B2B SaaS · AI + physical security · PQC-ready
The full security-systems lifecycle, run by AI
Tanstaafl.info is a cloud platform for audit, generative design and 24/7 monitoring of low-voltage systems: fire alarm, evacuation, access control, video surveillance, cabling, building automation. Security is not devices — it is managing probabilities across design → construction → operation.
Why now
The tooling market is fragmented: PSIM, VMS, CMMS and BIM checkers each cover a slice of the lifecycle. Nobody covers it end-to-end — and nobody speaks the regulatory codebase in AI.
Design engineer
Manual device placement, recurring expert-review remarks, clashes with adjacent trades
Installation & service
Paper as-built docs, opaque volumes, false alarms eating the margin
Facility operations
A zoo of disconnected systems and contractor reports instead of independent data
Security & IT security
Physical and information security live apart; audit happens once a year
Owner / developer
Buys adjectives instead of probabilities: risks never priced in money
A platform of five modules
M1 · Audit
MVP coreBIM model (IFC) or a guided survey with photos → checks against a machine-readable rule base → findings map with R = P × C risk scoring and ALARP prioritisation. Every finding cites the exact code clause.
M2 · Design
phase 3Generative placement of detectors, cameras and readers optimising coverage under code constraints; bill of materials in one click; IFC/Revit export.
M3 · Monitoring
phase 2On-site edge gateway with 72-hour autonomy, a digital twin of the building, predictive maintenance, work orders and false-alarm statistics as a first-class metric.
M4 · Quantum module
differentiatorCrypto inventory of the site, prioritisation by secret lifetime, migration plan to post-quantum algorithms with hybrid schemes. Turns the hype into a checklist.
M5 · Identity
phase 4Privacy-first identity: one credential in the form factor of your choice, a consent center, short-lived tokens instead of raw data, and a full access log for personal data.
Differentiation
- The full lifecycle in one product — from audit to operations
- The regulatory base as an AI service: answers cite exact code clauses
- Risks in money (ALE/ROSI), not in traffic-light colours
- Physical and IT security converge into a single event stream
- A post-quantum module — a moat no competitor is digging
- Methodology from a published book: product and content marketing reinforce each other
Roadmap
Timelines are indicative; each phase counts from its funding start. Calendar dates get fixed together with anchor pilots.
Phase 0 · Discovery
~1.5 monthsDigitising the regulatory corpus, interviews with target roles, a clickable audit prototype, design system.
Outcome: Validated scenarios and the MVP backlog
Phase 1 · MVP “Audit”
~3.5–4 monthsPortal, IFC import, rule engine (50–80 rules), findings with R = P × C, PDF reports, AI assistant citing code clauses.
Outcome: A sellable product: paid audits, first pilot clients
Phase 2 · Monitoring
~5 monthsEdge gateway and protocol drivers, event core, live dashboards, maintenance base, predictive v1, mobile inspection rounds.
Outcome: Per-data-point subscription; sites under 24/7 monitoring
Phase 3 · Design + Quantum
~6 monthsGenerative placement, IFC/Revit export, edge video analytics, converged event correlation, the quantum module, on-prem distribution.
Outcome: Full lifecycle; entering design firms and critical infrastructure
Phase 4 · Identity & ecosystem
~8 monthsConsent center and short-lived tokens, a marketplace of rules and templates, a vendor partner programme.
Outcome: A platform ecosystem with a data network effect
Team & participation
We are assembling a compact MVP team — 5–6 people, growing to 10–11 at peak phases. The methodology is published as a book and the product requirements are already written — nothing has to be invented on the fly.
Who we are looking for, by phase
How it works: application → a short call → access to GitLab and the development dashboard → your first ticket from the MVP backlog.
Join the teamFor investors
Stage
Pre-seed. Built on a coherent methodology from a published book and two registered product concepts; the MVP backlog is estimated and ready to start.
Business model
Subscription per data point (camera, door, detector) + one-off audits and design projects + white-label for service companies.
Moat
The regulatory base as an AI service, convergence of physical and IT security, the post-quantum module, and a data network effect in predictive maintenance.
Horizon
MVP in ~3.5–4 months with a team of 5–6; the full platform in 4 phases, ~24 months. Data-point unit economics is the phase-3 goal.
Financial model, effort estimates per phase and current status — on request.
Request detailsContact
Investor, team candidate or pilot client — leave a request and we will reply to your email.
For contributors: once your application is approved you get access to GitLab and the development dashboard on this portal.