RS Rishiom Shah Start a conversation
Software · Cloud · IoT & Data · AI workflow

Production software for messy, real-world systems.

We design, build, and operate full-stack products where backend, AWS cloud infrastructure, IoT data pipelines, mobile/web apps, and AI automation all have to work together — and we leave them documented enough to run without us.

Discuss your project View case studies
☁️ AWS CDK · IoT Core · PostgreSQL in production 📱 Native iOS shipped on the App Store 🔐 Led BSI penetration testing — enterprise platform 🍎 Apple Developer · WWDC26, Cupertino 🧠 Private, on-device & agent AI pipelines 📈 12+ years delivering production software
12+ yrs
Delivering production software across cloud, IoT, mobile & AI
5
Flagship builds across IoT, mobile, AI & marketplace
7-stack
AWS CDK deployment, VPC → IoT, in production
Full-stack
Backend · cloud · mobile · web · data · AI
What we help with

One engineer, the whole stack — from cloud foundation to shipped product.

Most projects don't fail at the screen layer. They fail in the plumbing: broken data paths, fragile infrastructure, demo-ware standing in for real systems. That's the work we're built for.

Custom software development

Web apps, dashboards, admin portals, APIs, mobile workflows, and early-stage SaaS products — built to be maintained, not just demoed.

AWS cloud architecture & management

Infrastructure-as-code with AWS CDK, secure networking, serverless APIs, managed databases, IoT, observability, and real cost control.

IoT & data platforms

Device onboarding, LoRaWAN/Sigfox/TTN ingestion, payload decoding, time-series storage, alerting, and multi-tenant analytics.

AI workflow engineering

Local/private transcription, AI summarisation, agent control layers, MCP tooling, human-approval gates, and automation pipelines.

Product rescue & modernization

Replace mock/demo flows with real systems, fix broken data paths, consolidate schemas, harden security, and document the residual risk.

Security & reliability

JWT/OAuth, RLS & tenant isolation, KMS/secrets handling, webhook auth, audit trails, and release gates that prevent bad ships — backed by a completed BSI penetration-testing engagement on an enterprise platform.

Selected work

Five builds that show range — and depth.

Each is an anonymised look at a proprietary engagement: the problem, what we built, the stack, and the business outcome. Together they cover IoT & cloud, native mobile, marketplace SaaS, applied AI, and early product engineering. Client and product names are withheld by default.

01

Enterprise IoT & Operational-Intelligence Platform Multi-tenant · in production

Proprietary client engagement · platform & data-systems engineering

A multi-tenant data platform that turns raw telemetry from wireless sensors and external feeds into reliable alerts, reports, and sustainability/ESG intelligence for enterprise clients.

The problem

Businesses collect data from meters, sensors, and external feeds, but it lands in disconnected systems. The hard part isn't a dashboard — it's turning noisy, multi-protocol telemetry into normalised, trustworthy, tenant-isolated intelligence that owners can actually act on.

What we built

  • A single, unified multi-tenant ingestion & processing pipeline — normalise → device lookup → codec decode → validate → store → calculate — serving all clients (no per-client code forks).
  • Data architecture on PostgreSQL 16 with TimescaleDB time-series, pgvector for AI search, and Row-Level-Security tenant isolation across a 6-tier role model.
  • Multi-protocol IoT ingestion: LoRaWAN, The Things Network webhooks, Sigfox, AWS IoT Core rules, and a registry of 26+ device codecs plus a TTN-style JS decoder editor for partners.
  • A composable, entitlement-gated product suite — Things Manager, energy & environmental monitoring, reporting, alerting, Analysis Studio, and NLQ/AI — gated by a Stripe-backed entitlement engine.
  • Pipeline remediation: replacing demo-ware with verified end-to-end data paths, fixing schema drift, and registering real gateways/devices in AWS IoT Core.
Outcome: the client gets a single, trustworthy source of operational truth — telemetry they can act on, ESG and sustainability reporting they can stand behind, and one multi-tenant platform that onboards new customers without a rebuild, all running at a predictable, controlled operating cost.
AWS CDK (Python)IoT Core / LoRaWANPostgreSQL 16TimescaleDBpgvectorKinesisEventBridgeLambdaAPI GatewayCognitoKMSReact + Vite
Sensors · LoRaWAN TTN · Sigfox · CSV IoT Core /API Gateway Normalise Decode (codecs) Validate PostgreSQL 16 +TimescaleDB (RLS) Calc enginedelta · cost · CO₂ Dashboards& reports Alerts &anomaly NLQ / AI+ MCP PartnerAPIs
Unified multi-tenant ingestion → time-series store → intelligence
7
AWS CDK stacks (VPC→IoT)
26+
Device codecs + JS editor
6-tier
RBAC w/ partner nesting
Multi-tenant
One pipeline, RLS isolation
02

AI Agent Governance & Mobile Control Platform Native iOS · App Store

Proprietary engagement · backend, iOS, IDE extension, MCP & web

A mobile-first human-approval & control layer for AI agents and developer workflows — approve risky actions, watch what agents do, and stop runaway work from your phone with Face ID.

