Knowing how to choose an app development company is the highest-leverage decision of any software project. A bad pick costs 2-5x the engagement fee in rework, pivots, and schedule slips. A good pick compounds: velocity goes up, defects go down, and the next quarter's roadmap lands on time. This post is the end-to-end buyer playbook for vendor selection, from the first outcome statement to a signed SOW.

The goal is not to hand you a list of vendors. It is to give you a repeatable process that works whether you are evaluating a boutique shop in Austin, a nearshore team in Sao Paulo, or a large offshore firm in Bengaluru. Seven stages, one scorecard, one paid pilot, and a short list of contract clauses that separate professional vendors from the ones you will regret.

Start with the outcome, not the feature list

The worst RFPs read like spec documents. Forty pages of screen mocks, a feature matrix, and a fixed deadline — all written before anyone confirmed what good looks like in 12 months. Vendors reply with the price you asked them to price, not the project you actually need.

Before you write a single word of an RFP, produce a one-page outcome brief. It should answer four questions in plain English:

  • What business outcome does this software unlock (new revenue line, CAC reduction, retention lift, operational cost cut, compliance unblock)?
  • What KPI moves and by how much (e.g., reduce order-processing time from 14 to 3 minutes; grow MAU from 0 to 25,000; lift NDR from 102 to 115)?
  • Who is the user and what is their daily context (desktop, mobile, field, offline, regulated)?
  • What are the hard constraints (budget ceiling in USD, launch date, compliance regime like HIPAA, PCI-DSS, SOC 2, GDPR, CCPA)?

If you cannot answer those four in a single page, you are not ready to talk to vendors. Good vendors will surface the gap during sales calls and either help you fill it (via a paid discovery engagement) or walk away — both are healthy outcomes.

Stage 1 - Scope the outcome (not the features)

The outcome brief becomes the first section of the RFP. It anchors the entire selection process. When scorecard debates get heated in stage 5, you come back to this page and ask: which vendor is most likely to deliver this outcome in 12 months? Feature detail lives downstream — in the discovery deliverable a paid shortlist produces in stage 4.

Buyers who skip this stage end up with vendors who compete on the wrong axis: price per story point, number of engineers allocated, or depth of a 40-page spec response. None of those correlate with outcome delivery.

Stage 2 - The 2-page RFP (not 40 pages)

A tight RFP separates vendors who read and think from vendors who copy-paste. Keep it to two pages. Seven sections:

  1. Problem statement - the outcome brief, condensed to half a page.
  2. 5 to 10 core user flows - named, not designed. For example: 'driver accepts job, navigates to pickup, captures proof-of-delivery photo, syncs offline when back in coverage.'
  3. Non-functionals - performance targets, uptime, security posture, compliance (SOC 2 Type II, PCI, HIPAA), accessibility (WCAG 2.2 AA if consumer-facing).
  4. Constraints - budget band (e.g., $150k-$300k), target launch window, geographies, timezone expectations.
  5. Timeline - sensible phases, not a Gantt chart. Discovery (2-4 weeks), build (12-24 weeks), ramp-down (4 weeks).
  6. Evaluation rubric - tell vendors how you will score them. Transparency filters out the ones who game opaque rubrics.
  7. Submission format - 10-page PDF max, named senior engineer on the account, three referenceable prior clients with email and phone.

For a deeper breakdown of requirements writing, see our guide on software requirements engineering. For deliverables and acceptance criteria terminology, see the software deliverables guide.

Stage 3 - Build a longlist of 10

Longlist sourcing is an input-quality problem. Go where good vendors earn their reputation, not where they buy their traffic.

  • Warm referrals from other founders, CTOs, and product leads. Highest-signal source by far. Ask for a named engineering contact, not a sales email.
  • Peer communities - YC Bookface, Pavilion, IndieHackers, RevOps Co-op, specialty Slack groups, CTO dinners. The thread 'who built your MVP?' converts.
  • Curated directories - Clutch, GoodFirms, The Manifest, DesignRush. Filter by verified reviews and named project leads. Ignore unverified star ratings.
  • LinkedIn search for senior engineers (staff engineer, principal, architect titles) at known-good shops. Their public project work reveals real technical depth.
  • Engineering conference talks and open-source contributions. A vendor whose engineers speak at React Conf or KubeCon and maintain meaningful OSS is a different animal from a shop that only publishes case studies.

Reject any shop that has no named engineers on its public site, operates through generic 'enquire now' forms with no technical content, or whose portfolio entries all launched in the same quarter (a tell for stock-photo case studies). Stop at 10. More than 10 dilutes attention.

