Retainer = recurring monthly payment for maintenance + evolution of a production system. Typical rate: €200-2000/month depending on scale. The first retainer often gets signed on instinct — "looks like a standard agreement". These 12 points pick the ones that most often hurt afterwards.
Each point corresponds to a real-life problem we have seen clients fight. Walk through them with the vendor before signing.
01 · What exactly the retainer covers
Most common dispute after 3 months: client asks for a "fix because not working", vendor says "new functionality, extra billable". Define precisely:
- Monitoring: observability dashboard, alerts, response time
- Maintenance: parser updates when target changes layout
- Bug fixes: errors in existing functionality
- Does NOT cover: new features, scraping new targets, integrations with new tools (these are billed separately)
02 · Response time and fix time SLAs
Two different SLAs. Response time = "we know about the problem". Fix time = "fixed". Typical values:
- Critical (pipeline completely down): response <1h, fix <4h
- High (degraded, wrong data): response <4h, fix <24h
- Medium (cosmetic, low-impact): response <24h, fix <1 week
If the vendor refuses SLA — the pipeline is not production-grade. Negotiate minimum response time <24h for critical.
03 · Cover hours
Does the vendor respond 24/7 or only business hours (e.g. Mon-Fri 9-17)? For a business-critical pipeline pay the premium for 24/7. For less critical, biz-hours suffice. Write it into the contract.
04 · Incident reporting mechanism
Email? Slack channel? Ticket system? Linear board? Any works, but pick ONE and write it into the contract. "I texted on WhatsApp but he did not reply" does not count as a report.
05 · Hourly rate for additional work
Retainer covers standard things. Extras billed hourly. Set the rate now — typically €80-150/h for mid-tier, €150-280/h for senior/specialist. Plus an approval rule — "work >X hours requires your written consent before start".
06 · Access to code and infrastructure
WHO has access to the code? Ideally both sides:
- Your GitHub org with vendor access (better)
- Vendor GitHub with read access for you (acceptable)
And production infrastructure? Does the client have AWS console access, or only logs forwarded by the vendor? Access both sides protects you from lock-in.
07 · IP ownership clause
After full payment the CODE transfers to client ownership — basic standard. Exception: vendor internal libraries (e.g. proprietary parser framework) stay theirs, but the client gets a perpetual licence to use them within the project. Without this clause — vendor lock-in.
08 · Exit clause
What happens when you want to terminate the retainer? Standards:
- Notice period: 30-60 days
- Handover: vendor documents the system, does knowledge transfer, exports all data
- Final invoice: only for actually performed work, no "exit fee"
- Continued access: code, data, documentation stay with you
If the contract requires an "exit fee" or aggressive notice period (>90 days) — red flag.
09 · NDA clause
The vendor sees your business data, strategies, clients. NDA should cover:
- Definition of "confidential information"
- Duration (min. 3 years after engagement ends)
- Exceptions (publicly known, independently acquired)
- Breach consequences
A standard NDA template suffices, but read it. Some vendors try to insert their own IP ownership (e.g. "everything built in the project belongs to us") — reject.
10 · Compliance and GDPR
If the system processes personal data, sign a DPA (Data Processing Agreement) — required by GDPR Art. 28. DPA defines:
- Categories of data processed
- Scope and purpose of processing
- Vendor obligations (sub-processors, transfer outside EU, security)
- Audit and control
- Incident notification
Without DPA you expose yourself to GDPR sanctions regardless of vendor quality.
11 · Liability limitation
Standard clause: max vendor liability limited to value of fees paid in the last 12 months. Exclusions: lost profits, indirect damages, third-party changes (e.g. ToS update on a target).
This is NORMAL and fair. A cap "to infinity" means the vendor does not want to insure risk — which means you bear it.
12 · Payment and indexation
Financial details:
- Payment terms: 14 days from invoice (standard), 7 days for aggressive vendors, 30 days for enterprise
- Currency: EUR / PLN — fix it now, not after the fact
- Indexation: does the rate rise with inflation? If so, which index and when (typically January, after CPI publication)
- VAT: who settles? Reverse charge B2B EU?
Without these records — surprise invoice in November with "23% VAT extra plus 8% indexation from April".
Bonus: 5 minutes with a lawyer
This guide does not replace a lawyer. For a first retainer worth >€500/month, 30-60 minutes of consultation with a B2B SaaS / IT contracts specialist at €100-300 usually suffices. Cheaper than fixing problems after 6 months.
The point
A first retainer = first 3-6 months reveal whether the agreement is fair. These 12 points list the most frequent pain points. If a vendor refuses concrete provisions on 4+ of them — look elsewhere. A good vendor wants the contract to be clear, because it protects them too — from disputes, scope creep, exit drama.