After hundreds of project intakes, the same warning signs appear in vendors who later cause problems. This guide catalogues 15 specific red flags when hiring a web developer that German SMEs and GmbH founders should treat as walk-away signals — with real-world examples of what each one usually predicts.
Use this list before signing any contract. Two or more red flags is usually enough to choose a different vendor.
Red Flag 1: No Verifiable Portfolio
If a vendor can’t show you three live websites they’ve built recently — that you can visit, click around, and inspect — they probably haven’t shipped real production work.
“NDA prevents us showing recent work” can be legitimate occasionally, but if every project is under NDA, that’s a manufactured excuse.
Red Flag 2: No References From Comparable Clients
Asking for references is standard. Vendors who can’t or won’t provide them — especially from clients at similar company size or industry — usually have past clients who wouldn’t speak well of them.
Push for a specific name and contact. “References available on request” without actually providing them is a red flag in itself.
Red Flag 3: Generic, Templated Proposal
You send a detailed brief. The proposal comes back with no specific references to your company, your goals, or your scope. It’s a generic deck with your logo on the cover page.
What this predicts: a generic delivery process where you’ll have to repeat information multiple times and the team doesn’t internalise your project.
Red Flag 4: No Discovery Phase
The proposal jumps straight from “we’ll redesign your site” to a fixed price and timeline, with no upfront discovery or scoping work.
What this predicts: 6+ weeks in, you’ll discover scope gaps that result in change requests and invoice surprises. Skipping discovery is the most expensive way to “save” money.
Red Flag 5: Heavily Front-Loaded Payment
50% or more demanded upfront before work begins. Reasonable structure: 30% kickoff, 30% milestone 1, 30% milestone 2, 10% on final acceptance.
What 50%+ upfront often predicts: a vendor with cash flow problems who needs your deposit to fund other work — and may struggle to complete yours.
Red Flag 6: No Explicit IP Transfer Clause
The contract is silent on who owns the source code, design files, and copy after payment.
What this predicts: when you want to switch agencies or maintain the site in-house later, you’ll discover the vendor “still owns” the work and demands additional fees to release it. Devastating if you’re already 12 months in.
Red Flag 7: Source Code Stored on the Vendor’s GitHub
The codebase lives in the agency’s GitHub organisation. Your team has read access at best, no admin rights.
What this predicts: vendor lock-in. If you want to leave, you have to negotiate handover terms separately. The right setup: code lives in your GitHub from day one, vendor has contributor access only.
Red Flag 8: No AVV (DPA) Offered or Signed
You’re a German GmbH and the vendor doesn’t proactively offer to sign an Auftragsverarbeitungsvertrag (Data Processing Agreement). They’ve never heard of AVV, or treat it as an extra request.
What this predicts: GDPR / DSGVO compliance was never going to be part of their default delivery. You’re carrying the legal risk.
Red Flag 9: Quote Significantly Below Market
You requested a €25,000 corporate website redesign. One vendor quotes €4,000. You assume you’ve found a bargain.
What this predicts: either gross scope misunderstanding (they’ll discover the real scope and send change requests), or junior team using a template, or — worst case — a vendor who quotes low to win and then disappears.
For honest cost ranges, see our Web Development Cost Germany 2026 breakdown.
Red Flag 10: Aggressive Sales Pressure With Artificial Deadlines
“This quote expires Friday.” “We only have one slot left this quarter.” “If you don’t sign today, the price goes up 20%.”
What this predicts: a vendor whose sales process feels like a used-car negotiation. The actual project will likely have similar dynamics — manufactured urgency, scope pushback, surprise invoices.
Red Flag 11: No Named Senior Person Owning Your Project
The proposal lists “team” but doesn’t name who specifically will own delivery. Sales is the same person who signed the proposal; you’ve never met the developer who’ll write the code.
What this predicts: a junior team running your project with rotating account management. The senior names in the proposal are sales material, not your actual delivery team.
Red Flag 12: No Mention of GDPR / DSGVO / TTDSG in the Proposal
For a German SME project, the proposal should mention German compliance specifics — cookie consent, AVV with hosting, self-hosted Google Fonts, accessibility (BFSG if applicable).
What no mention predicts: the vendor doesn’t have DACH-specific delivery patterns. You’ll either retrofit compliance painfully or carry Abmahnung risk.
Red Flag 13: Vague Timeline Without Milestones
“We’ll be done in 12 weeks” with no breakdown of what happens when. No milestone dates, no acceptance criteria per milestone, no payment tied to deliverables.
What this predicts: schedule slip that you can’t quantify or push back on. With no milestones, every week looks like “we’re making progress.”
Red Flag 14: No Post-Launch Support Plan
The proposal covers build but doesn’t address what happens after launch. No SLA, no hourly rate for fixes, no retainer option, no handover plan.
What this predicts: silence after launch when bugs surface, or surprise invoices for “out of scope” fixes that should be warranty work.
Red Flag 15: Won’t Show You a Sample Contract Before Engagement
You ask to see their standard contract template before signing. They claim “we’ll send it after you commit” or “it’s just a standard agreement.”
