Maintenance & Support Services

Maintenance and support services at NerdHeadz go beyond break-fix tickets and version bumps. Software maintenance is the discipline of keeping production applications secure, performant, and aligned with the business they serve — and most teams underestimate what it takes until something breaks at 2am. We offer two distinct maintenance models: hourly retainer engineering for teams that need a human who knows the codebase, and self-healing bots plus automated monitoring for systems that should recover without a phone call. Both models are built on the same principle: catching problems before your users do.

What software maintenance actually covers

Maintenance is not "fix bugs when they appear." Real software maintenance includes security patches — framework CVEs, library updates, dependency audits — that arrive whether you're ready or not. It includes infrastructure upgrades: Node version bumps, database schema migrations, SSL certificate renewals, hosting provider changes. It covers performance degradation: slow queries that crept in over six months, memory leaks that only surface under load, third-party API endpoints that quietly doubled their response time. And it includes the steady stream of user-reported issues and feature requests that weren't in the original scope but now matter more than anything that was.

Most teams underestimate the volume. An active production application typically requires ten to twenty percent of its original build cost per year in maintenance. Skipping it is cheaper for exactly eighteen months — then someone says "we need a full rewrite" and the bill comes due at three times the original.

Two maintenance models, one decision framework

Hourly retainer engineering. A NerdHeadz engineer on call for fixes, features, code reviews, and investigations — billed at sixty dollars per hour in monthly blocks or per-incident. This model works for active products with ongoing change requests, teams that need someone who already knows the codebase, and any system where the failure mode is ambiguous and needs human judgment. Most retainer clients average ten to twenty-five hours per month. We don't sell unused hours as profit — overages bill at the same rate, and underages don't accumulate indefinitely. The retainer pairs naturally with custom software development since most maintenance volume supports systems we originally built.

Self-healing bots and automated monitoring. For clients with simpler systems — or as an add-on to an hourly retainer — we deploy monitoring and watcher scripts that detect failures and recover automatically. Uptime watchers restart a dead Node process before anyone notices. Health-check loops reboot a service if a port stops responding. Disk-space monitors clear logs before they fill the volume. Alert chains escalate to Telegram or email only when automated recovery fails. The setup cost is one-time, with an optional monthly check-in. This model pairs well with selfware deployments where the client runs the app day-to-day but wants an automated safety net underneath.

When maintenance actually matters

• Works well: active production systems with real users who depend on them daily. Anything with external dependencies that update on their own schedule — OAuth providers, payment APIs, AI model deprecations. Compliance-sensitive systems under SOC 2, HIPAA, or PCI requirements where unpatched software is a liability. Teams without dedicated internal engineering capacity who need a reliable external partner.
• Usually doesn't work: dead projects where "maintenance" is code for "we're not investing but we're scared to shut it down" — we will tell you to sunset it. Systems where the original scope was so unstable that maintenance actually means continuous redesign — price that honestly as a new build instead. Clients who want 24/7/365 on-call coverage at retainer rates — that is an operations team, not a maintenance contract.
• Doesn't work: maintenance as a substitute for building it right the first time. We maintain what we shipped and what other teams shipped, but the smaller the original build budget was, the more expensive each maintenance hour becomes per feature. If the foundation is unsound, the honest recommendation is a targeted rebuild.

What we monitor

Specific layers we track on maintained systems: uptime and response time on all public endpoints, error rates via Sentry, memory and CPU trajectory over weeks not just minutes, database query timings and index utilization, deploy pipeline health, dependency vulnerability feeds through Dependabot or Snyk, and SSL certificate expiry windows. Alerts are tuned to avoid noise — a CPU spike at 3am only wakes someone up if it stays spiked. Clients get monthly reports on system health and a prioritized list of recommended work.

Related services

Selfware is the build-it-right-first-time counterpart to maintenance — if you would rather own and extend the tool yourself with AI, selfware projects pair well with self-healing bots instead of hourly retainers. Custom software development covers the initial build before we maintain it. AI-assisted development accelerates feature work on maintained systems — AI-assisted delivery compounds speed the longer we are on a codebase. Web development covers web-application maintenance specifically — authentication, dashboards, APIs, and backend-heavy work. Mobile development handles app-store updates, SDK migrations, and iOS/Android version bumps on maintained mobile apps. Cloudflare Tunnel handles origin exposure on every site we maintain — combined with R2 backups and edge cache, the operational layer stays small.