one-off audits and design projects + white-label for service companies.

Moat

The regulatory base as an AI service, convergence of physical and IT security, the post-quantum module, and a data network effect in predictive maintenance.

Horizon

MVP in ~3.5–4 months with a team of 5–6; the full platform in 4 phases, ~24 months. Data-point unit economics is the phase-3 goal.

Financial model, effort estimates per phase and current status — on request.

Request details

Contact

Investor, team candidate or pilot client — leave a request and we will reply to your email.

For contributors: once your application is approved you get access to GitLab and the development dashboard on this portal.