Web App Development Checklist for Startup Founders
Most non-technical founders hand money to a developer or agency and hope for the best. That is understandable, you do not know what you do not know. But there are twelve specific questions that separate a smooth, successful engagement from a painful, expensive one.
This checklist is based on what we see go wrong when founders come to us after a bad experience with another developer. Use it before you sign anything.
Is the scope fixed before any money changes hands?
A vague brief leads to scope creep, missed expectations, and budget overruns. Before you pay anything, you should have a written specification of exactly what will be built, every screen, every user flow, every integration. If an agency resists putting the scope in writing, that is a red flag.
Is the pricing fixed or hourly?
Hourly billing puts all the risk on you. If development takes longer than estimated, which it almost always does, you pay more. Fixed-price projects give you budget certainty. Always push for fixed pricing on a defined scope.
Who owns the code?
You should own 100% of the code, repositories, and infrastructure from day one. Some agencies retain ownership until the final invoice is paid, or use proprietary frameworks that create lock-in. Check the contract.
Who owns the hosting and infrastructure accounts?
Your Firebase project, Vercel account, domain, and any other infrastructure should be in accounts you own. Avoid setups where the agency holds the keys to your production environment.
Will you get access to the repository during development?
You should have read access to the codebase throughout the project, not just at the end. This lets you (or a technical advisor) review progress and ensures you are not locked out if the relationship ends.
How are Stripe and payments handled?
If your app takes payments, ask specifically how Stripe is integrated. Webhook handling, idempotency, and database synchronisation are often poorly implemented. Ask if they have done this before and request an example.
How is authentication implemented?
Auth is a security-critical feature. Rolling your own authentication is almost always a mistake. Confirm that they are using a reputable auth provider (Firebase Auth, NextAuth, Clerk, etc.) and that role-based access control is properly implemented.
What does the testing process look like?
Ask how they test before handing over. At minimum, critical flows (auth, payments, core user journeys) should be manually tested. For payment integrations, confirm they test in Stripe test mode with all relevant scenarios (successful payment, card declined, subscription cancelled).
Where will the app be deployed?
Know your deployment stack before you start. For most web apps, Vercel (for Next.js) or Firebase Hosting are good choices. Avoid bespoke server setups that you do not understand, they create maintenance headaches and security risk.
What is the handover process?
A good agency handover includes: access to all repositories and accounts, documentation of the architecture and key decisions, credentials for all services, and a walkthrough session. Confirm this is included.
What support is available after launch?
Bugs happen in production. Confirm what support is available post-launch, is there a warranty period? How quickly will critical bugs be fixed? Is ongoing maintenance available and at what cost?
Have they built something similar before?
Ask to see a relevant case study or live example. If you need Stripe subscriptions built, ask if they have done it before. If they have not, that does not disqualify them, but they should be transparent about it.
How Vamp Creatives handles these
For what it is worth, here is how we answer this checklist ourselves:
- We write a detailed scope document before any work begins, and it is part of the contract.
- We price by project, not by the hour.
- You own all code, repositories, and infrastructure from day one.
- All hosting accounts are in your name, we never hold the keys to your production environment.
- You have access to the repository throughout the project.
- We have built production Stripe integrations with subscriptions, webhooks, and customer portal.
- We use Firebase Auth for authentication on all Firebase projects.
- We test all critical flows manually and against Stripe test mode before handover.
- We deploy to Vercel or Firebase Hosting, well-documented, easy to hand over.
- Handover includes all credentials, a documented architecture, and a walkthrough session.
- We include a 30 day bug fix warranty after launch.
- Check our work section for case studies.
Looking for a developer you can trust?
Book a free discovery call and see how we work before committing to anything.
Book a Free Call