RULE: A platform that cannot produce a clean export today is a hostage situation. Treat it as such.
Rule: When evaluating a platform / vendor / agency for a Candid client, the empirical test is: can the client get a clean, working export of their content and data today, without vendor cooperation? If the answer is no, classify the situation as hostage in slow motion — there will be a forced migration event, and the cost will be on the client.
Why: Three live 2024-2026 case studies prove forced migrations happen:
- Shopify checkout.liquid sunset (see Shopify checkout.liquid sunset (Aug 2024 → Aug 2025 → June 30 2026) — unmigrated customizations will be DELETED) — 18 months notice, $2k-$10k rebuilds, unmigrated code DELETED
- Squarespace + Google Domains (see Squarespace acquired Google Domains for $180M (Sept 7, 2023) — ~10M SMB domains migrated automatically) — 10M domains migrated automatically to a vendor customers didn't choose
- ACF → SCF takeover (see ACF → SCF forced fork (Oct 12, 2024) — first unilateral plugin takeover in 21-year WordPress history) — 2M+ sites silently switched plugin source
Add the SaaS-export-impossible cases (Wix officially: "no export is possible" — confirmed in writing as a structural property, Squarespace 7.1: no XML export at all. 7.0 export omits images, products, custom CSS, video, audio, drafts, non-blog pages) and the pattern is clear: platforms that can't export will eventually impose a migration the client doesn't want.
How to apply:
- During platform selection: weight portability as a primary criterion alongside cost and capability
- For existing clients on non-portable platforms: schedule a migration proactively to a portable stack, on the client's timeline, not the vendor's
- The 18-month / 5-year audit cadence (see editorial direction in Research brief: Owning your stack — why agency-managed platforms cost more than they save (piece 4 of 15)) catches these before the vendor forces the issue
- The honest counter-position (Counter-argument: a $200/mo managed platform buys you a larger security team than most agencies have) still applies: some clients should be on managed platforms despite the lock-in. The rule isn't "never" — it's "name the trade and document it."
Depends on
- reference Shopify checkout.liquid sunset (Aug 2024 → Aug 2025 → June 30 2026) — unmigrated customizations will be DELETED
- reference Squarespace acquired Google Domains for $180M (Sept 7, 2023) — ~10M SMB domains migrated automatically
- reference ACF → SCF forced fork (Oct 12, 2024) — first unilateral plugin takeover in 21-year WordPress history
- reference Wix officially: "no export is possible" — confirmed in writing as a structural property
- reference Squarespace 7.1: no XML export at all. 7.0 export omits images, products, custom CSS, video, audio, drafts, non-blog pages
Referenced by (5)
- reference Research brief: Owning your stack — why agency-managed platforms cost more than they save (piece 4 of 15) relates-to
- reference Drupal 7 EOL January 5, 2025 — ~291,386 sites still on D7 in Sept 2024; migration is effectively a rebuild relates-to
- rule RULE: Plugin count is the WordPress security surface. Audit quarterly; one-in, one-out rule. relates-to
- reference Reference: vertical SaaS data portability comparison (ServiceTitan / Jobber / Housecall Pro / Clio / Karbon / Tekmetric) relates-to
- reference ServiceTitan: "Open Data Pledge" promises CSV export — but practitioner reports cite $24k-$39k exit contract buyouts (flag for verification) relates-to