How to vet a software development agency when you can't read the code.
You cannot judge the code, so judge the commitments. Vet a software agency by what they will put in writing: that you own the repository from day one, a fixed price instead of an open meter, who actually does the work, what happens after launch, and a written definition of "done." That is what this guide gives you, as eight questions and a red-flags table. The single best test is not a question at all. It is to start small with a paid audit you can walk away from, before you bet a full build on faith.
01 / Why this is hard when you're non-technical
The usual advice is to check their code, their stack, their GitHub. You cannot, and pretending otherwise is how non-technical founders get taken advantage of.
When you cannot read the work, you are left judging the salesperson. So the agency that wins is often the one that is best at sales, not the one that is best at building. The gap between what you can verify and what you are being sold is exactly where the worst outcomes live: the build that goes over budget and over timeline, the juniors quietly subbed in after a senior closed the deal, the founder who didn't even get the source code at the end because nobody told them ownership was a thing to ask for.
The fix is to stop competing on their turf. You will never out-judge a developer on code. But you can read a contract, a guarantee, and a reference. So vet the things you can actually check: the commitments, the ownership, the price structure, and the proof. A partner worth hiring makes those easy to verify, because being clear protects them as much as it protects you. The rest of this guide is how.
What to vet instead of code
- Who owns the repository and the IP, in writing, from day one.
- Whether the price is fixed or an open-ended meter.
- Who actually does the work, not who showed up to sell it.
- What "done" means, and what happens after launch.
02 / The eight questions to ask
Ask all eight. The answers matter, but how they are given matters more. Fast, plain, and in writing is a good sign. Vague, defensive, or "don't worry about that" is the tell.
Send them in an email if you want the answers in writing, which you do. A confident partner will not flinch at any of them.
- 01Non-negotiable
Do I own the repo and source code from day one?
The most common horror story is the founder who held my code hostage, or who didn't even get the source code when they paid in full. Ask plainly: is the repository in my account, assigned to me, from the first line of code? The answer should be an immediate yes, in the contract. Anything less means you are renting the thing you paid to own.
- 02Where overruns live
Is the price fixed, or am I billed by the hour?
Hourly billing puts every hour of their rework on your card, and the meter has no reason to stop. For a defined build, ask for a fixed price for a fixed scope. That moves the risk of overruns to the people who can actually control it. If they will only work hourly on clearly scoped work, ask why the risk has to sit with you.
- 03The bait and switch
Who actually does the work?
The senior who sold you the project is often not the person who builds it. Ask who writes the code, by name, and whether the work gets subcontracted out. The two patterns to name out loud are hidden juniors and subcontract roulette, where your build is quietly passed to whoever is cheap and free that week. The seller and the builder should be the same people.
- 04The day after
What happens after launch?
Plenty of founders get built and then ghosted the moment the invoice clears. Ask what support looks like after go-live, who fixes a bug found in week two, and what it costs. A partner who plans to stand behind the work answers this without hesitation, because they expect to still be there.
- 05Built in, not bolted on
Is it built secure and audit-ready?
Be wary of anyone who promises you will never be breached. Nobody can promise that. Ask the honest version instead: is it built secure by design, and would it survive a security review by someone else. Audit-ready is a real, checkable standard. "You're totally safe" is a sales line.
- 06Proof, not promises
Can I talk to a real reference?
Ask to speak to a past client, ideally one who is also non-technical, and ask them the question that matters: would you hire them again, and what went wrong. Every project has something that went wrong. A reference who can talk about it honestly is worth more than a wall of five-star logos.
- 07The finish line
What does "done" mean?
Without a written definition, "done" is whatever the agency says it is, and that is where disputes and surprise bills live. Ask for acceptance criteria you both sign before the build starts: the specific tests that, when they pass, mean the work is complete. If they cannot define done in writing, they cannot guarantee it.
- 08In writing, not in faith
What protects my idea and IP?
Ask for a mutual NDA and a contract that assigns all IP and the repository to you. The real risk is rarely that they steal your idea, since execution is what matters. The real risk is fuzzy ownership that bites you later. Good paperwork removes both, so the protection does not depend on trust.
Not sure how to scope the work these questions are about? Start with the guide to scoping software before hiring, or start a conversation.
03 / Red flags, and what good looks like
Most disasters announce themselves early. Here is what a warning sign is really telling you, and what a good partner does instead.
Read the right-hand column. Every one of these is something you can ask for and verify before you sign, no technical knowledge required.
| Warning sign | What it means | What good looks like |
|---|---|---|
| "We'll sort out ownership at the end." | You may not own the code you paid for. This is how founders get held hostage. | The repo is in your account, IP assigned to you, from day one and in the contract. |
| Hourly billing, no cap | Every hour of their inefficiency is on your card, and the meter never has to stop. | Fixed price for a fixed scope. No change orders, no hidden fees, no surprises. |
| The senior who sold vanishes after signing | Hidden juniors and subcontract roulette. Your build goes to whoever is cheap that week. | The person who scoped the work is the person who builds it. |
| No written definition of "done" | "Done" becomes whatever they say. This is where disputes and surprise bills start. | Signed acceptance criteria agreed up front, backed by a delivery guarantee. |
| "You'll never get breached." | A promise nobody can keep, used to skip the real security conversation. | Secure by design and audit-ready, described honestly without absolute promises. |
| Silence after launch | Built and ghosted. A bug in week two becomes your problem and your bill. | A clear plan for support and remediation after go-live, agreed before you start. |
| Reluctance to put it in a contract | Whatever they will not write down, they do not intend to be held to. | Price, deadline, scope, ownership, and "done" all in writing before work begins. |
04 / The one test that beats every question
You can ask all eight questions and still be guessing, because anyone can say the right words. The only real test is to watch how they actually work, on something small and reversible.