Stage 4 - Shortlist of 3 via a paid evaluation task

This is the stage most buyers skip and most regret. You do not shortlist on sales calls. You shortlist on a paid evaluation task.

Pick your top four or five from the longlist. Offer each a $5,000 to $15,000 fee for a 1-2 week discovery deliverable that includes: refined scope aligned to your outcome brief, tech stack recommendation with tradeoffs, team profile with named senior engineer, timeline and rough budget estimate, and three references you can contact directly. You cut to three based on the quality of those deliverables.

Paid evaluations do three things free pitches cannot. They filter out vendors who sell well but cannot think. They give you a high-quality discovery artifact regardless of who you pick (worst case, you walk with three good scopes). And they prove the vendor will accept commercial risk — a vendor who refuses a paid discovery is telling you what their first change order will look like.

Use this stage to ask the technical questions that matter. Our companion piece, 10 questions to ask before hiring a software development company, gives the interview script to run alongside each paid evaluation.

Stage 5 - The 20-criteria weighted scorecard

Scorecards force the decision to be explicit. Score each of the three shortlisted vendors from 1 (poor) to 5 (excellent) on each dimension. Multiply by the weight. Sum. The highest score is your rational pick. If your gut disagrees, examine which weight is wrong — do not override the score quietly.

DimensionWeightWhat you are scoring
Senior engineer on the account15%A named staff/principal engineer with >= 5 years in the stack, billed at >= 30% of the engagement
Discovery output quality15%Did the paid discovery surface real tradeoffs and risk, or just repackage your brief?
Relevant domain experience10%Shipped production work in your vertical (fintech, health, marketplace, IoT, AI) in the last 24 months
Communication cadence10%Weekly demos, async updates, shared roadmap visibility - not a monthly status PDF
References confirmed10%Three references reached by phone or video, not email testimonials
Price10%Total cost of ownership in USD, not blended hourly rate alone
Team stability5%Engineer tenure average, attrition rate, bench rotation policy
IP terms5%Willing to sign IP assignment (not license), work-for-hire, moral rights waiver
Security and compliance posture5%SOC 2 Type II, ISO 27001, signed DPA, security questionnaire turnaround under 10 days
Timezone overlap5%Working-hours overlap with your team (4+ hours is workable; 0-2 hours is painful)
Change-order philosophy5%Transparent process, caps on cumulative drift, written before the first change request
Portfolio depth5%Production apps with real MAU, not pilot demos - measurable by app store links and live URLs

Weights sum to 100%. Adjust the weights to your context — regulated fintech might push security and compliance to 15% and portfolio depth to 0%. A pre-seed MVP might push price to 20% and domain experience to 0%. The point is that you adjust once, explicitly, and hold the scorecard steady across vendors.

Stage 6 - The 2-4 week paid pilot

A paid pilot is not the same as the paid evaluation in stage 4. The pilot is the first real increment of the product, built by the selected vendor at 5-10% of total engagement cost ($10,000 to $50,000 for most US engagements).

Pilot scope: one vertical slice of the product that exercises the hard parts. For a marketplace, that is search plus checkout plus one payment flow. For a field-ops app, that is offline sync. For an AI feature, that is the retrieval pipeline plus one production eval. Not a mockup, not a prototype — a working increment behind a feature flag, with tests, telemetry, and a code-review handoff.

At pilot end, you review three deliverables: working software, code quality (reviewed by your own CTO or a third-party auditor), and team dynamics (did they communicate well, raise risks early, take feedback). If any one fails, the selection was wrong. Pay the pilot fee, part cleanly, and reopen the shortlist with the second-place vendor. Pilots catch bad fits before a six-figure SOW locks you in.

For context on engagement length and where the pilot fits in the broader schedule, see our app development timeline. If you are still deciding between engagement models — onshore, nearshore, offshore, staff aug — run the decision through our onshore, nearshore, offshore comparison before locking in the lane.

Stage 7 - Contracts: NDA, MSA, SOW, and IP

The contract stack is three documents, signed in order:

  1. NDA - mutual, upfront, before the RFP goes out. Short, standard, do not negotiate for weeks.
  2. MSA (Master Services Agreement) - signed once per relationship. Covers IP assignment, confidentiality, warranties, indemnities, liability caps, data protection, dispute resolution, termination.
  3. SOW (Statement of Work) - one per engagement. Covers scope, deliverables, acceptance criteria, timeline, payment milestones, change-order process.

