When you're buying software, half the battle is the vocabulary. This glossary defines — in plain English — the terms you'll meet in every scoping call, proposal and project plan. Written for founders, operations leaders and buyers, not developers. Bookmark it.
A defined way for two pieces of software to talk to each other, usually over the internet. When you see "Stripe API" or "Xero API", it means those products expose a programmatic interface that other software can call to read or write data.
An AI system that doesn't just answer questions but takes actions — calling your APIs, updating records, sending emails — usually chained together by a large language model. Different from a chatbot, which only talks.
Software built specifically for one organisation's workflows, rather than sold off-the-shelf to many customers. Also called custom software or tailored software. Logic Racks builds bespoke software — see Bespoke Software Development.
Continuous Integration / Continuous Deployment. The automated pipeline that tests code the moment it's committed and ships it safely to production. A working CI/CD pipeline is what turns "we deploy once a month" into "we deploy ten times a day".
Content Management System. A tool that lets non-developers create and edit content on a website. WordPress is a traditional CMS; Storyblok and Sanity are headless CMSs. See also CMS & Platform Engineering.
Google's three page-experience metrics: Largest Contentful Paint (LCP, how fast the main content loads), Interaction to Next Paint (INP, how responsive the page feels), and Cumulative Layout Shift (CLS, how much the page jumps around). Pages that pass Core Web Vitals rank better.
The practice of designing and building software specifically for one organisation's needs. Synonym for bespoke software development.
The discipline of automating how software is built, tested, deployed and operated — and bridging the gap between developers who write code and the infrastructure that runs it. See Cloud & DevOps.
A short, paid engagement at the start of a project (usually 1–2 weeks) to define scope, architecture and a fixed delivery plan. It means the eventual quote is real, not an estimate.
Experience, Expertise, Authoritativeness, Trustworthiness. Google's framework for evaluating content quality. Pages with real author bios, first-hand experience signals and clear authority rank better, particularly in YMYL (Your Money or Your Life) topics.
Electronic Point of Sale. The till system in a retail or hospitality business — hardware (screen, printer, card reader) and software that records sales, prints receipts and syncs to inventory.
Enterprise Resource Planning. A single business platform that ties together finance, inventory, manufacturing, HR and procurement. Examples: SAP, NetSuite, Microsoft Dynamics, Sage 200.
A content management system that exposes content via API rather than rendering a website itself. Your front-end (Next.js, Astro, a mobile app) pulls content from the headless CMS and renders it however it wants. Gives you speed, flexibility and the ability to swap either layer.
Google's Core Web Vital that measures how responsive a page feels when users click, tap or type. Replaced First Input Delay (FID) in March 2024. A good INP is under 200ms; above 500ms is poor.
The practice of defining cloud infrastructure (servers, databases, networks) in text files that can be version-controlled and reviewed, rather than clicking through a cloud console. Terraform, Pulumi and AWS CDK are popular IaC tools.
An open-source platform for running and scaling containerised applications across many servers. Powerful but complex — usually overkill for small teams, essential once you run dozens of services.
A Core Web Vital that measures when the largest meaningful element (usually the hero image or main heading) appears on screen. Good LCP is under 2.5 seconds on mobile.
An AI model trained on huge amounts of text to predict likely next words. GPT-4, Claude, Gemini and Llama are LLMs. They power ChatGPT, Claude, Copilot and most modern AI-enabled software.
An architecture style where an application is split into many small, independent services that communicate over APIs. Gives you team independence and scalability; costs you operational complexity.
The smallest version of a product that still solves the problem well enough for real users to pay for or rely on it. An MVP is not a prototype; it's a live product with a scoped feature set.
An application architecture where many customers (tenants) share the same instance of the software, with data isolation enforced in code. The standard model for SaaS. Compare to single-tenant, where each customer gets their own dedicated deployment.
Software sold pre-built to many customers — Shopify, QuickBooks, Salesforce, Microsoft 365. Opposite of bespoke software. Cheaper upfront, constrained by the product's decisions.
Payment Card Industry Data Security Standard. The security standard every business that handles credit card data must follow. Version 4 is the current standard. Minimising scope (tokenising cards, using hosted fields) is the usual strategy.
The till. See EPOS for the full acronym. "POS system" usually means the whole package: hardware, software, card payments, printer and integration to stock.
A website that behaves like a native app — installable to the home screen, works offline, sends push notifications. Cheaper than native mobile apps; less powerful than native for camera, Bluetooth and advanced features.
A pattern for building AI features where the model answers only from a specific set of your documents or data, not its own training. Reduces hallucination and makes every answer traceable to a source. See AI Software Development.
Software as a Service. Software delivered as a subscription you access through a browser, with no install. Shopify, Xero, HubSpot, Notion are all SaaS. The opposite is on-premise or shrink-wrapped software. See SaaS Development.
A cloud-computing model where the provider (AWS, Azure, GCP, Vercel) runs your code on demand without you managing servers. You pay per request, scale to zero when idle, and your infrastructure gets out of the way.
