A Wiza-powered prospect search feature built into BDI — so your recruiters can find, select, and enrich contacts without leaving the campaign builder. Four to six weeks. One fixed price. GDPR compliance as an architectural constraint, not a post-launch checklist.
Four observations from the PRD and our call that shape every decision in this proposal.
1.1 A prospecting layer, not a database dump
BDI's current workflow requires recruiters to manually export contacts and upload a CSV. This proposal replaces that entirely — a structured Wiza-powered search screen embedded directly in the campaign builder, so the prospect-to-campaign loop closes in one interface.
1.2 GDPR is a first-order architectural constraint
You were explicit: every feature must be built with data protection as a first-order concern. That shapes the enrichment pipeline (personal email requires confirmed lawful-basis acknowledgement), the data model (no personal data stored without a contact method), and the DPA documentation delivered at handover. We've built for this before — see alldayDr in Case Studies.
1.3 The API complexity is manageable — with one known gap
We read the full Wiza Prospect Search and Individual Reveals API specs before writing this proposal. Every filter in the PRD maps to a native Wiza API parameter. One exception: postcode radius search does not exist in the Wiza API — it supports city, state, and country, but not radius. We propose replacing it with city/state/country selection, which covers the same functional intent.
1.4 You've been through the deliverability problem — so have we
On our call you mentioned a 0.6–0.8% reply rate and a move toward O365/GWS accounts with proper warm-up. We've run our own outbound for years, built our own sending infrastructure, iterated on deliverability, and managed domain warm-up in production. More in Section 05.
Section 02 / The bounded slice
What fits the engagement.
2.1 In scope
Area
What's included
Search panel
Job title (include/exclude), seniority, department, job function (57 sub-roles), contact & company city/state/country, company name, industry (150+ Wiza taxonomy), company keywords (Boolean), headcount, revenue, year founded, exclusion checkboxes
Results panel
25-contact pages, Load More pagination, column sorting (Name, Title, Company, Location), LinkedIn link icon per contact, per-contact checkbox, Select All
Enrichment pipeline
Background Individual Reveal per selected contact, Wiza webhook receiver, real-time counter via WebSocket/SSE
Contact counter
Real-time 127/500 display, warning at 50, stronger at 10, Add to Campaign lock at limit
Personal email toggle
GDPR confirmation modal before activation, maps to Wiza email_options.accept_personal: true
GDPR layer
Lawful basis confirmation copy, data minimisation model, DPA-ready data flow documentation at handover
Navigation
Continue to Campaign → Clean & Standardize; Back to Data Source Selection
2.2 Out of scope (on purpose)
⚠Postcode radius filter — Not available in Wiza API. Replaced with city/state/country.
⚠Cross-campaign exclusion checkboxes — Depends on data model; defer per PRD if too complex.
→Clean & Standardize screen — This proposal ends at "Continue to Campaign".
→Removing contacts after adding — Known PRD limitation for June release.
Section 03 / Search & filter layer
Every Wiza filter, surfaced cleanly.
We reviewed the Wiza Prospect Search API (POST /api/prospects/search) end-to-end before writing this proposal. Every filter maps to a native API parameter.
PRD Filter
Wiza API Param
Input
Supported
Notes
Job Title
job_title[].v + .s
Free-text
✓
Include/exclude; phrases in quotes for exact match
Contacts that fail enrichment or don't meet the minimum threshold (First Name + Job Title + at least one email) are excluded without storing any personal data. Minimum-threshold filtering is a data minimisation decision, not just a product constraint.
Section 05 / What we know about cold email
We don't just build outbound tools. We run one.
Before you chose a development partner, you wanted to know they understood the problem. Here's our track record — not from a client brief, but from our own campaigns.
SoluteLabs has run its own outbound for several years, targeting B2B SaaS and enterprise clients across the US, UK, and Australia. We've built and iterated on the same infrastructure stack you're working through right now. This isn't theoretical knowledge. It's hard-won from our own domains, our own deliverability incidents, and our own reply rates.
Sending infrastructure
We've moved through AWS SES, Instantly, and custom SMTP setups. We understand the trade-offs between shared IP reputation and dedicated infrastructure, and why warm-up periods are non-negotiable before ramping volume.
Domain & mailbox warm-up
We've run structured warm-up schedules across O365 and Google Workspace accounts — the exact path you're on. We know the volume ramps, the timing windows, and the indicators that tell you a domain is healthy versus flagged.
Deliverability monitoring
We track bounce rates, spam complaint rates, and inbox placement. We've debugged SPF/DKIM/DMARC misconfigurations and recovered domains from blacklists.
