Prepared for

Proposal · June 2026

A private home for every client’s citizenship journey.

A secure, GDPR-compliant portal that walks each client — whether one person or a family of twenty — through all three phases of their Croatian citizenship application, from first consultation to the day they’re granted citizenship.

Try the live preview ↓ See the investment

3 guided phases, one portal

€75K fixed project price

Oct '26 production release

Marković Family

Case #2026-114 · 4 applicants

Your application

✓

Consultation & eligibility

Birth certificate verified

Document collection

8 of 12 documents ready

Processing & grant

Awaiting submission

Birth certificate (ancestor)Verified

Marriage certificateIn review

Proof of residenceRequested

The client experience

Three phases, mapped exactly to how you work today.

The portal mirrors your proven process. Each phase has its own screen, its own checklist, and its own clear sense of “what happens next” — so clients always know where they stand on a journey that can span years.

PHASE 01

Consultation & eligibility

A few weeks

Discovery calls and the critical verification of the ancestor's birth certificate, ending in a clear go / no-go decision.

Eligibility questionnaire
Birth certificate review
Go / no-go approval step

PHASE 02

Main application

Approx. 6 months

You help the client gather every required document. The phase ends with the client receiving their complete physical binder.

Per-applicant document checklists
Upload, review & sign-off
Binder shipped & tracked

PHASE 03

Processing & grant

2 – 3 years

The Ministry reviews the application. During this long wait, clients need calm status visibility and the occasional update.

Live status timeline
Milestone notifications
Citizenship granted 🎉

Live, interactive preview

This is what your clients will actually see.

A working preview of the client portal — switch between family members, move through the sidebar, and explore each feature. Everything below is clickable.

portal.salonaconsulting.com / my-application

Applicant

Your application status

Case #2026-114 · Marković Family · last update 2 days ago

55%

Phase 2 · Main application

Collecting your documents

8 of 12 required documents are ready. We'll let you know the moment your binder ships.

Tip: switch between family members and tap the sidebar — each applicant has their own private checklist.

What's inside

Everything a case needs, in one secure place.

Individual login

Each client signs in privately and sees only their own case — never anyone else’s.

Document upload & download

Secure handling of sensitive papers, organised per phase, per applicant, per type.

Status tracking

A clear visual timeline of every phase — invaluable during the multi-year wait.

Secure messaging

Direct, in-portal conversations between client and case team, with email alerts.

Approvals

Go / no-go decisions and sign-offs, each recorded with time and identity.

Invoices & shipping

Invoices issued through the portal and DHL tracking for the physical binder.

Connected to your tools

ScoroTypeformMicrosoft 365AdobeCalendlyUS authorization proof platformDHL

^*Each integration is built on the provider’s public API and is limited to the functionality that API exposes. Where a provider offers no endpoint for a given action, that step may remain manual or require a supported workaround — we confirm the exact capabilities of each API during discovery.

Security & GDPR — by design

Your clients trust you with their most private documents. The portal protects that trust.

Strict per-client isolation

Enforced at the database and API layer — not just the screen. No client can ever reach another’s data.

MFA & encryption

Multi-factor login, TLS in transit, encryption at rest, and Switzerland-based data residency for hosting and backups.

GDPR & audit logs

Data-subject rights, retention rules, and full audit trails of every document access and approval.

One client, one vault

Every login opens a sealed, individual workspace. Security is treated as a top priority across design, development, and daily operation.

Security advice

A few words on where this data should live.

This system will hold passports, national ID cards, birth and marriage certificates and other official documents — some of the most sensitive personal data a business can handle. That shapes two firm recommendations below: build a purpose-made, self-hosted application rather than a no-code cloud builder, and keep the data inside Switzerland.

What you are actually storing

A single passport already exposes a full name, date and place of birth, nationality, a document number and a facial image. Under the EU GDPR a facial image used to identify someone is special category data (Article 9), which carries the strictest processing duties — and the same record is a textbook target for identity fraud if it leaks. Treating these files as ordinary attachments is the most common and most costly mistake.

EU GDPR, Article 9

Why a no-code cloud builder is the wrong foundation

No-code / low-code SaaS builders keep your clients’ documents on infrastructure you do not control, and most do not offer true end-to-end encryption — meaning the platform itself can read the data. In late 2025 Switzerland’s data-protection authorities moved to bar such cloud services for sensitive public-sector data, and regulated industries are expected to follow. For files this sensitive, convenience tooling is a liability, not a shortcut.

privatim resolution, 2025

Hosted in Switzerland, under Swiss jurisdiction

We run infrastructure across several regions — the USA, Germany, Finland and Switzerland — and for a project this sensitive we will host this application and all its backups inside Switzerland’s borders. That keeps the data under Swiss law and away from extraterritorial reach such as the US CLOUD Act, which can compel US-headquartered providers to hand over data even when it physically sits on Swiss servers. Encryption keys stay with you, not a third party.

