Every Magento agency engagement ends eventually. The retainer expires, the strategic direction shifts, the agency restructures, or the relationship simply runs its course. The cost of that ending is determined almost entirely by clauses signed at the beginning, and most of those clauses are missing from the standard agency MSA. Tightening up exit terms before the first invoice arrives is the cheapest insurance policy in commerce procurement, and it is the work that pays back most reliably when a transition arrives sooner than expected.
This guide is written for engineering leaders, procurement, and in-house counsel at mid-market and enterprise eCommerce operators. It assumes you are signing a Master Services Agreement and Statement of Work with a Magento or Adobe Commerce agency in 2026, and you want to leave the engagement on your own timeline without a fire sale on knowledge, credentials, or code. Bemeir reviews these clauses regularly because most of the rescue projects we onboard arrive with the previous agency’s contract attached, and the gaps are remarkably consistent.
Code Ownership: Insist on Work-for-Hire
The most expensive ambiguity in an agency contract is who owns the code. The default position in most MSAs gives the agency ownership of “tools, methodologies, and underlying frameworks” while transferring ownership of “deliverables” to the client. That sounds reasonable until you discover that the agency considers the integration layer, the deployment pipeline, the configuration patterns, and the custom modules to be “underlying frameworks.” You end up owning the surface and licensing back the substance.
The fix is direct contract language: all code, configuration, infrastructure-as-code definitions, deployment scripts, custom modules, and documentation written during the engagement transfer to the client as work-for-hire on creation. The agency may retain a license to use generalized methodologies in future engagements, but no specific artifact stays with them. Reference language is published in the American Bar Association’s IP transactions templates if your counsel wants a starting point.
Credentials Custody from Day One
The second most expensive ambiguity is credentials. Agencies routinely create AWS accounts, Cloudflare zones, Adobe Commerce admin users, GitHub organizations, third-party SaaS subscriptions, and DNS records on behalf of clients, and the access lives with the agency until and unless the client asks for it back. When the relationship sours, the recovery of those credentials becomes a hostage negotiation.
The MSA should require that all production credentials be issued in the client’s name, under the client’s billing, with the client as primary administrator. Agency access is provisioned to client-controlled accounts via federated SSO or IAM roles that the client can revoke unilaterally. No agency-owned SaaS subscriptions. No agency-owned domain registrations. No agency-owned AWS root accounts. The pattern is well-documented in AWS multi-account governance whitepapers, which your security team will already know.
Knowledge Transfer Obligations
The third largest exit cost is the loss of institutional knowledge. After two years of engagement, the agency knows the codebase better than anyone on your team. When they leave, that knowledge leaves with them unless the contract specifically requires its capture.
The MSA should include a continuous knowledge transfer obligation: documentation of architecture, integrations, runbooks, deployment procedures, and known issues must be maintained in client-owned systems (Confluence, Notion, GitHub wikis) and updated within seven days of any material change. The contract should also require a thirty-day post-termination handover during which agency engineers are available for documented handoff conversations, billed at the rate in effect during the contract.
Bemeir’s standard onboarding includes a documentation audit so that even before exit planning becomes relevant, the knowledge baseline is in client hands. Read about how this fits into broader engagement structure in Bemeir’s Magento development service overview.
Termination for Convenience
Most agency MSAs include termination for cause, which requires the client to prove material breach. This is almost always inadequate. Reasonable cause clauses are useful, but they do not cover the more common case, the relationship is fine, but the client wants to bring work in-house, or move platforms, or reduce spend.
The MSA should include termination for convenience with a thirty-day notice period and no early-termination fee beyond payment for work in progress. Agencies will sometimes ask for ninety days. Sixty is a fair compromise for retainer engagements. Anything beyond ninety is a lock-in clause dressed up as a notice period.
| Clause type | Default agency MSA | Recommended client position |
|---|---|---|
| Code ownership | Agency retains “frameworks” | All deliverables work-for-hire to client |
| Credentials | Agency-owned, transferred on request | Client-owned from day one |
| Documentation | Best-efforts | Continuous, contractually required |
| Termination for cause | Material breach, lengthy cure period | Material breach, 30-day cure |
| Termination for convenience | Often absent or 90+ days | 30-60 days, no early-termination fee |
| Post-termination support | None or hourly | 30-day handover at engagement rate |
| Source code escrow | Rarely included | Required for modules not in client repo |
| Non-solicit on agency staff | Often mutual, broad | Narrow, time-limited, named individuals |
Source Code Escrow for Anything Not in Your Repo
If the agency hosts any code that is not committed to a client-owned Git repository, the contract must require source code escrow with a neutral third party. This includes private agency tooling that touches your stack, build scripts hosted in agency CI, and any “framework” code the agency claims as their own but that your production depends on. Escrow services like Iron Mountain and EscrowTech handle this routinely.
The trigger conditions should include agency insolvency, contract termination, and material failure to perform. The client pays a small annual fee and gains a real safety net.
Data Portability and Export Rights
The data inside your Magento store is yours by default, but the data inside agency-managed adjacent systems (analytics, A/B test platforms, customer data platforms, marketing automation) often lives in agency accounts. The MSA should require that all data generated about your business or customers during the engagement is exportable on demand in a documented format, and that the export will be delivered within fourteen days of any request.
The same clause should specify what happens to data after termination. The default should be export and secure deletion, with deletion certified in writing.
Non-Solicit, Narrowed
Most agency contracts include a mutual non-solicit clause that prevents the client from hiring agency staff for a period after the engagement. Some of this is reasonable. A blanket twenty-four-month non-solicit covering the agency’s entire global workforce is not. Narrow the clause to the specific named individuals who worked on your project, for a period of twelve months, with an exception for any agency employee who has been continuously assigned to your engagement for more than six months, that person should be hirable directly if you want to bring them in-house.
The non-solicit should also be mutual: the agency cannot hire your eCommerce engineers either. Many agency MSAs leave that direction silent.
What About the Statement of Work?
The SOW lives below the MSA and covers the specific engagement. The MSA holds the architectural clauses; the SOW should include the project-specific equivalents: who owns what artifacts, what documentation deliverables are due, and what acceptance criteria signal completion. The clauses above belong in the MSA so that they survive across SOW changes.
Bemeir’s contracting practice keeps the MSA stable for years while SOWs cycle every quarter, which is the right rhythm for most retainer relationships. For a sense of how this plays out in production engagements, see how the firm structures longer-term Adobe Commerce partnerships. The same patterns apply on the Shopify Plus side and the Hyvä migration practice, where exit clauses around theme code and migration artifacts deserve the same attention.
The Conversation Up Front
Negotiating exit terms at the start of a relationship feels awkward. Bring it up directly. A serious agency will respect the conversation and will often have language already drafted because their better clients have asked. An agency that resists, deflects, or treats the conversation as evidence of bad faith is telling you something important about how the relationship will go when stress arrives later. The exit clauses you sign before the engagement starts are the only ones you will ever get to negotiate from a position of leverage. Use that leverage.