A web application that loads once and updates the page in-place as you navigate, rather than requesting a fresh HTML document for every link. Feels more app-like; requires careful SEO work.
Logging into many applications with one account. Common in workplaces — one Microsoft 365 or Google Workspace login unlocks Slack, Notion, GitHub and the rest. Built on standards like SAML and OIDC.
The accumulated cost of choosing fast, expedient solutions over clean ones in software. Like financial debt, some is fine and fuels growth; too much chokes progress. Managed through regular refactoring.
A database designed to store and search embeddings — the numerical representations AI models use for text, images or audio. Essential for building RAG systems and semantic search. Examples: Pinecone, Weaviate, pgvector.
An HTTP callback — one application posts data to another the moment an event happens, rather than the receiver polling for updates. Example: Stripe posts to your server when a payment succeeds.
A security model that assumes no user, device or network is trustworthy by default — every request must be authenticated and authorised. The opposite of the old "trusted internal network" model. NCSC-recommended for UK businesses.
Content Delivery Network. A global mesh of servers that cache your website close to users so pages load fast everywhere, not just from one origin server. Cloudflare, Fastly and Vercel all provide CDNs.
A Core Web Vital measuring how much a page jumps around while loading. Good CLS is below 0.1. Images without width/height and late-loading fonts are the usual culprits.
Customer Relationship Management system. A tool for tracking leads, deals and customer interactions. Salesforce, HubSpot and Pipedrive are common UK SaaS CRMs.
Software designed from day one to run on cloud infrastructure: containerised, horizontally scalable, stateless, observability built in. The opposite of a lifted-and-shifted legacy app.
A systematic review of an existing codebase for quality, security, performance and maintainability. Usually commissioned before an acquisition, a rebuild, or when inheriting legacy software.
An app that runs on multiple operating systems (iOS, Android, web) from a single codebase. React Native and Flutter are the most common cross-platform frameworks.
Data Protection Impact Assessment. A UK GDPR requirement for any processing likely to result in high risk to individuals. ICO provides templates; we produce them alongside builds that touch sensitive data.
A small piece of code that runs on a CDN edge node close to the user, not in a central data centre. Used for personalisation, auth checks, redirects and A/B tests with sub-50ms latency.
General Data Protection Regulation, the EU legal framework for personal data protection. Set the baseline for privacy law globally; enforced in the UK until 2021.
The post-Brexit UK version of GDPR, enforced by the ICO alongside the Data Protection Act 2018. Substantively identical to EU GDPR for most businesses, with a few UK-specific additions.
A query language for APIs that lets clients request exactly the fields they need, no over-fetching, no chains of REST calls. Facebook built it; Shopify, GitHub and Stripe expose it.
Software that runs a hotel or hospitality venue: reservations, housekeeping, billing, channel management. Distinct from a Property Management System mainly in scope.
The international standard for information security management systems. Certification signals to enterprise buyers that your security controls are documented, audited and improved over time.
The screen in a restaurant kitchen that shows orders from front-of-house, delivery aggregators and the till. Replaces paper tickets. Colour-coded ticketing and station routing are the core features.
Software for delivering courses, tracking progress and managing assessments. Moodle and Canvas are open-source examples; most UK colleges run one.
A network component that spreads incoming traffic across multiple servers to avoid overloading any one. Essential for redundancy and handling traffic spikes.
Software that runs the shop floor: tracking production jobs, quality checks, downtime, and operator output. Sits between ERP (planning) and the machines on the line.
A traditional architecture where an application is built as a single, unified codebase and deployed as one unit. Simpler than microservices; harder to scale independently.
A mobile app built in the platform-specific language: Swift for iOS, Kotlin for Android. Fastest possible performance; most expensive to build and maintain.
The standard for letting users grant third-party apps access to their data without sharing passwords. The flow behind Sign in with Google and Connect Xero.
Penetration test. An authorised simulated attack on your software by security professionals to find vulnerabilities before real attackers do. Usually run annually or before major launches.
A central store for product data: descriptions, images, pricing, specs, feeding e-commerce, marketplaces, print and EPOS. Critical for retailers selling the same SKU in five places.
A style of API design using standard HTTP verbs (GET, POST, PUT, DELETE) against predictable URLs. The default for most web APIs since the early 2000s.
Rendering a web page on the server and sending ready-made HTML to the browser. Faster first paint and better SEO than client-side rendering; more server load.
A US-originated security audit framework focused on Security, Availability, Processing Integrity, Confidentiality and Privacy. Type I is a point-in-time audit; Type II covers a period (usually 6+ months).
Rendering every page at build time so the browser receives pre-built HTML. Fastest possible delivery; requires a rebuild when content changes (or Incremental Static Regeneration for freshness).
How long after a request the server sends the first byte of the response. Good TTFB is under 200ms. High TTFB usually points at slow server processing or geographical distance.