To echo what’s already been said, your absolute best bet is to ensure your legal agreement with the client clearly specified who owns the source code and what permitted use looks like. You can even have two versions of the contract, and use it as an up-sell e.g it will cost X if I retain the rights, or Y if you want to own the source.
If the client chooses to purchase the rights, give them access to a git repository. If not, don’t.
Either way, use mix releases to deploy your code. While it’s theoretically possible to reverse-engineer the compiled code in your release, in 99% of cases it will be far more expensive than just paying you for the rights.
Reverse-enginering compiled code is really not something to be undertaken lightly, and the Elixir community is still small enough that finding a developer able and willing to do so is going to be neither cheap, nor easy.
It’s possible that your specific situation is the exception that proves the rule, but unless you have incontrovertible proof that there is a very high risk that your client will try to decompile your releases, I really wouldn’t worry about it. Remember YAGNI!
