A side note here: that can be impossible on a cloudy service where your data may have moved between many nodes over its life, and difficult to guarantee in other circumstances. On future projects consider encryption at rest for all data then all you have to worry about is destroying all copies of the relevant keys. Still try a wipe at the end of course, in the name of security in depth, in case there are keys errantly floating around out there.

If you are performing a secure wipe, don't go OTT with 37 sequenced passes (if your threat model "requires" that then you have other matters to concentrate on!) don't make the final stage zeros: fill the volumes with cat pictures/videos, or if you are feeling evil use shock images instead. Give the cracker that tries to poke around something to look at!

> ... and services by trying to overwrite data with junk values before canceling

Also impossible unfortunately, though again you should try if only to show due diligence. Always assume that once your data is out there it is out there for good. Just like a delete is not often a real delete (just a soft delete where a "deleted" flag is set), an update often only affects the current value leaving it and any previous values still present in history or audit structures.

(not that I'm saying this piece of your advice is bad, I just feel it just needs a few caveats to be explicitly stated)

For certain types of data and with experise, it might be wise to run your own servers (colo) and encrypt the drives. After surviving to a certain scale, you'll want to save money by running hybrid bare metal+cloud anyhow. Then, you'd have control to nuke your servers (DBAN), local snapshots and encrypted backups. Hybrid infrastructure should allow pinning systems to prevent migrating to or sending snapshots to third-parties.

Aye. While guaranteeing the information is absolutely gone is often impossible, you should at least do what you can make it more difficult to retrieve or be accidentally revealed.

> and encrypt the drives

If you are using VMs then full disk encryption within the VM will work just as well, and most cloud services can offer effectively the same thing with their containers.

You just have to be very careful with key management, which in some cases may be inconvenient (blocking restart until you intervene to provide keys, if you don't want them stored on or directly accessible by the same provider) depending on how paranoid you feel the need to be. Of course if you are truly paranoid, by character or by contractual necessity, keys in memory on shared infrastructure even temporarily could be an issue at which point you need "dedicated cloud" resource or colo/self-host for the affected parts of your apps/infrastructure.

If they wanted a detailed question of what to do AND WHY, they could pay a consultant. A consultant would go over around the same points as duelingjello, but also explain why. As an Internet forum answer, it honestly goes above and beyond.

The answer basically strips into two -- first get rid of any and all 'ball and chain' from the old company, existing customers setups and data. Then put the IP to work, making money.

The answer does skip over the general unasked question of "Can I just sell the code?" to which the answer is generally "no." You'd need an existing enterprise or source that knows the code, wants the code and can use the code, which in the modern age is just not going to happen: Startups come and go and everybody wants to make their own solution. Most engineers I know would look at "existing code" as bloat or a hindrance in general, and would look at it as "a sales team problem." If anything, you'll get peanuts for selling the actual code itself.

Building a new enterprise that has a technical team to handle the code and a sales team to sell the code, potentially with an existing customer base sounds like a much better plan. Does it involve risks? Yes. Does it still answer OP's question of wat do? Absolutely.

All it takes is one oops at a client to have a $1m judgement hanging over your head. LLC (in your state, don’t get fancy) sooner than later. Business insurance is typically another $500-800/yr for software startups, but I wouldn’t recommend that until you have something to protect (like money in the bank)

Your advice to register an LLC is very good. I’ll add:

1) Costs are very state specific. And if you register in the state you live in you can act as your own registered agent and eliminate a lot of the yearly fees. In my state I can register directly for $90 with the Department of State (of my state, not federal) and there are no recurring fees.

2) Follow the rules by keeping all finances separate or you might as well not have registered the LLC.

I.e. not the formation, but year to yeat maintenance?

Creating one can help enforce some separation too: different bank accounts, different AWS accounts, etc. This feels pretty good, unless the company is some tax dodge which also places increased transparency on some things.

Whatever someone does, they can make a fair attempt at running their business professionally and it will limit significant risk and liability. This means taking boring paperwork and bureaucracy seriously. It means recognizing mistakes and fixing them before they get serious. Good companies don't generally get sued and lose. You can also seek outside advice so that you make better decisions. When you take reasonable measures these will get recognized when you are in a situation.

“ Personal Liability for Your Own Actions

There is one extremely significant exception to the limited liability provided by LLCs. This exception exists in all states. If you form an LLC, you will remain personally liable for any wrongdoing you commit during the course of your LLC business. For example, LLC owners can be held personally liable if they:

personally and directly injure someone during the course of business due to their negligence fail to deposit taxes withheld from employees' wages intentionally do something fraudulent, illegal, or reckless during the course of business that causes harm to the company or to someone else, or treat the LLC as an extension of their personal affairs, rather than as a separate legal entity. Thus, forming an LLC will not protect you against personal liability for your own negligence, malpractice, or other personal wrongdoing that you commit related to your business. If both you and your LLC are found liable for an act you commit, then the LLC’s assets and your personal assets could be taken by creditors to satisfy the judgment. This is why LLCs and their owners should always have liability insurance.”

Similarly, as a single-person company, any action that could cause liability was presumably performed by you, personally. That makes it much easier for a litigant to sue you personally instead of/in addition to your company.

> If it was good, don't let the team relationship go to waste. Talk with whoever's left / worked-with previously about doing something else.

Some of my best times at work have come from the relationships left after the company crashed and burned. Companies disappear, people don't have to.

I would be interested if anyone knows more about how the co-op idea would work, also assuming you took investment. Would a corporation be formed as well as a co-op, and the co-op would be a shareholder in the corporation?

The idea is: shares aren't devided by capital, but by heads.

But you can usually add some clauses to the contracts, that people have to work for some kind of period, before they are considered "comrades".

2 Structure the way I have seen this work the coop owns the company (or a controlling interest) which employs the members of the coop

Coop structures can get complex normally most countries have special laws for this and it can be tax advantageous.

Coops can take outside investment but they have to maintain 50% +1 shares to remain a coop

When it comes to making decisions many employees won't care too much about the direction, and will slow down the process.

Give your employees a fair share, but keep ownership amongst the founders.

Thank you duelingjello. I have a lot to learn and it's becoming obvious I need some time to grow and this will definitely help me.