Here's a fact that surprises almost every founder we tell it to: you might not own the code you paid for.
Under US copyright law, when you hire an outside developer to write software, the developer owns the copyright by default — unless a written agreement says otherwise. You can pay every invoice in full and still not hold the rights to the thing you funded. That's not a scam anyone has to run; it's just what the law says when the contract is silent. Most founders find this out at exactly the wrong moment: when they want to switch teams, raise a round, or get acquired, and a lawyer asks for the IP assignment that was never signed.
And ownership of the code is only the first kind of dependency. Lock-in is also technical — built on a platform you can't leave — and operational — code only the original team understands, with a roadmap the vendor effectively controls. The good news is that all three are preventable, and none of it requires distrusting the team you're about to work with. It just requires setting the relationship up right from day one.
A quick note before we go further: this is general guidance, not legal advice. The specific clauses below are worth understanding so you know what to ask for, but have your own counsel review any contract — especially the IP terms — before you sign.
This post is the preventative side of staying free — how to structure the relationship so you're never locked in. Its sibling, is your agency's code handoff-ready?, is the diagnostic side: how to evaluate code a team is already writing. Read both.
The Three Kinds of Lock-In
Lock-in isn't one problem. It's three, and most guides only talk about one of them. You need to guard against all three.
Contractual lock-in
You don't legally own the code, the IP assignment is missing or vague, or the license restricts what you can do with your own product. This is the most dangerous kind precisely because it's invisible — everything feels fine until you try to leave, raise, or sell, and discover the rights aren't yours.
Technical lock-in
The product is built on something you can't walk away from: a proprietary framework only this vendor knows, a low-code or no-code platform where you own a configuration rather than source code, a closed database, or data you can't export in any usable form. Technically you have a product. Practically, you can't take it anywhere.
Operational lock-in
The code works, but it's undocumented, and only the people who wrote it understand it. Worse, the roadmap sits with the vendor — they decide what gets built next, and you discover you can't make a move without them. You own the asset on paper and depend on them completely in practice.
The rest of this post walks through how to prevent each one — contract first, because it's the one most founders never see coming.
Contract: Own the IP From Day One
The fix for contractual lock-in is a single clause, and you should insist on it before any code gets written.
You want a clear IP-assignment / work-for-hire provision that says, in plain terms: all intellectual property created in this engagement is assigned to you, the client, on creation. Not on final payment, not on request — on creation. That one sentence is the difference between funding software and owning it. (Again: general guidance, not legal advice — have counsel draft and review the exact wording.)
Two more things to check while you're in the contract:
- Third-party and open-source components. Modern software is built on libraries. Make sure nothing your team brings in carries a license that restricts how you use, distribute, or sell your product. A good partner tracks this and can hand you the list.
- Repositories and accounts in your name. The code should live in your version control, on your cloud accounts, from the start — not in the vendor's, with you as a guest.
And here's the honest tell: a partner who builds to hand over has no reason to resist any of this. Assigning you the IP, working in your repos, listing the licenses — none of it costs them anything if their plan was always for you to own what you paid for. Resistance to a clean IP clause is one of the clearest red flags there is. Ask early, and watch the reaction.
Technology: Build on Things You Can Leave
Technical lock-in is prevented at the architecture stage, by choosing tools you could walk away from if you ever had to.
Favor open standards over proprietary ones. REST and HTTP for APIs, PostgreSQL for data, standard token-based authentication like JWT — these are common, well-understood, and supported everywhere. The practical benefit is simple: if you ever need to bring in a new team, you can find people who know these tools tomorrow. A proprietary framework that only your current vendor understands does the opposite — it quietly makes them irreplaceable.
Understand the low-code / no-code trade-off. Platforms like Bubble, OutSystems, and the like are genuinely fast to start with, and for the right use case they're a smart choice. But be clear-eyed about what you're getting: on most of them, you own a configuration inside someone else's system, not source code you can take elsewhere. If the platform raises its prices, changes its terms, or shuts down, your options are limited and migration can mean rebuilding from scratch. That's a fine trade when speed matters most and the platform fits — just make the trade knowingly, not by accident, and know what leaving would cost.