What this predicts: clauses you wouldn’t accept if you saw them in advance. The right vendor sends a contract template alongside the proposal.
How Many Red Flags Should Trigger a Walk Away?
A practical rule:
- 0–1 red flags: proceed with normal caution
- 2 red flags: request specific clarification on each, document responses
- 3+ red flags: walk away regardless of price or charm
The numbers aren’t arbitrary. A vendor with 3+ red flags isn’t an outlier; the pattern indicates how they operate. Saving €5,000 upfront is not worth a €30,000 mistake.
How to Spot These Red Flags Quickly
Use this checklist on every proposal:
- Did I get 3 live, recent portfolio links?
- Did I get 2 reference contacts I can actually call?
- Is the proposal specific to my brief, not templated?
- Is there a discovery phase before the build?
- Is upfront payment 30% or less?
- Is IP transfer clause explicit?
- Will the source code live in my GitHub?
- Is AVV / DPA offered proactively?
- Is pricing realistic vs market?
- Is sales communication calm and respectful?
- Is the senior delivery owner named?
- Are GDPR / TTDSG / BFSG addressed?
- Are milestones written with dates and acceptance criteria?
- Is post-launch support described in writing?
- Have they shared their contract template?
Score each proposal against this. Anything below 12 out of 15 is risky.
How Red Flags Predict Specific Failures
Each red flag predicts a specific downstream problem:
| Red flag | Common downstream failure |
|---|---|
| No portfolio | Junior team learning on your project |
| No references | Past clients who’d warn you away |
| Templated proposal | Generic delivery, repeated re-briefing |
| No discovery | Scope creep + change requests |
| 50%+ upfront | Cash flow issues; vendor may not finish |
| No IP transfer | Vendor lock-in at handover |
| Vendor’s GitHub | Difficult / expensive handover |
| No AVV | GDPR exposure on your side |
| Below-market price | Scope misunderstanding or quick disappearance |
| Aggressive sales | Aggressive scope/change pressure |
| No named senior | Junior team, rotating PMs |
| No DACH compliance | Abmahnung risk, retrofit cost |
| Vague timeline | Unprovable schedule slip |
| No post-launch plan | Silence or surprise invoices |
| Hidden contract | Unwanted clauses revealed too late |
How to Recover If You’ve Already Signed With a Red-Flag Vendor
If the project is in trouble:
- Secure access now. Get admin rights to Git, hosting, DNS, analytics today. Don’t wait.
- Document everything. Email the project status, scope agreed, deliverables expected. Create a paper trail.
- Request a written status update from the vendor. Asks them to commit on record.
- Get an independent code audit. A second vendor reviews what’s been built — usually 1–3 days of work.
- Decide whether to recover or switch. Switching mid-project costs 20–40% of remaining budget but is sometimes the right call.
Our How to Choose a Web Development Agency in Germany guide goes deeper on agency-side vetting and switching costs.
What “Green Flags” Look Like
The opposite signals worth looking for:
- Proposal specifically references your brief and asks clarifying questions
- 3+ verifiable live projects with comparable scope
- 2+ named reference contacts willing to chat
- Discovery phase included or proposed
- Reasonable payment milestones (30/30/30/10 or similar)
- Explicit IP transfer language in contract draft
- Code lives in your Git org
- AVV / DPA proactively offered
- Realistic pricing vs market
- Calm, consultative sales process
- Named senior owner with backup contact
- GDPR / TTDSG / BFSG mentioned in scope
- Milestones with dates and acceptance criteria
- Post-launch support model described
- Contract template shared upfront
A vendor with 14+ green flags is rare but exists. Pay slightly more for them.
Cost of Picking the Wrong Vendor
Real numbers from German SMEs who hired wrong:
- Scope creep + change requests: 30–80% over original budget
- Schedule slip: 50–200% over original timeline
- Mid-project switch cost: 20–40% of remaining budget
- Rebuild from scratch: sometimes the cheaper option
- GDPR fine exposure: up to €100,000 for BFSG, up to €20M for GDPR
The most expensive mistake isn’t paying for the right agency; it’s saving money on the wrong one.
Frequently Asked Questions About Red Flags When Hiring a Web Developer
No verifiable portfolio, no IP transfer clause, and 50%+ upfront payment are the top three.
Verify Impressum, USt-IdNr., Handelsregister, IHK membership, and client references.
No — standard is 30/30/30/10 milestone-based.
Document, secure access to all assets, get a second-opinion code audit, then decide recovery vs rebuild.
IP transfer clause, your own Git org (vendor contributor only), mutual NDA before sensitive briefing.
Both — German version is legally binding for GmbH contracts; have an IT-Recht lawyer review key clauses.
Senior names in the proposal but no senior introductions during sales calls.
Final Word on Red Flags When Hiring a Web Developer
Most failed German SME web projects share the same warning signs in retrospect. The 15 red flags above are a simple filter: spot 2+ in a vendor and you almost always save yourself a costly mistake by choosing a different one. Pay slightly more for green flags; it pays back 5–10x over the project life.
If you’d like a free 20-minute contract review on a proposal you’re evaluating, our team offers a no-pressure second opinion. You can book a meeting or browse our website development services for the broader approach.