MVP Handoff: What to Expect When Receiving Your Product

Your MVP is done. But what exactly should you receive? Here's the handoff checklist to protect yourself.

Code and Repository Access

• •Full source code ownership (you own it, not them)
• •GitHub/GitLab repository transferred to your account
• •Complete commit history
• •All branches including development/staging
• •No proprietary dependencies you can't access

Infrastructure Access

• •Hosting platform admin access (Vercel, AWS, etc.)
• •Database credentials and admin access
• •Domain registrar access
• •All third-party service accounts (Stripe, email, etc.)
• •SSL certificates and DNS records documented

Documentation

• •README with setup instructions
• •Environment variables list with descriptions
• •Deployment process documented
• •Database schema or ERD
• •API documentation if applicable
• •Admin panel guide

Credentials and Secrets

• •All API keys with descriptions
• •Admin login credentials
• •Password manager handoff or secure transfer
• •List of all services that need keys rotated

Red Flags at Handoff

• •"You don't need repository access"—you absolutely do
• •Services under their personal accounts
• •No documentation at all
• •Secrets shared over email or Slack DMs
• •Missing environment variables with no explanation

Post-Handoff Tasks

• •Change all passwords they had access to
• •Rotate API keys (especially payment providers)
• •Remove their access from all platforms
• •Verify you can deploy independently
• •Test the full user flow end-to-end