Jump to a section +
Imagine receiving the keys to a new office but learning that the landlord controls your phone number, the architect owns the signs, a former vendor holds the alarm code, and the furniture disappears if a subscription ends. Saying “you own the office” would not answer the operating questions. A website is similar. Its name, accounts, files, creative work, software, data, and outside services can have different owners and different access rules.
Map the website as nine separate layers
Create this map during contracting, not on the day a relationship ends. The web design contract checklist explains how to place deliverables, transfers, licenses, accounts, and handoff duties in writing. If you are still selecting a provider, keep the map beside the hiring and project planning hub so ownership becomes a buying criterion rather than a cleanup task.
1. Domain registration: protect the public name
A domain is registered through a registrar under a registration agreement; it is not purchased like a permanent physical object. ICANN's registrant guidance says registrants are entitled to information about their registrar and processes for registering, managing, transferring, renewing, and restoring a domain, and it notes that registrants have responsibilities for registration and use. For a business website, the business or an authorized officer should generally be the registered name holder or otherwise have a documented arrangement it understands—not merely reimburse a designer who registered the name in a personal account.
- The registrar account is associated with a durable business-controlled email address, not a departing employee or outside designer's personal inbox.
- The registered holder and contact data are accurate, subject to applicable privacy services and registrar requirements.
- At least two authorized people know the registrar, renewal date, recovery method, and where recovery codes are stored.
- Auto-renewal and a valid payment method are enabled when appropriate, with calendar reminders that do not rely on one vendor.
- DNS access is documented separately because DNS may be managed by the registrar, host, security provider, or another service.
- The contract states who assists with transfer or access changes when the project or care agreement ends.
2. Platform and hosting accounts: find the real administrator
A hosted website builder, content management system, cloud host, or agency platform can divide roles in different ways. The person who edits a page may not be the account owner, billing owner, organization administrator, or person allowed to transfer the project. Ask the provider to show the role structure using the platform's current terms and documentation. If the site lives inside an agency's master account, the contract should explain what the client receives at exit, whether the site can be transferred, what features depend on the agency plan, and what price or downtime could change.
Record the operational answer for every account that can affect the site.
| System | Business should record | Failure to plan |
|---|---|---|
| Website platform or CMS | Owner, billing role, super-admin, editors, recovery, transfer process | The business can edit content but cannot change billing or remove a former vendor |
| Hosting or cloud | Account owner, project, deployment access, server region, backup and export path | Files exist, but no one can deploy, restore, or pay for service |
| DNS and security | Provider, authorized users, records, proxy or firewall rules, emergency process | Moving hosts breaks email or security settings |
| Source repository | Organization owner, repository admins, branches, build instructions, deployment keys | An export is delivered without history or a reliable way to rebuild |
| Email delivery | Sender domain, service account, verified identities, templates, suppression lists | Forms look successful but notifications stop or send from an unauthorized domain |
3. Copyright in design, code, copy, and media
Paying an independent contractor does not, by itself, answer every copyright question. The U.S. Copyright Office explains that copyright generally begins with the author, while work made for hire is a specific doctrine with defined situations. Circular 66 also explains that a website is not treated as one special category of copyrightable subject matter; qualifying original website content may include different forms of authorship. Your contract should identify original deliverables, their authors, the rights being assigned or licensed, the territory and duration if relevant, permitted modifications, and when the transfer becomes effective.
Neither column is automatically right for every project. A broad assignment may cost more or be unavailable for reusable tools. A well-drafted license may give the business everything it needs to operate and modify the site. The danger is not the word “license”; it is a silent or narrow license that fails the business's expected use. Legal counsel can evaluate assignment, license, moral-rights, warranty, and infringement provisions under the governing law.

Each layer needs an owner or account holder, an administrator, a recovery path, and an exit rule.
4. Third-party material: identify what neither party can give away
Many websites combine original work with commercial fonts, stock photos, icons, themes, plugins, open-source packages, maps, videos, payment forms, scheduling tools, and external APIs. Their licenses and terms may limit transfer, number of sites, traffic, editing, redistribution, or continued use after a subscription ends. “All files included” does not override those terms. The handoff should name each material dependency, link its license or plan, identify the account holder, and state any recurring cost or replacement risk.
5. Business data and analytics: control collection and continuity
Form submissions, customer accounts, order records, email lists, analytics properties, tag managers, consent records, call tracking, and advertising pixels can outlast the visible design. The business should know which systems collect data, the purpose and authority for access, retention and deletion expectations, and how data can be exported. A designer may be an administrator or service provider without being the business owner of the underlying data. Privacy and security duties vary by data, location, industry, and agreement, so obtain appropriate professional advice rather than relying on a generic ownership sentence.
- Use a business-owned analytics organization or property and grant the agency the minimum role it needs.
- Keep a list of forms, their destinations, integrations, authorized viewers, and a safe test procedure.
- Document tags and pixels before removing an agency account so measurement does not silently stop.
- Include backup location, frequency, retention, restoration responsibility, and a tested recovery example.
- Remove former users and rotate shared secrets when people or providers change roles.