The problem

As AI coding agents get more autonomous, teams need a governance layer: approve sensitive actions, maintain an audit trail, and intervene in real time — without slowing developers down. This spans native mobile, backend, realtime, and developer tooling.

What we built

  • A Go + Fiber backend with 47 API endpoints, three pairing/auth flows (GitHub OAuth, device-code, QR handshake), approval APIs, sessions, telemetry, WebSocket/SSE, and background workers.
  • A SwiftUI iOS app — 20+ feature views, 5 core services — with QR pairing, realtime approvals, diff review, haptics, offline persistence, and push.
  • A TypeScript MCP server (13 tools): auth, approval requests, heartbeats, checkpointing, notifications, usage reporting, kill-agent, and project-memory.
  • A VS Code / IDE extension with a gRPC sidecar and a 3-layer policy engine for deterministic approval detection and session analytics.
  • Realtime & push on WebSockets/SSE + Supabase Realtime + APNs, plus a full release control plane (manifest, ledger, integrity/secret/version guards) across iOS, backend, MCP, extension, web & docs.
Outcome: teams can adopt autonomous AI agents with confidence — sensitive actions are approved by a human in seconds from a phone, every decision is logged for audit, and runaway work can be stopped in real time, without slowing developers down.
Go + FiberSQLcSwiftUISupabase (PostgreSQL/RLS)TypeScriptMCPgRPCWebSocket / SSEAPNsStripe + Apple IAPAstro
AI agent / IDEVS Code · CLI MCP server +policy engine Go backendapprovals · auth · telemetry iOS appFace ID approve/deny Realtime + pushWS/SSE · APNs approval decision ↩
Agent → MCP/policy → backend → phone → decision returns to the agent
47
Backend API endpoints
13
MCP tools
20+
iOS feature views
5
Coordinated release surfaces
03

Studio Discovery & Booking Marketplace Marketplace SaaS

Proprietary client engagement · product engineering

A B2B operating system for recording studios plus an equipment-aware discovery marketplace for artists — replacing WhatsApp, spreadsheets, and opaque pricing.

The problem

Studios manage bookings across fragmented tools (Calendar, Excel, WhatsApp) — double-bookings and lost revenue. Artists can't find a room with the specific gear they need. There's no smart layer connecting supply and demand.

What we built / designed

  • A studio "OS": a proprietary native calendar/booking engine with multi-timezone slots, configurable booking governance, and an Email/SMS/Push notification matrix.
  • An equipment-aware discovery marketplace — search by city, room, and specific gear — with payments (Razorpay/Stripe), reviews, and an airline-style add-on/upsell flow.
  • A data-seeding & verification pipeline (Google Places + catalogue scraping) that populated 1,160+ studios and 3,260+ equipment items.
  • A written MongoDB → PostgreSQL/PostGIS migration assessment covering geospatial search, full-text search, nested data modelling, and service-layer rewrites.
Outcome: studios replace double-bookings, spreadsheets, and WhatsApp with one system that protects revenue and fills idle rooms, while artists can finally find and book a room by the exact gear they need — a two-sided marketplace with payments, tax automation, and verified supply built in from day one.
Python / FastAPINext.js 14TypeScriptPostgreSQL / PostGISSQLAlchemy (async)Tailwind + shadcn/uiTanStack QueryJWTRazorpay / StripeDockerAWS CDK

Domain modelled

StudiosRoomsEquipmentBookingsCalendarsNotificationsPaymentsInvoicing & GSTUpsellsIntelligence layer
1,160+
Studios seeded & verified
3,260+
Equipment items catalogued
B2B→B2C
Own the calendar, own the inventory
p99 <100ms
API latency target
04

Private On-Device Speech-AI & Transcription System Privacy-first · on-prem

Proprietary engagement · applied-AI systems

An applied-AI engineering build that turns raw recordings into clean, speaker-labelled transcripts and structured meeting intelligence — running entirely on local GPU hardware, with no cloud transcription cost and no audio leaving the environment.