Most founders feel stuck between two bad options: hire a big agency you cannot vet and hope, or hire a cheap freelancer and hope harder. There is a fifth option, and it is not a leap of faith. Start with a small piece of paid work first. A short scoping audit is the cheapest, lowest-risk way to see exactly how a partner thinks, writes, communicates, and treats your ownership, before you commit a full build to them.
A paid audit is reversible by design. You pay for a defined, bounded piece of work and you get a real artifact back: a scoped brief, signed acceptance criteria, and a quantified ROI. If you do not like how they worked, you walk away with the brief and take it elsewhere. If you do, you already know how they operate. Either way, you never had to take the big bet on a stranger you could not vet.
Why starting small de-risks everything
- You see how they work before you commit, not after.
- You walk away with a usable scoped brief either way.
- The downside is capped at a few thousand dollars, not a full build.
- The right partner will offer this gladly, because it earns the bigger work.
That small first step is the software audit. Browse all services for the full ladder.
05 / How we answer each fear
Every question above maps to something we put in writing before you commit. Not because we are asking for trust, but because the whole point is that you should not have to give it.
Here is how the eight questions land against the way we work. Each one is a commitment you can read in a contract or a guarantee, not a promise you have to believe.
You own everything from day one
The repository, the code, the docs, the prompts, the deployment, and the IP are yours from the first line. Nobody holds your code hostage, because it was never theirs to hold.
Owned by you, day oneFixed price, fixed deadline
A build is a fixed scope at a fixed price with a fixed date. No change orders, no hidden fees, no surprises, and no open meter running against your uncertainty.
A price and a date in a dayThe seller is the builder
The senior who scopes your work is the senior who builds it. No hidden juniors, no subcontract roulette, and nobody who ghosts you once the invoice clears.
No bait and switch"Done" is signed, and guaranteed
Acceptance criteria are agreed in writing before we start, built secure by design and audit-ready, and backed by a delivery guarantee with free remediation if we miss.
Delivery guaranteeSee the guarantees in full, or take the reversible first step with the software audit.
06 / Common questions
The questions non-technical founders ask most about vetting and choosing a software development agency.
What questions should I ask a software development agency before hiring?
Ask the eight in this guide, in roughly this order: do I own the repo and source code from day one, is the price fixed or hourly, who actually writes the code, what happens after launch, is it built secure and audit-ready, can I talk to a real reference, what does "done" mean in writing, and what protects my idea and IP. The answers matter less than how they are given. A good partner answers fast, in plain words, and in writing. Anyone who gets vague, defensive, or pushes you past the questions is telling you something.
How do I vet a development agency when I am not technical?
Stop trying to judge the code and judge the commitments instead. You can read a contract, a guarantee, and a reference even if you cannot read a codebase. Check whether they will put ownership, a fixed price, signed acceptance criteria, and a definition of "done" in writing. Then verify it cheaply: start with a small paid audit before you commit to a full build. A senior partner will write the scope down with you and prove how they work on something small and reversible, so you never have to take the big bet on faith.
What are the biggest red flags when choosing a software agency?
The ones that cost founders the most: hourly billing with no cap, no clear answer on who owns the code, the senior who sold you vanishing once juniors take over, no written definition of "done," silence after launch, and reluctance to put anything in a contract. Each one shifts risk onto you. The pattern behind all of them is the same: vagueness that can be priced and scoped in the agency's favor later. A partner who is confident in their work removes that vagueness up front, because it protects them too.
Will an agency steal my idea if I tell them about it?
Almost never, and you can remove the worry entirely with paperwork. Ideas are cheap and execution is what matters, so a working agency has no interest in running your business instead of building it. Still, ask for a mutual NDA, and make sure the contract assigns all IP and the repository to you from the first line of code. That way the protection does not depend on trust. It is written down. If an agency resists a basic NDA or wants to keep ownership of what you paid for, that itself is your answer.
Is a fixed price or hourly better when hiring an agency?
For a defined first build, fixed price protects you and hourly protects them. Hourly billing means every hour of their inefficiency or rework is on your card, and the meter has no reason to stop. A fixed price for a scoped piece of work moves that risk to the people who can actually control it. The honest version requires real scoping up front, which is why a short paid audit comes first. If an agency will only work hourly on a clearly scoped build, ask why the risk has to sit with you.
How does Ego Eimi answer these questions?
In writing, before you commit. You own the repository, the code, the docs, and the IP from day one. Builds are fixed scope, fixed price, and a fixed deadline, with no change orders or hidden fees. The senior who scopes your work is the senior who builds it, so there is no hidden-junior swap. "Done" is signed acceptance criteria agreed up front and backed by a delivery guarantee with free remediation. And you do not take any of it on faith. You start with a paid audit, credited toward the build for pre-screened fits and backed by a value guarantee.
Want a second pair of eyes before you sign with anyone? Start a conversation and we reply within a day, or start with the software audit.
Last updated June 2026 · Talk with Felipe
Your build
Taking on new builds
Have something in mind?
Tell us what you're making. We reply within a day with a fixed price and a date.