Tech terms, plainly defined

These definitions cover the vocabulary of modern tech consulting. Each entry links to the relevant service or guide where we go deeper.

Fractional CTO

A senior technology leader who works with a company part-time, typically two to five days per month, in a strategic and decision-making role. They own the technology roadmap, challenge vendor proposals, and set engineering standards without the cost of a full-time executive hire at €150k to €200k per year. The arrangement suits companies that need senior technical judgment without a full-time need. Learn more →

Interim CTO

A full-time, temporary technology leader who covers a gap in the executive team, typically during a search process, a transition, or a critical delivery sprint. Unlike a fractional CTO who works part-time on an ongoing basis, an interim CTO is full-time and time-limited. The cost is higher per month but lower than a permanent hire when the need is genuinely short-term. Learn more →

Technical due diligence

A structured review of a software product, codebase, or technical organisation before an investment, acquisition, or major contract. It examines architecture quality, security posture, team capability, technical debt, and operational risk. Investors and acquirers commission it to understand what they are buying; founders commission it to prepare for a process. Learn more →

AEO (Answer Engine Optimization)

The practice of structuring content so that AI-powered answer engines, such as ChatGPT, Gemini, and Perplexity, cite it when responding to queries. AEO focuses on clear, definitional prose, structured data, and authoritative sourcing rather than keyword density. It is distinct from SEO in that the target is a citation in a generated answer, not a ranked URL on a results page. Learn more →

GEO (Generative Engine Optimization)

A broader term for optimising content to appear in the outputs of generative AI systems, including chatbots, AI search, and AI-generated summaries. GEO overlaps with AEO but extends to any generative interface that synthesises content from the web. Both disciplines prioritise authoritative, well-structured, factually specific content over content designed for keyword ranking. Learn more →

SEO (Search Engine Optimization)

The practice of improving a website so that search engines rank its pages higher in organic results for relevant queries. Modern SEO covers technical site health (crawlability, Core Web Vitals, structured data), content quality and topical authority, and links from other authoritative sites. It is a long-term channel with compounding returns when done consistently.

EAA (European Accessibility Act)

An EU directive (2019/882) that requires digital products and services sold to consumers in the EU to meet accessibility standards. It came into force on 28 June 2025, with enforcement applied from that date. B2C digital products and services above micro-enterprise thresholds must comply; the German implementing law is the BFSG. Non-compliance risks fines and exclusion from public procurement. Learn more →

BITV (Barrierefreie-Informationstechnik-Verordnung)

The German regulation implementing WCAG-based accessibility requirements for public-sector websites and apps. BITV 2.0 maps to WCAG 2.1 Level AA. Private-sector companies subject to the EAA in Germany are assessed under BFSG, which references the same WCAG standards. An accessibility audit against BITV verifies conformance at the component and content level. Learn more →

WCAG (Web Content Accessibility Guidelines)

The international standard for web accessibility, published by the W3C. WCAG defines four principles (Perceivable, Operable, Understandable, Robust) and three conformance levels (A, AA, AAA). Level AA is the target for most legal requirements including EAA, BITV, and ADA. WCAG 2.2 is the current version; WCAG 3.0 is in development. Learn more →

GDPR / DSGVO

The General Data Protection Regulation (Datenschutz-Grundverordnung in German) is the EU framework governing how personal data is collected, processed, and stored. It applies to any organisation processing data about EU residents, regardless of where the organisation is based. Key obligations include a legal basis for processing, data subject rights, breach notification, and a signed Data Processing Agreement with each sub-processor.

DSAR (Data Subject Access Request)

A formal request from an individual exercising their right of access under GDPR (Article 15). Organisations must respond within 30 days, providing a copy of all personal data held, the purposes of processing, any third parties it has been shared with, and the retention period. A well-designed DSAR process is a legal requirement, not an optional workflow.

DPA (Data Processing Agreement)

A contract required by GDPR (Article 28) between a data controller and any data processor who handles personal data on their behalf. It specifies what data is processed, for what purpose, for how long, and what security measures the processor must maintain. A DPA is mandatory before sharing personal data with any third-party tool, API, or SaaS vendor.

MCP (Model Context Protocol)

An open protocol, published by Anthropic, that defines a standard way for AI agents and LLM applications to connect to external tools, APIs, and data sources. MCP replaces brittle per-integration "function calling" with a structured, permissioned connection layer. In practice, an MCP server exposes capabilities (read a database, call an API) that an LLM client can discover and invoke safely.

Core Web Vitals

A set of three metrics defined by Google to measure the real-world user experience of a web page: Largest Contentful Paint (LCP, perceived load speed), Interaction to Next Paint (INP, interactivity), and Cumulative Layout Shift (CLS, visual stability). Google uses Core Web Vitals as a ranking signal. Hitting the "good" threshold for all three is the foundation of a well-performing website. Learn more →

INP (Interaction to Next Paint)

The Core Web Vitals metric that measures how quickly a page responds to user interactions such as clicks, taps, and keyboard input. INP replaced First Input Delay (FID) in March 2024. A good INP score is under 200 milliseconds. Common causes of poor INP are long JavaScript tasks blocking the main thread, and heavy rendering triggered by user events. Learn more →

Performance budget

A set of limits on the technical metrics of a web page, agreed before build and enforced through automated checks after each deployment. A performance budget might cap page weight at 500 KB, Time to First Byte at 200 ms, and LCP at 2.5 seconds. Without a budget, websites tend to get slower after launch as features accumulate. Budgets make regression visible before it reaches production. Learn more →

Headless CMS

A content management system that stores and delivers content via an API rather than rendering pages directly. Editors manage content in the CMS back-end; a separate front-end (Next.js, Astro, or similar) fetches and renders it. The benefit is full control over presentation and performance; the trade-off is more engineering overhead compared to an integrated system like WordPress. Learn more →

Build vs buy

The decision framework for whether to commission custom software or purchase an off-the-shelf SaaS product for a given workflow. The core question is whether the workflow is core to how the business competes (build) or a commodity function (buy). SaaS is almost always correct for commodity functions; custom build is justified when the workflow is a source of differentiation and the long-run total cost of ownership favours ownership. Learn more →

Staging environment

A copy of a production system used to test changes before they go live. A properly configured staging environment mirrors production in its data structure, dependencies, and configuration, so that bugs are caught before real users encounter them. Running updates, new features, or security patches directly on production without staging is one of the most common causes of preventable incidents. Learn more →

Technical debt

The accumulated cost of shortcuts, deferred refactoring, and design compromises in a codebase. Like financial debt, it accrues interest: the longer it remains, the more expensive future changes become. Common sources include rushed delivery schedules, insufficient test coverage, outdated dependencies, and undocumented architecture decisions. A technology audit typically surfaces the most consequential items first. Learn more →