10 questions to ask before hiring a software agency
TL;DR: Before hiring a software agency, get answers in writing on ten things: who owns the source code and IP, who owns the GitHub repository, source code escrow, fixed price versus time and materials, who actually writes the code, QA, post-launch maintenance, references, the SOW, and subcontracting. Good answers are specific and contractual.
The questions below protect a non-technical owner who is about to spend between twenty-five thousand and a quarter million dollars on custom software. Ask all ten before you sign anything. The pattern to watch for is simple: good vendors answer with specifics and put them in the contract, while weak ones answer with reassurance and ask you to trust the relationship. I sit on the owner's side of these conversations for a living, and the gap between those two kinds of answers tells you most of what you need to know.
Who owns the source code and IP when this is done?
You should own all of it, and the contract must say so with a present-tense IP assignment clause. Copyright law often leaves ownership with whoever writes the code, not whoever pays. A good agency hands you full ownership on payment. A bad one keeps rights to "reusable components," which means you cannot leave.
Read the assignment language yourself or have someone read it for you. Watch for the phrase "work made for hire" alone, which is not enough for all categories of work, and insist on an explicit assignment of all intellectual property. Owners in regulated fields feel this hardest, which is why I push insurance brokerage technology decisions toward clean ownership from day one.
Who controls the code repository during the build?
You should own the GitHub organization and add the agency as collaborators, not the reverse. When the vendor owns the repository, they own your leverage. A healthy arrangement gives you admin access from the first commit, so you watch the code accrue and can hand it to another team without waiting on a handoff.
- Ask for read access to the repository on day one, not at launch.
- Confirm the code lives in your account, billed to you.
- Check that commits happen regularly, not in one dump near the deadline.
What is source code escrow and do I need it here?
Source code escrow is an arrangement where a neutral third party holds your code and releases it if the agency fails or breaches the deal. It matters most when the vendor hosts the only copy. If you already own the repository and keep your own backups, escrow is usually redundant cost worth skipping.
Fixed price or time and materials for this work?
Fixed price fits a tightly defined statement of work that will not change, and it shifts overrun risk to the vendor. Time and materials fits discovery and shifting requirements, and it stays honest only with weekly hour reports and a spending cap. Most projects split it: a fixed-price discovery phase, then time and materials.
Beware a fixed bid on a vague scope. The agency either pads it heavily or plans to win every change order. Restoration contractors run into this constantly when field workflows get underestimated, so I steer restoration contractor software projects toward a paid discovery phase before any number gets locked.
Who actually writes the code on my project?
Ask for the names, roles, and locations of the engineers assigned to you, then ask to meet them on a call. Pitch meetings often star a polished senior team that disappears after signing, replaced by junior developers or undisclosed offshore subcontractors. A straight answer names real people. A dodge talks about "our process" and "the team" without ever naming anyone.
This is also where staff augmentation and a project engagement diverge. Staff augmentation rents you developers who follow your direction. A project engagement sells you an outcome the agency manages. Wealth and asset managers tend to want the outcome model with tight oversight, which is part of what I help wealth management technology buyers structure.
How do you handle QA and who signs off on it?
A serious agency has a QA function separate from the developers who wrote the feature, plus automated tests and a written acceptance process you approve. Skip this and you become the test team, finding bugs in production. Ask what share of the budget covers testing. If it is near zero, the rework will land on you.
What happens after launch and who maintains it?
Launch is the midpoint, not the finish, so settle post-launch maintenance before signing. Software needs security patches, dependency updates, and bug fixes for years. A good agency offers a clear maintenance agreement with response times and rates. A bad one treats launch as the end and bills emergency hours when your app breaks on a new operating system.
Get a few more things in writing up front: a signed NDA covering your data and ideas, a documented handoff so another team could take over, and an exit clause. Property managers learn this when a vendor disappears mid-lease-season, which is why I make property management technology plans assume the relationship will end someday.
Can you give me references I can actually call?
Ask for two or three clients with projects like yours, then call them and ask about overruns, missed deadlines, and what broke. Useful references describe specific problems and how the agency handled them. A vendor who offers only glowing written testimonials, or stalls on putting you in touch with a real client, is hiding something worth finding before you sign.
Key takeaways
- Demand a written IP assignment transferring all source code and rights to you on payment, with no carve-outs.
- Own the GitHub repository yourself and add the agency as collaborators, so you keep your leverage.
- Use fixed price for a defined statement of work and time and materials for discovery, never a fixed bid on a vague scope.
- Get the names of the engineers who will write your code, and put subcontracting limits in the contract.
- Settle QA, post-launch maintenance, and an NDA before signing, not after the first production bug.
FAQ
Who owns the source code when an agency builds my software?
You should, but only if the contract says so in writing. Default copyright law often leaves ownership with the agency that wrote the code. Insist on a present-tense IP assignment clause that transfers all source code, designs, and rights to you on payment, with no carve-outs for reusable components.
What is source code escrow and do I need it?
Source code escrow is a service where a neutral third party holds a copy of your code and releases it to you if the agency goes bankrupt or breaches the contract. It matters most when the vendor hosts the only copy. If you already own the GitHub repository outright, escrow is usually unnecessary.
Should I pay fixed price or time and materials?
Fixed price suits a tightly scoped statement of work where requirements will not move. Time and materials suits discovery work and changing requirements, and it stays honest only with weekly reporting and a spending cap. Most real projects use fixed price for a defined phase, then time and materials for the rest.
How do I know who will actually write my code?
Ask for the names and locations of the engineers assigned to your project, then ask to meet them. Pitch meetings often feature senior staff who vanish after signing, replaced by junior developers or offshore subcontractors. Put the named team and any subcontracting limits into the contract.
I do this work as an independent advisor across many industries, sitting on your side of the table opposite the vendor. If you want a second read before you sign, see how I work or book a free 20-minute call.