AI-generated copy that lands
We use Claude to generate and iterate on cold email sequences — with strict guardrails against spam-trigger language, excessive formatting, and AI-pattern detection. We can share our prompt methodology as part of this engagement.
Reply rate context
We know what 0.6–0.8% means. Well-warmed infrastructure targeting well-defined lists typically reaches 2–4%. The gap is usually split between targeting quality, copy quality, and send infrastructure — and we can help diagnose all three.
Consultation available
If you want us to audit your sending setup, review your copy, or build a warm-up plan as a separate workstream, we can scope that as an add-on. It's not inside the £10,000 budget, but it's available.
Section 06 / The stack
Your stack, our defaults.
You specified the technology. We're already building on it every week.
Layer
Technology
Rationale
Frontend
React 18 + TypeScript + Vite
Your specified stack. Fast local dev, zero-config bundling
Styling
Tailwind CSS v3
Your spec. Utility-first, consistent cross-team
State management
Zustand
Your spec. Lightweight; ideal for filter state + enrichment queue
Testing
Jest + React Testing Library
Your spec. Unit + integration on all enrichment flows
Backend
Node.js (Express or Fastify)
Your spec. Handles Wiza API calls server-side + webhook receiver
Real-time updates
WebSocket or SSE
Counter increments as each webhook fires — no polling
Cloud
AWS (your existing infrastructure)
We wire into your deployment pipeline, not introduce a new one
Wiza integration
Prospect Search API + Individual Reveals API + Webhooks
Direct API integration, no middleware vendor required
Available for data processing or content generation
Section 07 / Data protection
GDPR by design, not by checkbox.
You asked for this explicitly. Here's how it shows up in the code, not just the copy.
GDPR compliance in a prospecting tool is not a single feature — it's a set of architectural decisions made before the first component is written. We've built for the UK regulatory environment before. alldayDr was awarded a place on the NHS GPIT framework and achieved ISO 27001 certification under our delivery. See Section 10.
Data minimisation
Only enriched fields required to run a campaign are stored. Fields not needed downstream — excess metadata from Wiza responses — are not persisted. Storage reflects what's necessary, not what's available.
Lawful basis confirmation
The personal email toggle triggers a one-time GDPR confirmation modal. The user must actively confirm lawful basis before personal addresses are retrieved. The confirmation is logged against the campaign record.
Controller / processor boundary
BDI is the data processor. Braddock Group (the campaign operator) is the data controller. UI copy, terms, and DPA documentation will reflect this clearly — not a grey area to resolve post-launch.
Right to erasure
The data model is designed so that a contact's personal data can be fully deleted at the record level. Supports downstream erasure requests without cascading data integrity issues.
Minimum-threshold filtering
Contacts that don't meet the minimum threshold (First Name + Job Title + at least one email) are excluded without any personal data being stored. No partial records. No orphaned identifiers.
DPA-ready documentation
We deliver a data flow document at handover: what data enters the system, where it's stored, which processors touch it, retention periods. Formatted for attachment to a DPA before commercial launch.
Questions on the GDPR architecture? Book a 45-min walkthrough.
Book a call
Section 08 / Role matrix
The team.
Named from day one. No swaps without prior written agreement. The team that scopes is the team that ships.
Role
Responsibility
Allocation
Access
Tech Lead / Full-stack
Wiza API integration, Node.js backend, webhook receiver, WebSocket/SSE real-time layer, test suite
All 13 filter components in React + Zustand: job title, seniority, department, function, location (contact + company), company info, year founded, exclusion toggles
1.5 wk
£2,400
03
Results panel
Contact cards (25/page), Load More pagination, column sorting, Select All, per-contact checkbox, LinkedIn link icon per result, personal email toggle + GDPR modal
1.0 wk
£1,600
04
Enrichment pipeline
Add to Campaign, N × Individual Reveal API calls, webhook handler, real-time counter via WebSocket/SSE, 500-cap enforcement, minimum-threshold filtering
1.5 wk
£2,400
05
QA, GDPR & handover
Edge case handling (zero results, API down, 429 queue full), unit + integration test suite, GDPR data flow document, code handover, Phase 2 written plan
1.0 wk
£2,000
→
Fixed price · full feature Six weeks. Production-ready. Integrated into BDI. IP to Braddock Group on payment.
6 wks
£10,000
Payment schedule
Fixed at contract signing. Any scope change routes through a written change request.
