Most agency contracts are written by the agency’s lawyer for the agency’s protection. That doesn’t make them malicious — it makes them asymmetric. Here are seven specific clauses we’ve seen burn small businesses repeatedly. Catch them before you sign, not after.
Red flag #1: IP ownership transfers on final payment
Look for clauses like “intellectual property ownership of all deliverables vests in Client upon final invoice payment in full.” That phrase sounds reasonable. Read it twice.
What it means: if there’s any payment dispute at the end of the project — legitimate or not — the agency owns your website, your brand assets, your code, and your domain configurations. They can take it down. They can charge for ongoing access. They can refuse to release admin credentials until the dispute is resolved.
What to demand instead:IP ownership vests upon delivery, not upon final payment. Final payment is a separate enforceable obligation, but it shouldn’t hold your business assets hostage.
Red flag #2: Scope creep without dollar definition
“Out-of-scope changes will be billed at standard hourly rates” — with no definition of “standard hourly rates” in the contract.
What it means: anything you ask for that isn’t spelled out as in-scope (and most things aren’t spelled out) is open-ended billable work. We’ve seen agencies charge $250/hour for “design” and $400/hour for “development” under exactly this clause — rates the client only discovered on the first invoice.
What to demand instead:the hourly rate written into the contract, and a defined change-order process (e.g., “any out-of-scope work over 4 hours requires a signed change order before work begins”). No surprise invoices.
Red flag #3: Hosting / domain lock-in
Watch for clauses that route hosting through the agency’s account, register the domain in the agency’s name, or require the agency’s SSL certificate. The pattern is sometimes framed as “included managed hosting.”
What it means: when you want to leave the agency, you can’t take your site with you cleanly. The migration process becomes a paid engagement with the agency — the same agency you’re leaving.
What to demand instead: hosting in youraccount (Cloudflare, AWS, Vercel, whatever the agency recommends — just registered to you). Domain registered in your name. All credentials handed to you at engagement start.
Red flag #4: Consultation / response-time caps
“The Agency will respond to Client inquiries within 5 business days” or “Client is entitled to up to 2 hours of consultation per month, with additional hours billed at standard rates.”
What it means: the contract sets a low bar for responsiveness, which becomes the actual experience. When your ad campaign is bleeding budget and you need eyes on it Monday, “5 business days” means you’re on your own until Friday.
What to demand instead:for high-touch services (PPC, SEO mid-launch), 24-business-hour response on urgent matters. For everything else, 48-72 hours. Consultation time should be uncapped within reason; if you’re calling daily for two hours that’s a different conversation, but a normal monthly check-in shouldn’t be metered.
Red flag #5: Auto-renewing annual contracts with short notice windows
“This Agreement shall automatically renew for successive 12-month terms unless either party provides written notice of non-renewal at least 60 days prior to the renewal date.”
What it means: you must remember to send a cancellation notice 60 days before your contract renews. Miss the window by a day — or write to an email that bounced — and you’re locked in for another year. We’ve seen clients pay 18 months on contracts they thought they’d cancelled, because they sent the notice to a contact who’d left the agency.
What to demand instead:either no auto-renewal (monthly billing after the initial term, cancellable with 30 days notice), or auto-renewal with the cancellation notice required to be acknowledged in writing by the agency. The acknowledgement requirement protects you from “we never got your email.”
Red flag #6: Exit-fee “data migration” charges
Look for sections about what happens when the engagement ends. Common pattern: “Upon termination, Client may request export of Client data and assets, which will be provided within 30 days, subject to a Data Migration Service Fee of $X.”
What it means: leaving costs money. Not just the friction of finding a new vendor — a literal exit fee, sometimes in the low five figures.
What to demand instead:all client data and assets exportable at any time, at no charge, in standard formats. The Data Migration Service Fee is acceptable ONLY if it’s scoped to genuinely complex migrations (e.g., moving a complex CMS to a different platform) — not for handing over a tarball of files you already own.
Red flag #7: Non-disparagement clauses
“Client agrees not to make any public statements that disparage the Agency, its services, or its personnel.”
What it means: if the engagement goes badly, you can’t write a negative review, you can’t warn other businesses, you can’t even share your honest experience on LinkedIn. Sometimes the clause has teeth (liquidated damages); sometimes it doesn’t (just a chilling effect). Either way, it tells you something about the agency’s relationship with feedback.
What to demand instead: either strike the clause entirely, or limit it to verifiably false statements (which is already covered by defamation law). Truthful reviews of your experience should never be contractually forbidden.
How to negotiate these out
Most agencies expect some pushback on their boilerplate. The clauses above are usually written to be the agency’s opening position, not their final one. Email the contract back with these specific edits, citing the reasoning. Three things will happen:
- Good agencies accept most of the edits.They’ve seen these requests before. Their default contract is permissive because some clients don’t push back; when you do push back, they comply.
- Mediocre agencies push back on 2-3 items.Usually the IP-on-payment and auto-renewal clauses. Decide if you’re willing to accept those if the rest gets cleaned up.
- Bad agencies refuse all edits.They tell you their contract is “standard” and “non-negotiable.” That answer is the most useful signal you can get. Walk.
The honest closing
Our contract has none of the above clauses, because we’re writing this article and it would be embarrassing if we did. But that’s not the point. The point is that every contract you sign — with any agency, including us — should be read twice for exactly the patterns above. Lawyers write for their own client’s protection. You’re not their client until you sign.
If you want to compare our actual contract structure against the seven patterns above, ask us. We’ll send a sample MSA, redacted of client names. It’s easier to evaluate our claims when you can see the documents.