What we built

  • An automated pipeline: record/upload → WhisperX (large-v3 int8) → diarization → cleanup → polished transcript → AI summary, running locally on a CUDA/PyTorch stack with strict GPU-memory guardrails.
  • Multiple entry points — a web UI, a secure remote-upload path for phone/tablet, a folder watcher for drop-in automation, and a CLI for scripting.
  • AI summarisation orchestrated across multiple models to produce structured notes, decisions, and action items from meetings and conversations.
  • Privacy enforced by architecture: audio and transcripts never cross the host boundary — only counts, hashes, and receipts do — so it holds up where cloud transcription is a compliance non-starter.
Outcome: demonstrates applied-AI engineering well beyond prompting — local GPU inference, speech-to-text, diarization, multi-model summarisation, and hard privacy boundaries — the foundation for organisations that need accurate transcripts and meeting intelligence without sending audio to the cloud.
PythonWhisperXpyannote (diarization)PyTorch / CUDALocal GPU inferenceMulti-model LLMs

Pipeline

Record / WhisperX Diarize+ clean Transcript AI summary
$0
Cloud transcription cost
On-device
No audio leaves the environment
05

Multi-Channel Digital-Marketing SaaS 2015 – 2017

Product & web engineering · India

Where the full-stack foundation was built: customer-facing web software inside a small product company, shipping real features for real SMB users.

  • A multi-channel digital-marketing platform spanning SMS, email, and social campaigns.
  • Campaign creation and audience targeting across diverse customer profiles.
  • Forms for customer feedback and reviews.
  • Reporting for ROI, customer acquisition, and campaign performance.
  • Data-led iteration on targeting and marketing effectiveness.
  • Early grounding in SaaS delivery and the real expectations of small-business users.
Web developmentSaaS productCampaign engineReportingSMB customers
AWS cloud management

We design, build, secure, and operate AWS-backed systems — and keep the bill honest.

Not just "we've used Lambda." End-to-end ownership: architecture, infrastructure-as-code, security, deployment, observability, cost control, and a handover the next engineer can actually use.

Infrastructure as code

  • AWS CDK in Python
  • Reproducible multi-stack environments
  • Clean cross-stack boundaries (string ARNs, no cyclic deps)
  • Terraform for lock-in mitigation

Networking & security

  • VPCs, public/private/isolated subnets, security groups
  • KMS CMKs, Secrets Manager, SSL/TLS enforcement
  • IAM least-privilege roles & policies
  • Webhook authentication, constant-time secret compares

Compute & APIs

  • Lambda (in- and out-of-VPC patterns)
  • API Gateway, proxy integration, custom routers
  • Background workers & migration Lambdas
  • Cold-start & cost-aware design

Data & state

  • RDS PostgreSQL 16, TimescaleDB time-series
  • ElastiCache / Redis caching
  • S3 data lake, uploads & reports
  • Migrations, schema-drift elimination, RLS

Events & IoT

  • AWS IoT Core & IoT Wireless (LoRaWAN)
  • IoT rules → Kinesis / EventBridge
  • TTN / Sigfox-style ingestion + decoders
  • Real device & gateway registration

Auth, ops & observability

  • Cognito, JWT, RBAC, tenant isolation
  • CloudWatch logs, SNS alerts, Grafana
  • Staging/prod separation & deploy verification
  • CloudFront, SES; release & cost guardrails

Hands-on with

CDKCloudFormationLambdaAPI GatewayRDS PostgreSQLElastiCache / RedisS3KMSSecrets ManagerSSMCognitoKinesisEventBridgeIoT CoreIoT Wireless / LoRaWANCloudWatchCloudFrontSESSNSVPCIAM
12

From demo-ware to a real, verified pipeline

On an enterprise IoT platform, our team led a remediation that resolved 12 high-severity issues across the React frontend, Python backend, and AWS CDK infrastructure — wiring real LoRaWAN/TTN ingestion, registering gateways in AWS IoT Core, eliminating a production schema drift that would have rejected every uplink, and securing a previously open webhook. The kind of "make it actually work end-to-end" that separates a clean deploy from a system the client can trust.

How we can help on AWS

01

Architecture audit

Find cost, security, reliability & maintainability risk — with a prioritised fix list.

02

Migration plan

Rehost / replatform / refactor decisions per workload, sequenced realistically.

03

IoT ingestion setup

Connect devices & networks, decode payloads, store, alert, and expose dashboards.

