
Burning it down on the way out – how can non-tech founders protect themselves? - throwawayCCCC
Hi all,<p>As the title suggest, I&#x27;m writing in hopes of assistance with solving a problem that many of us &quot;non-technical&quot; founders face -- a technical person has all the leverage to make a lot of crummy things happen to a business overnight.<p>People can put trust in their team members, but let&#x27;s face it -- shit happens, and when it does, it would be nice to know that the owners are going to stay the owners and the IP&#x2F;code stays with the company.<p>What should we do that doesn&#x27;t seem accusatory and scream &quot;the sky is falling&quot;?<p>SO... Non-Technical Founders: What are some techniques that you have used &#x2F; seen to help with this?<p>Technical Founders&#x2F;Tech people:<p>What are some things that you&#x27;ve thought to yourself &quot;These idiots don&#x27;t realize I can just X,Y,Z&quot; or &quot;If they were smart, they would&#x2F;wouldn&#x27;t have done X&quot;<p>What about legal things? Different tools&#x2F;software? Procedures?<p>I couldn&#x27;t find any information on this topic, so anything would be useful.
======
greenyoda
> shit happens, and when it does, it would be nice to know that the owners are
> going to stay the owners and the IP/code stays with the company

This is why we have contracts and lawyers. You shouldn't start up a company
without first having paperwork that clearly defines who owns the company, its
intellectual property and other assets. For example, who owns what percentage
of the shares, what is the corporate governance structure (who are the CEO,
officers and board), etc.

This applies even to a business partnership of two people.

------
laurentl
As other comments have pointed out, there’s not a lot you can do if the
technical person wants to bring the house down.

But there are other cases you should cover against, like the techie getting
run over by a bus. The first thing that comes to mind is to make sure you have
an admin account and/or a recovery procedure (a master password printed on a
piece of paper in a safe, access to the account’s email address to reset the
password, etc.) for _everything_.

Everything in this case is at the very least: AWS account (including the root
account to manage the bills), e-mail provider, Gsuite admin rights, whoever
you brought your domain names from, Dropbox, bank/PayPal/Stripe,
GitHub/BitBucket, your telco, the admin accounts on your corporate PCs, and
just about all the services you use on a daily basis. The email accounts and
DNS are IMO the most critical; you can retrieve a lot of stuff if you control
the e-mail or the domain name. BUT this assumes the accounts were set up with
a corporate email, which may not be the case if you’re a small company -
probably a personal e-mail was used to register the first services, which are
also the most crucial. And if the techie knows what she’s doing, she will have
enabled MFA, so e-mail alone probably won’t cut it.

Just ask yourself: if the tech person dropped off the face of the earth, what
would you be locked out of?

------
gtsteve
A model you might look at if you are a majority or 100% shareholder is to have
a separate AWS account that you control 100%. You can have write-only S3
buckets that another AWS account can post to. You should be able to do this
with other cloud systems as well. You can then use replication rules to copy
data from your production AWS account to this backup one.

Although I am the technical co-founder in this situation, I am protecting
myself against mistakes made by senior technical staff. It would also protect
to a measure against malicious action.

I certainly hope I never have a dispute with my business partner. If I did, I
would try to resolve it amicably and if necessary resort to the courts. At no
point would I even dream of cutting off my nose to spite my face by damaging
production systems for example or deleting code. That just gives the other
side ammunition at best and at worst the consequences can be very serious [0]

As others have noted, there is little you can do to stop a trusted director-
level partner or employee if a switch flips and they suddenly become evil.
Setting up a write-only backup system is about the best you can do... but if
you're non-technical who are you going to trust to do this?

[0]
[https://www.theregister.co.uk/2008/12/29/terry_childs_trial/](https://www.theregister.co.uk/2008/12/29/terry_childs_trial/)

------
muzani
There's not a lot one can do. It's sort of like preventing your bodyguards
from assassinating you. They know all your procedures, it's a matter of trust.
Even as a tech co-founder, it's difficult to control as it's easier to hide
back doors and time bombs as the code gets more complex.

There's a few measures you can take: 1\. Daily backups of code repositories,
on a computer you trust. 2\. Periodic backups of the production server. 3\.
Check your contract agreements on IP with a proper lawyer. IP is very
sensitive as a lot of techies also have side project.

But in general, trust your techies. People are reciprocal. If you start
putting in more safeguards, they start putting in their own. Don't isolate
them from meetings/clients, don't put too many levels of security, don't hire
people to "check up" on that guy, trust the intern.

Most engineers just want to build stuff. If you let them build stuff they will
be very happy and loyal.

------
rajacombinator
How about just don’t screw over your technical cofounder? Amazing how non
technical founders can’t resist trying to screw over the tech guys.

------
odmkSeijin
You have your principles backwards. Non-technical founders should not stay the
owners of a technology company if shit happens. The ownership should be
usurped by technically proficient people. It is called 'nerd's revenge'.