Confirm data portability up front. Ask directly: can I export everything — my data, in a usable, standard format — anytime I want? If the answer is anything other than a clean yes, you're partly locked in already. Your data is yours; the ability to take it with you is non-negotiable.
This is also why we're stack-agnostic. We pick the right tool for your problem, not the one that happens to tie you to us. The right tool is, almost always, one you could keep without us.
Operations: Documentation and Roadmap Ownership
The last kind of lock-in is the quietest, because the code works — right up until the day you need someone other than the original team to touch it.
Documentation is the antidote to people-dependency. Code should be written and documented so any competent developer can pick it up — clean structure, a real README, sensible tests, containerized setup. We won't re-list the full code-side checklist here, because our sibling post already does: is your agency's code handoff-ready? walks through exactly what to look for. Read it alongside this one — that post is how you check the code, this post is how you structure the relationship around it.
Roadmap ownership is the angle almost nobody talks about. You decide what gets built next — not the vendor. A good partner advises, pushes back, and brings options to the table; but the direction is yours. Watch for the subtle inversion where a vendor's preferences quietly become your roadmap because they're the only ones who understand the system well enough to weigh in. That's operational lock-in wearing a friendly face. The cure is the documentation above plus an explicit understanding: they advise, you decide.
And "built to hand over" cuts all the way through. It means that if you ever wanted to bring the product fully in-house, a good partner would help you do it — not stonewall. That isn't a threat to a healthy partnership; it's a feature of one. The freedom to leave is exactly what makes staying a real choice instead of a trap.
When Lock-In Is Engineered on Purpose
Let's name the uncomfortable version honestly. Not all lock-in is accidental. Some of it is designed: proprietary frameworks chosen specifically because they're hard to leave, code left deliberately undocumented, an offboarding plan that doesn't exist because there was never meant to be one. When dependency is the business model, every protection above gets quiet resistance.
We won't tell you that's how everyone operates — it isn't, and we don't talk about other teams that way. We'll just tell you how we think about it, and why.
We built Formester, our own SaaS product. Owning something end to end — the code, the data, the roadmap, the consequences — taught us what real ownership feels like, and how much it matters to actually hold it. That's why we build your product to be owned by you. Clean code, full documentation, your repos, your IP, zero lock-in. Not because a clause forces us to, but because we know what it's like to want to own the thing you've poured yourself into.
Your Day-One Anti-Lock-In Checklist
Bring this to the kickoff, not the breakup:
- IP-assignment clause signed — all IP assigned to you on creation. (Counsel reviews it.)
- Open standards chosen — REST, PostgreSQL, standard auth; tools you could find help for tomorrow.
- Data export confirmed — everything exportable in a usable format, anytime.
- Documentation from day one — not promised "at the end." (See the handoff-ready checklist.)
- Roadmap owned by you — they advise, you decide.
- Code in your repos and accounts — yours from the first commit, not the vendor's.
Six lines. Run them before you sign, and most of the lock-in horror stories simply can't happen to you.
Avoiding Lock-In and Choosing a Partner Who Stays Are the Same Value
Here's the thing that ties this whole post to its sibling. A partner who builds for your freedom — who hands you the IP, documents everything, and leaves the door open — is the same kind of partner who stays. Not because you're locked in, but because the work is honest and worth keeping. Lock-in-free and long-term aren't opposites. They're two expressions of the same priority: your success over their leverage.
If you're choosing a team for a long build, read the companion to this post: how to choose an engineering partner who'll still be here in two years. The partner who'll let you leave freely is, more often than not, the one you'll never want to.
Want a Partner Who Builds for Your Independence?
Your code, your repos, your roadmap — from day one. Ask us how we structure ownership and handover, with no commitment. If you ever want to bring it in-house, we'll help you do that too. That's what "built to hand over" actually means.
Talk to us, or see how we approach full project delivery and ongoing maintenance without lock-in.
This article is general guidance, not legal advice. Have qualified counsel review any contract — particularly IP-assignment clauses — before signing.
Related reading: Is Your Agency's Code Handoff-Ready? | How to Choose an Engineering Partner Who'll Still Be Here in 2 Years | Why We Built Formester
Get practical engineering insights
Real lessons from building products - ours and our clients'. No spam. Monthly.
Have a project in mind?
We'd love to hear what you're building. Let's talk about how we can help.
Let's Talk