£5,000
On contract signing
£5,000
On final milestone delivery
What you walk away with
→Production-ready React + Node.js feature, integrated into your BDI codebase
→Full test coverage — Jest + React Testing Library
→GDPR data flow documentation, formatted for DPA attachment
→IP fully transferred on final payment — no strings, no ongoing dependencies
→Written Phase 2 plan for deferred items (cross-campaign exclusions, postcode radius)
Section 10 / Case studies
We've shipped this shape of work before.
Three engagements that map directly onto the BDI build — one from the UK market with NHS integration and full GDPR compliance, one live contact enrichment pipeline we operate ourselves, and one UK client at similar project scale.
The most relevant GDPR case study we can offer is not an anonymised reference — it's a named UK client we built from scratch and scaled to nationwide rollout.
alldayDr is a UK telemedicine and online pharmacy platform. We delivered end-to-end: product discovery, UX/UI, and full-stack development across 8 mobile and web apps — patient, provider, and pharmacy surfaces. The platform processes personal health data of UK residents, operates under CQC registration, and was awarded a place on the NHS GPIT framework.
8
Mobile + web apps
ISO 27001
Certified data security
NHS GPIT
Government framework
2+ yr
Engagement
Compliance achieved: CQC registration, ISO 27001 certification, NHS GPIT framework listing (government-level procurement vetting), SNOMED and dm+d clinical data standards, UK healthcare-aware SDLC throughout.
Delivery: 2+ year agile engagement, continuous delivery, 25% reduction in time and cost across release cycles.
The team quickly grasped and understood the UK Healthcare system and always came up with new ideas.
UK market
GDPR
NHS GPIT
CQC
ISO 27001
SNOMED
dm+d
8 apps
2+ year engagement
Internal · SoluteLabs / Live in production
Contact Enrichment & Outbound Pipeline — Our Own
We don't just build these tools. We run one.
SoluteLabs operates its own AI-powered outbound pipeline for business development — targeting B2B SaaS and enterprise clients in the US, UK, and Australia. Multi-source contact enrichment (Apollo, SalesQL, Firecrawl), data verification, Supabase + Qdrant for storage, n8n for orchestration, and AI-generated email sequences via Claude.
→The manual CSV import bottleneck is real — removing it changes how the team operates, not just how fast they work
→Enrichment quality varies by source; Wiza is a strong choice for email discovery
→Warm-up matters more than volume — learned this the hard way on our own domains
→AI copy generation works, but only with strict guardrails on structure, length, and anti-pattern language
n8n
Apollo
SalesQL
Wiza
Supabase
Qdrant
Anthropic Claude
Cold email infra
Live in production
UK Client · 5.0★ Clutch · $10K–$49K
Digital Engineering Firm · UK
A communications app for a UK-based digital engineering firm — Flutter, iOS and Android. Fixed scope, on time, all goals met. Included because it's a UK client at similar project scale, and the managing director cited communication quality — the same concern you raised.
We all communicated well and any feedback was taken on board and discussed with no issues.
UK client
Fixed scope
On time
5.0★ Clutch
Section 11 / Why SoluteLabs · The ask
Why SoluteLabs, and what's next.
You received three quotes. We are not the cheapest. Here's why we're the right fit.
What matters to you
What we offer
GDPR by design
We designed the enrichment flow, personal email toggle, and data model around UK GDPR before writing a single component. alldayDr ran on NHS GPIT and achieved ISO 27001 under our delivery. See Sections 07 and 10.
Cold email expertise
We've run our own outbound for years — O365/GWS warm-up, deliverability monitoring, SMTP routing, AI copy generation. We understand your 0.6–0.8% reply rate in context. See Section 05.
Wiza API knowledge
We read the full API spec before this proposal — pagination limits, concurrency tiers, credit model, webhook structure, and the postcode gap. No surprises in Week 1.
English fluency
The entire build team communicates in fluent written and spoken English. Your CTO gets direct Slack access. We don't relay through a PM layer.
Named team
The two engineers in Section 08 are your team from kickoff to handover. No swaps without written agreement.
NDA
We sign mutual NDAs as standard. Yours can go out today.
IP ownership
Clean IP transfer on final milestone payment. No licensing clauses, no attribution, no ongoing SoluteLabs dependencies.
Long-term partner fit
You want a development partner, not a one-off vendor. We work that way — alldayDr ran 2+ years, Ivy Mobility 8+ years. The relationship scales with the product.
Confirm the £10,000 fixed price and the six-week timeline. You send us the Wiza API key and BDI codebase access in week one. We deliver a production-ready prospect search feature six weeks later.
If the postcode radius decision, cross-campaign exclusion scope, or cold email consultation needs a conversation first — that is the next call.