Swiss data sovereignty

The cost of getting it wrong

European regulators have issued more than €6.3 billion in GDPR fines across 3,000+ cases, the single largest being €1.2 billion. As a Swiss company serving EU-bound clients, Salona must satisfy two regimes at once: the EU GDPR and Switzerland’s own Federal Act on Data Protection (FADP), revised and in force since 1 September 2023. The FADP can even hold the responsible individual personally liable for fines up to CHF 250,000. See the live tally at enforcementtracker.com/statistics.

GDPR Enforcement Tracker · Swiss FADP

€6.3B+ in GDPR fines — and counting.

The public enforcement tracker shows the scale of penalties for mishandling personal data across Europe. A Swiss company handling EU residents’ data must comply with both regimes — the GDPR and Switzerland’s Federal Act on Data Protection (FADP) — and the FADP carries personal liability for those responsible. Building it right the first time is far cheaper than any of these lines.

View the fine statistics →

How we build it · ~3 months

Four clear steps, from discovery to launch.

A fixed-scope, fixed-price engagement. After discovery, the frontend and backend are built in parallel to reach a working MVP. Your team then puts it through real-world use, and their feedback flows straight back into development before we finalise and launch.

Discovery 1 week

Discovery calls and full process mapping: every case state, document checklist, approval point, and integration confirmed. We finalise the GDPR & security requirements and the multi-applicant family data model.

Process mapFunctional specPrioritised backlogArchitecture decision

Development 5 weeks

Frontend and backend are built in parallel. On the frontend: the app shell and every screen for the client portal and admin area — authentication, dashboard, documents, status timeline, messaging, approvals, invoices and shipping. On the backend: a data model with row-level isolation, MFA, encrypted document storage, the notification engine, audit logging, and every agreed integration. The two meet at a working MVP.

Approved designsWorking frontendSecure API & integrationsStaging MVP

User acceptance tests & finalisation 4 weeks

Your admins start using the MVP on staging alongside a small pilot group of real clients. Their feedback flows straight back into development — we keep building and refining throughout this stage — and we run a security review with penetration-style testing. By the end the software is finalised and ready to be released.

Pilot UATFeedback-driven developmentSecurity reviewRelease-ready build

Server setup & handover 2 weeks

Production setup on Swiss hosting with backups and monitoring, deployment of the release-ready build, a full admin training session with documentation, and handover with an ongoing support plan.

Production releaseDocumentationAdmin trainingSupport plan

Key milestones

Late June '26

Kick-off & discovery begins

Mid-July '26

Specification approved

Mid-Aug '26

MVP live for pilot clients

October '26

Full production release

How we work together

A close weekly rhythm — and software you can watch take shape.

We keep the loop tight: a standing meeting every week, more whenever you need them, and a live development build you can open from day one.

A standing weekly meeting

We meet at the same agreed day and time every week to review progress, make decisions together, and line up what comes next.

Extra meetings whenever needed

When something calls for a quick decision or a deeper dive, we simply schedule additional sessions — no waiting for the weekly slot.

A live development build from day one

As early as possible we put a running development version online, protected by a password, so you can see and click the real software as it grows.

Updated every day

That development build is refreshed daily throughout the project — onboarding Salona Consulting to the process from the start and keeping the software and its users in tight alignment.

The investment

A fixed price, broken down phase by phase.

No surprises. Each phase is invoiced as it begins. All prices exclude VAT and third-party licences.

Phase 01

Discovery

Discovery calls, process mapping & specification · 1 week

€5,000

Phase 02

Development

Frontend & backend, built in parallel · 5 weeks

€30,000

Phase 03

User acceptance tests & finalisation

Pilot use with continued development, security review & finalisation · 4 weeks

€30,000

Phase 04

Server setup & handover

Swiss hosting, deployment, training & handover · 2 weeks

€10,000

Total project priceFixed scope · invoiced per phase

€75,000

Ongoing support

Ad-hoc support & small fixes €200 / hour

Response time Within 24 hours

Swiss hosting (billed to you) €10–100 / month

The hourly rate covers short, on-demand support — small fixes, questions and minor tweaks, billed only when you need it. Anything larger, such as a major update or a new feature, is scoped and quoted separately as a fixed-price, phase-based project, exactly like this engagement. Hosting is billed directly to you with a reputable Swiss provider, so you keep full ownership of your data and infrastructure.

What's included

Client & admin portals ✓

All necessary integrations ✓

GDPR & security review ✓

Training & documentation ✓

Next step

Let's give your clients a journey worth remembering.

Confirm the offer and we'll schedule the kick-off workshop and begin discovery within one week.

Approve & start discovery Revisit the live preview