Busy firms where the website, email, and payment flows have grown in pieces over time. You need uptime, clear logs, and security that keeps pace with growth without dragging staff into endless meetings.
The mission behind Ki-Ki
Ki-Ki exists to sort the web foundations for organisations that do real work in the world. Websites stay online, email reaches the right inbox, and the Cloudflare edge behaves itself, so leaders can focus on people and decisions instead of mystery outages.
Everything is built around one simple goal. Make your digital estate less fragile and less confusing, with security that matches your size, your exposure, and your budget, backed by logs and documentation that can stand in front of trustees, regulators, or funders.
Web, email, and Cloudflare sorted
from DNS and TLS to firewall rules and logging
Built for real world constraints
SMEs, charities, food banks, sole traders, community projects
Evidence grade by default
clear change records, annotated screenshots, traffic insight
High standard, proportionate cost
Cloudflare and web operations
Privacy and governance aware
Evidence first, no theatrics
What Ki-Ki exists to do
Keep your web foundations boring and reliable
Most problems that keep leaders awake are simple at their core. Forgotten DNS records, email that silently fails, misconfigured Cloudflare rules, no single picture of who controls what. Ki-Ki exists to bring that mess into one place and make it predictable.
The work covers domains, DNS, TLS, hosting, email routing, Cloudflare configuration, and traffic logging. The aim is stability. Your website loads, your forms deliver, and your edge behaves in a way that can be explained in plain English.
When something does go wrong, there is a clear trail. You can see what happened, who changed what, and how long it took to recover.
Give leaders a truthful view of risk
Many security reports are written to impress, not to inform. Ki-Ki takes the opposite route. You get a direct view of where you are fragile, where things are already solid, and which fixes matter most for the money and time you actually have.
That means fewer unknowns and fewer surprises. No theatrical language, no inflated threat stories, only practical risk, ranked by impact and effort, in a format leaders and trustees can actually use in meetings.
This approach runs through the public investigations on The Reasonable Adjustment and through every private engagement at Ki-Ki.
Who Ki-Ki is for
Ki-Ki is built for organisations that do not have a full time security team but still carry real responsibility. If you are accountable for people, money, data, or public trust, you are the right size for this work.
-
SMEs and growing businesses
-
Charities, food banks, and community projects
Organisations that live close to the edge on funding and staffing, yet handle sensitive stories and vulnerable people every day. You need simple, reliable protection plus support that respects tight budgets and volunteer time.
-
Sole traders and small teams
Trades, professionals, and micro businesses that rely on a single website or booking form to keep work flowing. One misconfigured setting can cost real money. Ki-Ki helps you avoid that cliff edge.
-
Boards, trustees, and senior leaders
People who sign their name on risk registers and annual reports. You need assurance that is grounded in real telemetry, not vague statements. Ki-Ki gives you evidence you can show to audit, regulators, funders, or scrutiny committees.
How Ki-Ki delivers the mission
The mission is delivered through practical work on your stack, not through slide decks. Each engagement focuses on a clear scope, clear outputs, and changes that will still make sense in six months.
-
Web foundations sorted end to end
Domains, DNS, email routing, hosting, and website configuration are reviewed as one system. Shadow accounts, forgotten logins, and risky shortcuts are identified and normalised into a coherent, documented setup.
-
Cloudflare security and edge hardening
Ki-Ki specialises in Cloudflare. Firewall rules, rate limiting, bot mitigation, TLS, caching, and workers are tuned to match your threat profile. The goal is a quieter, cleaner edge that catches bad traffic without blocking real users.
-
Evidence grade logging and analytics
Logging is treated as part of governance, not an afterthought. You get traffic insight that explains who is reaching your site, how automated probes behave, and what changed when incidents occur. Where possible, analytics setups are kept privacy friendly and proportionate.
-
Secure channels for sensitive reports
Some organisations handle whistleblowing, safeguarding concerns, or other sensitive disclosures. Ki-Ki supports secure contact paths, including PGP based workflows such as the Ki-Ki secure PGP page and the open source whistleblower PGP tool.
Principles that shape the work
Ki-Ki is founder led. The same person who writes the proposal reads your logs and changes your configuration. That keeps the work honest and the mission on track.
Reality first
Work begins from the systems you already run, the staff you already have, and the budget you can actually justify. No fantasy architectures, only upgrades that fit your context.
Plain language, precise detail
Leaders get explanations in normal language. Underneath that sits precise technical detail, ready for internal teams, auditors, or regulators who want to see the workings.
Documentation as part of the job
Changes are documented with enough clarity that someone else can understand them later. That includes screenshots, change notes, and references back to agreed priorities.
Privacy and governance aware
Ki-Ki treats privacy, logging, and data retention as part of risk, not decoration. Wherever possible, setups are aligned with good practice and with the governance realities you face.
High standard work, proportionate pricing
The mission is to bring solid security and operational thinking to organisations that are usually priced out. The founder launch offer and support for food banks and community projects reflect that.
What Ki-Ki will not do
- Ki-Ki will not sell you a bigger or more complex stack than you can realistically maintain.
- Ki-Ki will not hide uncertainty. If something is unclear, you will be told, along with practical options for next steps.
- Ki-Ki will not bury you in unused dashboards or vanity metrics that do nothing for real risk.
Social purpose and the link to The Reasonable Adjustment
Ki-Ki is one half of a wider project. The other half is The Reasonable Adjustment, a public interest site that publishes evidence based investigations into governance, data handling, and digital practice.
The same mindset runs through both platforms. If something is claimed, it needs receipts. Logs, FOI disclosures, SAR responses, screenshots, policy extracts. This evidence first approach keeps Ki-Ki grounded. Client work is private, but the standard is shaped by public pieces that anyone can read and test.
Ki-Ki also has a social purpose. It exists to make competent, proportionate security available to organisations that usually get ignored, under served, or overcharged. That includes community projects that run on donations, food banks that operate on a knife edge, and small firms that carry real responsibility without a full technical team.
If you want to see how investigations are handled in public, you can visit The Reasonable Adjustment and read through opsec reviews, data rights write ups, and traffic analysis pieces that inform the work at Ki-Ki.
What success looks like for this mission
Success at Ki-Ki is not about the number of clients on a slide. It is about what changes for the organisations that come through the work.
- Your website and email become predictable instead of fragile or mysterious.
- Incidents, probes, and odd traffic patterns are visible in logs, not guessed at from symptoms.
- Leaders can explain their web risk position in normal language, supported by real data.
- Boards and trustees have something concrete to read before they sign off risk registers.
- Staff and volunteers know where to go when something looks wrong and who is accountable.
- Regulators, funders, and partners see that you take digital risk seriously in a practical, proportionate way.
If this mission matches what you need
If you are responsible for a website, digital estate, or Cloudflare edge and you are not completely sure how it all hangs together, that is a good time to talk.
You do not need a perfect brief. A clear outline of what you run today, where you feel exposed, and any hard constraints on budget or time is enough for a first conversation.