Can an offshore dev agency steal your code?

13 August 2023 ยท Updated 13 August 2023
Question

hey Vadim, I'm a CTO at a newly created startup and we're looking to outsource development to an offshore dev agency. I understand the importance of the intellectual property. It's my first time working with an offshore outsourcing company, and I have some concerns about the security of our code, and who owns what. Specifically, I'm worried about the potential risk of our code being stolen or misused. Possible a clone being released? How real is this risk when working with offshore agencies? What measures can we take to protect our code and intellectual property?

Answer

Congrats on becoming a CTO and on immediately thinking of dipping your toes into the world of offshore development agencies. Smart move. And, like any savvy entrepreneur, you’re wondering, “Can these guys run off with my code?” Well, let me tell you, it’s a valid concern. To summarize it’s a yes and no.

Picture this: You’ve hired an offshore agency to build your app. You’re a bit behind on payment, or maybe you’ve had a disagreement. Next thing you know, they’ve taken your code and are making a quick buck off it. Maybe they’ve found another founder who needs a similar app, and they deliver it in record time, pocketing the full payment. Or perhaps they’ve offered it to another founder in exchange for a slice of equity. Sounds like a plot twist from a tech thriller, right? But it’s a reality in the wild world of offshore development.

Why is this possible? Because the intellectual property laws state that the IP is with the ones who produce, not the ones who pays. So the IP needs to be transferred by the company/contractors who produce to the ones who pay. Most of the standard contracts with offshore agencies say that the code belongs to them. There’s usually addendums created that say that the IP for a specific feature is transferred to the buyer after the payment is made in full or the collaboration is finished.

Now, don’t get me wrong. Not all offshore agencies are lurking in the shadows, ready to snatch your code. But the risk is real, and it’s a risk you need to manage.

So, how do you protect yourself? First, get everything in writing. Make sure you have a contract that clearly states that you own the intellectual property (after each payment of invoices). And I mean crystal clear clauses with no room for “interpretation.”

But a contract is only as good as its enforceability. If your agency is halfway across the globe in a country you can’t even find on a map, enforcing that contract might be a challenge. But don’t let that deter you.

To avoid the issue of them being on the other side of the globe โ€” find a local offshore partner in your own jurisdiction so you get all the benefits of strong IP protection. (If something happens, you can sue this partner in your local jursdication)

This local partner should have a legal entity (preferably a fully-owned subsidiary) in the country where you want to offshore. This subsidiary provides development services to the local offshore partner โ€” what this means is there’s a back-to-back agreements with their offshore entity and individual team members. This means you enforce contracts with the local partner, they enforce contract with the subsidiary and the subsidiary enforces contracts with their employees. It’s like a safety net for your code.

You only have to worry about the contract with the local partners.

So, while the world of offshore development might seem like a lawless frontier, remember that with the right precautions, you can stake your claim and protect what’s yours.




Hot! The last couple of years I've been writing about CTO / Tech lead job. I've compiled all my knowledge into a printable PDF. I called it "196 Pages of No Bullshit Guide for CTOs". So if you're interested, take a look.

New! If you're a software engineer looking for a job, I started a Roast my Resume service, where I record a personalized video of me "roasting" your CV, which basically means taking a hard look at your resume as a CTO and commenting on all the good and the bad parts.