- Do not email password spreadsheets or include secret keys in a public handoff document. Use an approved password manager or secure transfer process.
Run four control tests before launch
Prove access while the project team is available
Recovery test
From a business-controlled address, confirm that an authorized person can begin account recovery and that multi-factor recovery does not depend on the provider's personal device.
Billing test
Identify who can see the plan, invoice, renewal date, payment method, and cancellation consequences for every paid dependency.
Export test
Create a current export or backup where the system supports it, then document what the export includes and what it cannot reproduce.
Removal test
Confirm the business can add a new administrator and remove an old one without destroying the site or violating an account hierarchy.
Do not remove the active provider during a test. Review the controls together or use a temporary authorized account. The point is to uncover a weak dependency before an emergency. If the provider says access cannot be shared or transferred, ask for the platform documentation, the business reason, and the exit path in writing.
Use a launch handoff register
The register should name evidence, not expose passwords.
| Item | Record at handoff | Evidence |
|---|---|---|
| Domain and DNS | Registrar, registrant, renewal, DNS provider, authorized roles | Business administrator can sign in and view current settings |
| Platform and hosting | Account hierarchy, plan, billing, admins, transfer and export limits | Business owner role and current invoice |
| Creative deliverables | Assigned work, licensed work, exclusions, editable and final file formats | Signed agreement, asset list, and delivered files |
| Third-party dependencies | Vendor, purpose, account holder, license, renewal, replacement impact | Subscription record and current terms link |
| Data and measurement | Systems, administrators, exports, retention, tags, privacy contacts | Access check and dated configuration inventory |
| Operations | Backups, updates, monitoring, incidents, support, emergency contacts | Successful test and care agreement |
| Exit | Notice, final payment, assistance, files, removal date, and data handling | Completed offboarding checklist signed or acknowledged by both sides |
Store the register in a durable business location and review it at least when a provider, employee, domain, platform, or subscription changes. Good website design and launch planning should leave the business with controlled access and understandable dependencies, even when the provider continues to manage day-to-day care. Managed service should be a choice supported by expertise, not a lock created by missing credentials.
What to do if ownership is already unclear
Recover clarity without creating a second problem
Preserve records
Collect signed agreements, statements of work, invoices, emails, purchase records, account notices, exports, and current screenshots without changing access.
Inventory what still works
List domains, DNS, platform, host, repository, email, forms, data, analytics, media, licenses, and administrators. Mark confirmed facts separately from assumptions.
Ask for a cooperative handoff
Send a specific written list and a reasonable timing request. Avoid accusations when an administrative correction may solve the gap.
Protect continuity
Before changing DNS, billing, users, or subscriptions, understand the effect on the website, email, forms, and data. Make a verified backup where authorized.
Get appropriate help
Use the registrar or platform's official recovery process and consult qualified technical or legal professionals when rights, authority, security, or a dispute is uncertain.
Do not attempt to bypass access controls, impersonate an account holder, or seize an account because you believe the business should own it. Ownership and authorization must be established through contracts, account records, platform procedures, and applicable law. The safest recovery protects the live business while the evidence is reviewed.
Does paying a web designer mean I own everything they created?
Not automatically. The contract, authorship, work-made-for-hire requirements, assignments, licenses, and third-party terms all matter. Identify each deliverable and have counsel review the rights language for your jurisdiction and project.
Should my web designer own my domain name?
A business should generally ensure that its domain registration and recovery path are under durable business control or a clearly documented arrangement it accepts. The designer can receive delegated technical access without being the only person able to renew or transfer the name.
Do I own a website built on a hosted platform?
You may own or license your content and custom work while using the platform under its service terms. The platform software and hosted features remain subject to the provider's rules. Confirm account role, export limits, transfer process, and what stops working if the subscription ends.
Who owns stock photos and commercial fonts on my site?
The creator or rights holder generally retains ownership while a customer receives a license under specific terms. Check who purchased the license, where the asset may be used, whether it can be transferred, and whether a recurring plan is required.
What files should I receive after launch?
The answer depends on the scope, but a handoff may include final and editable approved assets, content exports, code or repository access, documentation, account inventory, license list, analytics access, backup, and support instructions. The contract should name the formats and exclusions.
Evidence behind the guide
Sources and further reading
- Circular 66: Copyright Registration of Websites and Website ContentU.S. Copyright Office
- Circular 30: Works Made for HireU.S. Copyright Office
- What Is Copyright?U.S. Copyright Office
- Registrants' Benefits and ResponsibilitiesICANN
- Information for Domain Name RegistrantsICANN
Continue on Web Respawn
Pages that actually connect to this decision.
These links are selected for the subject of this guide. They are not a generic service dump.
Explore the strategy, content, design, build and launch foundation.
Open page ↗RELEVANT PAGEWebsite & Growth ServicesSee the complete Web Respawn service system in one place.
Open page ↗RELEVANT PAGEAbout Web RespawnSee the company, approach and standards behind the work.
Open page ↗RELEVANT PAGEWebsite Design FAQsGet concise answers about scope, timelines, ownership, SEO and care.
Open page ↗