Non-negotiable clauses

  • IP assignment, not license. All work product assigned to you on payment, with moral rights waived where law permits. A license-back from the vendor is a red flag.
  • Acceptance criteria in the SOW. Each deliverable has pass/fail criteria written before work starts. Without them, acceptance becomes a negotiation every sprint.
  • Change-order mechanism with a cap. Individual changes above a threshold (e.g., >10% of a milestone) require written approval. Cumulative drift capped at a fixed percentage (typically 20%) before the SOW is renegotiated.
  • Data protection addendum. GDPR and CCPA boilerplate if you handle EU or California user data. SOC 2 obligations if you are in the vendor's processing path.
  • Indemnity + liability cap. Mutual indemnity for IP infringement and confidentiality breach; liability capped at 1-2x contract value except for IP, confidentiality, and gross negligence.
  • Termination for convenience with ramp-down. Either side can terminate with 30 days notice. Ramp-down obligations: knowledge transfer, repo ownership, 30-day post-launch support, credential rotation.
  • Dispute resolution venue. US buyers typically anchor to Delaware or New York law with AAA arbitration. For cross-border engagements, specify venue, governing law, and language explicitly.

Red-flag checklist

Walk away when you see any of these:

  • No named engineers in the proposal - only roles ('senior developer', 'tech lead').
  • Unwilling to run a paid pilot or paid evaluation. Translation: their first customer-facing engagement is your budget.
  • Fixed-price bid without discovery. Classic scope-creep trap - the vendor will recoup margin through change orders.
  • Bench-farm rebadging - the senior engineer on the sales call is not the engineer staffed on your account.
  • Refusal to assign IP, or insistence on a license-back on 'reusable modules' you paid for.
  • No observability, monitoring, or incident-response posture in the proposal.
  • No technical lead on any sales call. Account executives alone cannot commit to architecture.
  • Opaque references - testimonials on the website, no contactable names.
  • Proposals that never mention risk, tradeoffs, or what they would say no to.

Change-order math

Custom builds drift. Plan for 15-25% scope change on a first engagement and 10-15% on subsequent ones. Structure the SOW so change orders follow a written process: written request, impact estimate (hours + calendar), written approval before work starts. Cap cumulative drift at a fixed percentage (20% is typical). If drift exceeds the cap, renegotiate the SOW rather than stack change orders silently.

The math: a $200,000 SOW with a 20% drift cap gives the vendor up to $40,000 of in-flight change. Individual changes above $20,000 (>10% of SOW) require your written sign-off. Any vendor who resists written change-order caps is signaling the real project will be 150% of the original — and they want the ability to get there without your explicit consent.

Ramp-down and offboarding

Every engagement ends. Good engagements end cleanly. Build the following into the SOW from day one:

  • Repository ownership - your GitHub or GitLab org hosts the code from commit one. Not the vendor's.
  • Credential rotation - 72-hour rotation of AWS, database, and third-party API keys at offboarding.
  • Documentation handoff - architecture decision records, runbooks, on-call rotation guide, deploy playbook.
  • Knowledge transfer sessions - 2-3 recorded walkthroughs with your in-house or next-vendor team.
  • 30-day post-launch support - bug-fix SLA included in the SOW at no extra cost. After that, a separate maintenance SOW with capped hours.

If you plan ramp-down upfront, you spend two weeks at the end offboarding. If you do not, you spend two months.

Where FWC fits

For US buyers evaluating a nearshore lane, FWC Tecnologia runs a two-week paid discovery sprint as the default entry point - a deliberately paid, time-boxed shortlist task that produces a scoped roadmap, named senior engineer, and a firm estimate you can take to other vendors for apples-to-apples comparison. We lose bad-fit deals fast and keep good-fit deals moving. Learn more on our Brazilian nearshore app development page.

How to choose an app development company: the decision framework

Stage 1: write the outcome brief. Stage 2: 2-page RFP. Stage 3: longlist 10 via referrals, communities, directories, LinkedIn. Stage 4: shortlist 3 via paid evaluation. Stage 5: score on the weighted 20-criteria table. Stage 6: run a 2-4 week paid pilot. Stage 7: NDA, MSA, SOW with IP assignment, acceptance criteria, capped change orders, and clean ramp-down. The whole process runs 4 to 8 weeks end-to-end, with contracting taking another 2 to 4 weeks. That is a reasonable timeline for a six-figure build.

Before you commit

Running how to choose an app development company as a documented process — not a gut call — is the difference between a vendor who ships and a vendor who becomes a line item in next year's legal budget. The seven stages, scorecard, and contract clauses above are the minimum bar for any six-figure software engagement. If you need help running the process or want to see what a paid discovery sprint looks like in practice, request a project estimate or contact us and we will walk you through our discovery format and current engineering lineup.