Skip to main content
Systems operational · Nordic compliance & AI

Builders
move fast.Compliance debt doesn't wait.

Blueberry catches what builders miss — the security gaps, accessibility failures, and regulatory blind spots that nobody thinks about until it's too late.

Book a call See how it works
Marcus Björke
Compliance status
GDPR ArchitectureACTIVE
Field EncryptionACTIVE
MFA + AccessACTIVE
CloudflareACTIVE
Your prototypeEXPOSED
The problem

Most founders discover the compliance gap too late.

Prototype debt

AI tools like Lovable make prototyping effortless. What they don't handle: unsecured API keys, non-compliant data storage, regulatory exposure, and fragile architecture that collapses under real-world load.

10×Cost to fix bad architecture post-launch vs. building it right

Regulatory exposure

GDPR violations carry fines up to 4% of global annual turnover. A single misconfigured database can expose thousands of records. Most founders discover this after a breach, an inquiry, or when a serious client asks for a security audit.

4%Maximum GDPR fine as share of global annual turnover
We don't replace your compliance auditor. We make sure you're not embarrassed when they arrive.
Frameworks we screen for — and flag when missing
GDPR eIDAS / OIDC PCI-DSS KYC / AML NIS2 ISO 27001 WCAG
What we do

We take your prototype. We make it production.

GDPR Architecture

Compliance by design. Data residency, consent flows, retention policies built in from day one.

Security Hardening

Field-level encryption, MFA, access controls, Cloudflare. Bank-grade for non-bank budgets.

Regulatory Screening

We catch the obvious failures across GDPR, eIDAS, PCI-DSS, KYC/AML, NIS2, ISO 27001 and WCAG — and escalate to specialists when depth is needed.

Architecture Review

We audit what you've built, identify the risk surface, and create a remediation roadmap.

Ongoing Retainer

Compliance isn't a one-time fix. Monthly retainers keep you current as regulations evolve.

Your Accounts. Always.

We build in your name. Your Cloudflare, your Supabase, your infrastructure. If you ever stop working with us, nothing breaks and nothing disappears.

We don't hold the keys. We help you use yours.
In practice

Proof that it works.

Finnish Financial Institution
Financial Services · Finland
100% Compliant

Ongoing retainer client. Reference available on request under NDA.

Challenge

National financial institution operating under FIN-FSA oversight, GDPR, and sector-specific financial regulation. Existing prototype had unsecured data handling, no MFA, no audit trail, and no documentation adequate for regulatory inspection.

What we delivered

Field-level encryptionMFAGDPR architectureAutomated audit trailCloudflare migrationDPA complianceFIN-FSA readinessRegulatory documentation

Outcome

Fully compliant system in production, meeting both GDPR and FIN-FSA documentation requirements. Zero disruption to operations. Now running on an ongoing compliance retainer.

Work with us

One way in. A conversation.

// Compliance retainer — for serious founders & enterprises

Let's look at what you've built.

Every engagement starts with an honest look at what you've built. We'll tell you what the obvious risks are, what we can fix, and when you need a deeper specialist. No upselling. No false reassurance.

Your accounts. Your data. Your system. We just make it compliant.

Bespoke pricing — contact us for a quote
→ Book a call
Who we are

One person. The whole stack.

Blueberry is Marcus Björke — 25+ years across fintech, UX, and software delivery, with formal training in Human-Computer Interaction. Not a generalist agency. A specialist who has seen what happens when compliance is ignored — and who knows how to fix it before the consequences arrive.

We operate from the Åland Islands — at the intersection of Nordic compliance culture, Finnish regulatory rigour, and real-world engineering. Small enough to be focused. Experienced enough to know where the risks are buried.

Our deepest expertise is in accessibility and UX — but 25 years of delivery means we've seen what happens when security, privacy and regulatory requirements are ignored. We know what to catch early, and we know when to bring in a specialist.

"Ship. Learn. Evaluate."
"We don't hold the keys. We help you use yours."
Marcus Björke
Marcus Björke
Founder · Blueberry Maybe Ab Ltd
  • AI Engineering — agents, prompting, pattern recognition
  • UX & Human-Computer Interaction (MSc)
  • Security, compliance & regulatory screening
  • 25+ yrs fintech — seen what breaks in production
  • GDPR · FIN-FSA · eIDAS · PCI-DSS · WCAG
Lemland, Åland Islands, Finland