Vendor checklist
Before you build your platform: 12 questions so you don't get burned
Twelve questions to ask the dev shop you're about to hire. Check the ones they can answer, and see where you stand.
You're building the platform your community actually needs, maybe for the first time, maybe after a first attempt you would rather forget. Either way the horror story is the same: a cheap shop, a great demo, and six months later half a platform and a developer who stopped replying. These are the twelve questions that catch it early. Check off the ones your shop can answer, and see where you stand.
Score the dev shop you're hiring
Each row is one concern. Tick the ones they can answer well; your score is how many of the twelve they cover. The blank ones are where to dig in before you sign.
Why it matters
If members or patients touch the platform, this is the whole ballgame. Most generalist shops cannot or will not sign a Business Associate Agreement. "We'll make it secure" with no BAA means they have never shipped under HIPAA.
Why it matters
Cheap shops sell you a senior architect in the pitch and hand the build to whoever is free. Ask to meet the people on the keyboard. If you never get to, that is your answer.
Why it matters
The point of building your own is to stop renting someone else's. Do not walk into a new cage. The repository should be yours, the cloud accounts in your name, the whole thing portable.
Why it matters
A healthy build keeps running and can be handed to another team. A trap breaks, or holds your data hostage. Ask them to describe the handover before you need it.
Why it matters
"Move fast and break things" is fine for a landing page, not for member data and payments. You want code review, release approvals, and an audit trail you can show later.
Why it matters
One coherent platform is the whole reason to build instead of rent. If the answer is a pile of plugins wired with duct tape, you are paying custom prices for the same fragmented mess.
Why it matters
A suspiciously low fixed bid is a shop that will cut corners the moment it goes underwater, usually on the boring, important parts. Transparent time and materials, or honest change handling, ages better than a cheap number.
Why it matters
A team that knows what it is doing can put a working prototype in front of you fast. "We need three months and full payment before we show you anything" is a warning, not a process.
Why it matters
"AI-powered" on a deck is not AI a real member or provider will use. Ask to see it run on messy, real-world input, with a human able to catch it when it is wrong.
Why it matters
Offshore time zones and faceless ticket queues go quiet exactly when it matters. You want a named person who owns the outcome, not a support address.
Why it matters
The off-the-shelf tools cap you on purpose. A custom build should not. "It'll be fine" is not an architecture. Ask how it scales and listen for specifics.
Why it matters
Anyone can show you logos. Few can walk you through a real, running product they built and own the result of. If they can only talk in case-study adjectives, keep looking.
0 to 5 covered
Slow down. This is the profile of a build that goes sideways. Before you sign anything, get clear answers, or talk to someone who has already shipped this kind of platform.
Scope your AI prototype on a 30-minute callHire the shop that answers all twelve
The shops that burn you are the ones that go quiet on these twelve. The ones worth hiring answer all of them without flinching, because they have already lived each one.
We built exactly this kind of platform for a functional-medicine academy: HIPAA-aligned, AI inside, members and practitioners in one place. We run a two-week prototype sprint so you can watch us answer half this list before you commit a real budget.