04

SaaS backend build

Auth, APIs, schema, admin tools, billing hooks, logging & deployment.

05

Reliability rescue

Replace mocks, fix broken data paths, document residual risk, clean handover.

Capability matrix

What we bring — and the evidence behind it.

AreaDepth & evidence
AWS cloudCDK/IaC, VPC & subnets, KMS, Secrets Manager, S3, Lambda, API Gateway, RDS PostgreSQL, Redis/ElastiCache, Kinesis, EventBridge, IoT Core/Wireless, Cognito, SES/SNS, CloudWatch, CloudFront — with real cost control & deploy verification.
Backend / APIsGo (Fiber, SQLc) and Python (FastAPI); REST APIs, auth, RBAC, webhooks, background workers, async processing, idempotent writes, data validation.
IoT & data pipelinesLoRaWAN, Sigfox, TTN webhooks, IoT Core rules, 26+ payload codecs, telemetry normalisation, time-series (TimescaleDB), gateway/device provisioning, signal-quality APIs, alerting.
Frontend / productReact/Vite, Next.js, TypeScript, SwiftUI; admin dashboards, mobile approval flows, booking flows, data-manager UIs, responsive customer portals.
AI & automationMCP tooling, agent approval & policy gates, local transcription (WhisperX), diarization, multi-model summarisation, telemetry, file automation.
Security & opsJWT/OAuth, RLS & tenant isolation, KMS/secrets handling, audit trails, webhook auth, rate limits, release/integrity gates, privacy-safe local processing — and a completed BSI penetration-testing engagement on an enterprise application.
Product & deliveryB2B SaaS design, marketplace mechanics, entitlement/module design, monetisation paths, migration assessments, and buyer-risk reduction.
How we work

Built to reduce your risk, not add to it.

B2B buyers aren't only asking "can they build it?" They're asking: will this team understand my business, own the technical mess, communicate clearly, protect our data, and ship without creating a new problem? Here's how we answer that.

Clarify the real problem

Start from the business outcome and the failure points — not a feature list. Map the system before touching it.

Choose a practical architecture

Pick the simplest thing that's correct, portable, and affordable. IaC by default; no console-click snowflakes.

Ship in visible increments

Working software in stages, so you can see progress and steer — instead of a big-bang reveal at the end.

Make it real, not demo-ware

Replace mocks with verified end-to-end data paths. If it's wired to look done, we prove it actually is.

Instrument & secure it

Logs, alerts, auth, secrets, tenant isolation, and release gates so problems surface early and safely.

Document the handover

Architecture notes, decision logs, and runbooks another developer can actually operate from.

About

Twelve years from electronics & telecom to cloud, IoT, and AI systems.

An electronics & telecommunications foundation, postgraduate training in big-data management, and twelve years shipping production software — now leading a team focused where infrastructure, data, and product meet.

  • JUL 2025 — PRESENT

    Founder & Technical Lead

    AI-native software studio — remote, worldwide

    Lead a senior team delivering proprietary software for clients — cloud platforms, native mobile, and applied-AI systems — using an AI-native development workflow to ship production-grade products at startup speed, with security and clean handover built in.

  • JUN 2019 — PRESENT

    Head of Data Management

    Enterprise IoT & sustainability platform — Ireland

    Lead platform & data-systems work on an IoT-led analytics and ESG platform: ingestion pipelines, multi-tenant data architecture on AWS, and operational intelligence for enterprise customers.

  • JAN 2015 — MAR 2017

    Product & Web Engineer

    Multi-channel digital-marketing SaaS — India

    Built customer-facing features for a multi-channel digital-marketing SaaS product: campaigns, targeting, feedback/review forms, and performance reporting for SMB users.

Education

MSc — Big Data Management & Data Analytics
Postgraduate · Ireland
Higher Diploma in Science in Computing
Ireland
B.E. — Electronics & Telecommunications Engineering
India

Recognition & credentials

BSI penetration testing — enterprise application
Led & completed the engagement end-to-end
Apple Developer Program
Invited to WWDC26 · Cupertino

Best fit for

Clients who need a hands-on technical partner for real-world systems — cloud infrastructure, data flows, IoT devices, internal tools, automation, or an early SaaS product that needs to become reliable enough for customers.

Let's talk

Have a system that needs to actually work?

Tell us what you're building or what's stuck. We'll map the relevant parts of our experience to your project and give you a straight read on scope, risk, and the best way in.

Email us Connect on LinkedIn
rishiom@orbiterdev.ai
linkedin.com/in/rishiom
Based in Ireland · available worldwide (remote)