Skip to content
← ALL WRITING

2026-04-22 / 12 MIN READ

A client offboarding protocol that keeps the relationship

A 9-step client offboarding protocol that keeps the relationship: credential handoff, closing memo, referral posture, and the 30/90/365 day cadence.

Nine items. Every item exists because skipping it cost me something on a previous engagement. Print this, work it top to bottom, and the client who just closed a retainer with you becomes a referral source instead of a ghost.

OFFBOARDING PROTOCOL
0/9 COMPLETE
  1. 1
    Send the offboarding calendar (two weeks out)
  2. 2
    Audit every credential you still hold
  3. 3
    Document the final state of every system
  4. 4
    Rotate any shared secret that passed through you
  5. 5
    Run the handoff session as a screen-share walkthrough
  6. 6
    Deliver the closing memo on the last day
  7. 7
    Transfer ownership of anything you built
  8. 8
    Send a final invoice with zero surprises
  9. 9
    Schedule the 30-day check-in before logging off
● CLIENT● WORK● RELATIONSHIP
Nine items. Three groups of three, each protecting a different thing: the client, the work, and the relationship.

The 9-step client offboarding protocol

Run these in order. Each one takes 30 to 90 minutes. The whole protocol fits in about a day of focused work, usually spread across the final two weeks of an engagement.

  1. Send the offboarding calendar two weeks before the last billable day. Include the final working session, the handoff session, and the post-engagement check-in. Put them on the calendar before anything else shifts.
  2. Audit every credential you still hold. Password manager entries, shared vault access, GitHub collaborator status, Shopify staff accounts, Google Workspace guest access, third-party dashboards. List them. Mark which the client owns and which need rotation.
  3. Document the final state of every system you touched. Not a status report. A running document the client can open in six months and understand what changed, why, and where to look for it.
  4. Rotate any shared secret that passed through your hands. API keys, webhook secrets, service tokens. This is the client's responsibility, but it doesn't happen unless you prompt it. Put it in the handoff session agenda.
  5. Run the handoff session as a screen-share walkthrough, not a document review. The client team has to see the system from the inside at least once while you're still accountable. Record it.
  6. Deliver a closing memo on the last day: what was done, what's outstanding, what the client should watch for in the next 90 days, and where the gaps are that you'd want to come back for.
  7. Transfer ownership of anything you built that's still in your accounts. Domain registrations, Vercel projects, Stripe test objects, GitHub repos. If it lives under your login, move it or archive it with the client's approval.
  8. Send a final invoice with zero surprises. No "oh by the way" line items. Everything pre-communicated. If you need to invoice for overrun, that conversation happens before the invoice, not on it.
  9. Schedule the 30-day check-in before you log off the last session. Not a vague "let's stay in touch." A specific 30-minute slot on the calendar with an agenda line: "How's the system performing, anything breaking?"

Why each item matters

The protocol has a pattern. The first three items protect the client. The middle three protect the work. The last three protect the relationship. Most people skip one of the three categories and don't notice for months.

The client-protection items (1-3)

Sending the calendar early prevents the last-minute scramble that makes every engagement end on a low note. If the handoff session has to be rescheduled twice because it was set up with three days' notice, the client's memory of the engagement gets shaped by that scramble.

The credential audit is the item that protects the client most. A credential you forgot you had is a credential the client will find out about in an uncomfortable way. I've never had a client find an abandoned access token and think "this is fine." It's always a conversation that costs goodwill. Running the audit in the second-to-last week, not the last week, gives you time to find things you forgot.

Documentation is the hinge. A client with documentation can take what you built and run it. A client without documentation is either stuck calling you back (which might seem good, but the next call is a free consult) or hiring someone to re-learn the system (which burns the exact goodwill the engagement earned). Running documentation at the end feels like chore work. It's actually the step that determines whether the engagement becomes a success story the client tells for years.

