Why PatchPilot exists
I run IT for a small portfolio of UK businesses. Every year, cyber insurance renewals got harder — insurers wanted proof that devices were patched, that BitLocker was enforced, that someone had actually checked the endpoints rather than just assumed they were fine.
The tools that existed fell into two camps. Either they were built for enterprises with a six-figure budget and a dedicated compliance team, or they were cheap but gave you no evidence worth anything to an insurer or auditor. A few were both expensive and evidence-light.
"The hardest part wasn't patching devices. It was proving, on demand, that patching had happened — in a format a cyber-insurance underwriter would actually accept."
So I built PatchPilot. The goal was simple: make the compliance evidence that used to take days to compile a thing you can export in 30 seconds — mapped to real frameworks like Cyber Essentials, ISO 27001, and SOC 2, not just a CSV of hostnames.
We built it in the UK, for UK and European IT teams first. That means UK GDPR by design — not bolted on. Data processed inside the EEA. No "we'll evaluate EU hosting later." That's where we started.
For regulated UK industries — NHS trusts, central government bodies, MoD supply chain — we offer sovereign deployment: PatchPilot installed within your own infrastructure, with no data leaving your network boundary. This aligns with NHS DSPT requirements, G-Cloud 13 framework obligations, and MoD JSP 440 data-handling policy. If you're a public-sector buyer evaluating endpoint management, talk to us before committing to a US-hosted vendor.
We're still early. The app is in controlled early access with real paying customers — including Vehicle Data Global Ltd, whose entire endpoint estate was one of our first test environments. Every bug they surface makes PatchPilot better for the next customer.