The work-protection items (4-6)

Secret rotation is the boring item that prevents the worst kind of incident. If your email is ever compromised, every client whose secrets passed through your inbox becomes collateral. Rotating on offboarding means the blast radius is bounded.

The handoff session should never be a document review. A document review is passive. Someone reads slides. Nothing gets questioned. A screen-share walkthrough forces the client to navigate the system with you watching, which surfaces every assumption you made that the client doesn't share. Those assumptions are where the post-engagement support tickets come from.

The closing memo is the artifact the client forwards. Six months from now, when a new team member starts, the closing memo is what they read to understand what you did. If the memo is vague, the new team member reinvents wheels or undoes work. If the memo is specific, they pick up where you left off.

The relationship-protection items (7-9)

Ownership transfer is the item that signals you're actually done. A domain registration still in your account, a Vercel project still on your team, a GitHub repo you own instead of the client: these are low-grade signs that the engagement hasn't fully concluded. They're also where confusing charges appear six months later when your Vercel bill auto-renews a project you forgot about.

The invoice-with-zero-surprises rule is about matching the cadence of good work to the cadence of good billing. Every surprise line item implies that the engagement was less buttoned-up than the client thought. Pre-communicating every expense before the invoice lands keeps the commercial relationship aligned with the technical one.

Scheduling the 30-day check-in before you log off is the highest-ROI minute in the entire protocol. A check-in that lives in the client's calendar happens. A check-in that lives in "let's stay in touch" does not. The 30-day check-in is where referral conversations naturally emerge, and it's where you find out what the client wants next.

The first three items protect the client. The middle three protect the work. The last three protect the relationship.

What happens if you skip any of these

Each skip has a specific failure mode. I've learned them the hard way.

Skip the credential audit: you find out three months later that a former client got a password-reset notification from a service you forgot you had access to. The email goes to someone on the client's team who doesn't know who you are. That conversation does not go well.

Skip the documentation: you get a call in month four asking how a piece of the system works. You spend two hours digging through old notes. The answer costs you a half-day and produces no revenue. It also gently shifts the posture from "past client" to "on-call consultant," which is not the relationship you want.

Skip the handoff session (or run it as a doc review): the client's team can't operate the system without you. The post-engagement support requests start arriving week two. Each request is phrased as a quick question. None of them are.

Skip the closing memo: the engagement's narrative gets written by the client's memory instead of your writeup. Memory is unreliable. A specific closing memo anchors the client's understanding of what was done and what was explicitly out of scope.

Skip ownership transfer: you get surprise charges six months later on services you forgot you were paying for. You also open yourself up to an awkward conversation if the client eventually wants full control and finds out they don't have it.

Skip the 30-day check-in: the relationship drifts. By day 90 you're just another past vendor. By day 365 the client has forgotten the nuances of what you did, and their memory of the engagement is a generic "we worked together a while back."

The retainer-to-productized migration case

I built this protocol during the transition I documented in the retainer vs productized audit breakdown. As the retainer work started winding down in early 2026, I had a cohort of clients whose engagements were ending at different times. Some would have made sense as long-term product customers; some had wrapped up and just needed a clean exit.

The protocol emerged from noticing which offboardings produced referrals and which didn't. The pattern was not about the quality of the work delivered. The quality was roughly equivalent across engagements. The pattern was about the exit.

Engagements that ended with a clean handoff, specific closing memo, and a 30-day check-in produced referrals within the next 6 months about two thirds of the time. Engagements that ended with a fuzzy exit produced referrals about a quarter as often. Same work. Same deliverables. The difference was the offboarding.

The protocol also maps cleanly onto the shift from retainers into the productized ladder. A well-offboarded retainer client is the ideal buyer for the next product tier because they already trust the work, and the closing memo gives them a specific language for what they got. The pricing-the-audit decision log covers how the tier 1 entry price was calibrated specifically for that buyer.

The 30/90/365 day cadence after offboarding

The check-in at day 30 is the first scheduled touchpoint. The agenda is simple: how's the system running, anything breaking, anything showing up in the data that we should talk about. It's 30 minutes. It's free. It's not a sales call.

The day-90 touch is asynchronous. A short email referencing something specific from the engagement - a metric that would have shifted by now, a feature that had an expected follow-up, a quarterly moment they mentioned. "The attribution reconciliation piece should be stabilizing now; curious whether the Shopify-to-Meta delta has settled." One sentence, no pitch. The reply either surfaces a problem worth re-engaging on or confirms the work is holding.

The day-365 touch is a deliberate warm ping around an anniversary. "A year ago we wrapped the engagement. Wanted to check in." If the engagement has held up, this is where the client responds with an update or a referral. If it hasn't, this is where you find out quickly and can address it before it becomes a story the client tells others.

The cadence works because it's predictable and low-pressure. The client knows you're not selling at each touchpoint. You're checking that the work is holding. That posture is what converts past engagements into a referral network.

Where this sits in the ladder

The retainer model is the bridge that sunsets 2026-12-31. After that, client relationships start inside the productized ladder rather than inside a retainer contract. The offboarding protocol still applies, though. Product buyers don't get offboarded in the same way a retainer client does, but the 30/90/365 cadence still matters: it's how a buyer who completed one tier surfaces back up as a candidate for the next.

For clients who are still on a bridge retainer, the availability page has the current state of those slots and the sunset date. The offboarding protocol runs for every one of those engagements without exception. Post-offboarding, the natural next step for most clients is the product suite, with the tier-1 entry piece being the DTC Stack Audit. The timing and language for routing a closed engagement into a product tier is covered in the writeup on the published retainer sunset.

Frequently asked questions

What if the client does not want a handoff session?

Run the credential audit, documentation, closing memo, and ownership transfer steps anyway. The client's preference does not exempt you from the work that protects them if something breaks later. A client who declines a handoff session usually regrets it six weeks later when a question emerges. Send the written materials and keep the 30-day check-in on the calendar regardless.

How do I offboard from a contentious engagement?

Run the protocol more carefully, not less. A contentious exit is exactly when credentials get missed, documentation gets neglected, and the 30-day check-in never happens. The protocol is the neutral frame that lets a contentious relationship end cleanly. You are not required to be warm. You are required to be complete.

Does this apply to short projects, not just retainers?

Most of it does, scaled. A two-week project does not need a 30-day check-in on the same rhythm, but it still benefits from credential audit, documentation, and ownership transfer. The 9-step protocol compresses to a 3-step version for short projects: hand off credentials, deliver a closing memo, schedule one follow-up.

Can the closing memo be a Loom video instead of a document?

Yes, though a document outlasts a video. Loom links break, Loom accounts get cancelled, and six months from now the client cannot ctrl-F a video. A short written memo (one page) with an optional Loom link attached is the right format. The written part is the artifact the client will actually reference a year from now.

What if I do not do retainer work at all?

The protocol is still the pattern. For a productized-only practice, offboarding happens at the end of an implementation tier or after the final delivery of a defined project. Every client has an ending. The ones with clean endings produce the referral flow that cuts your customer acquisition cost in the long run.

Sources and specifics

  • The 9-step protocol is the exact sequence I run on client offboardings, refined through the retainer-to-productized migration documented in the retainer vs productized audit breakdown.
  • The referral-rate observation (clean-exit engagements producing referrals about twice as often as fuzzy-exit engagements) is from my own client cohort during the migration period, not a public benchmark.
  • The 30/90/365 cadence is a personal practice I adopted in 2025; the specific intervals are not universally standard, but the principle (predictable, low-pressure, scheduled) generalizes.
  • The retainer sunset date of 2026-12-31 is published on the availability page and drives the migration timing.
  • The protocol applies regardless of whether the engagement ends amicably; the steps are commercial hygiene, not relationship management.

// related

Product catalog

If you want to take this further, the products page has everything from self-serve audits to working sessions. Priced for where you are right now.

>See the products