We have shipped a SaaS product to the market very recently and one of our bigger customers have shown interest in investing in our company. They have requested a "code review" to evaluate if the product can scale easily. What's your thought on this? Is this a standard procedure before investing in a software company? If so, how can we do so without endangering our IP?
Firstly I don't think biz dev deals should be combined with financing. If the deal goes through, now you have a potential conflict of interest because a key customer is now an investor who has some say about future direction of the product/company
Better to create an SLA level offering and charge them more for any custom development.
Your question was how to do this without endangering your IP. This is not legal advice for your situation, but in this situation a letter of intent and/or also a NNN (non-compete, non-circumvent, non-disclosure agreement) agreement would be appropriate.
Not standard, I have personally experienced it once as "spectator." The investor was savvy enough to understand the build, and wanted to ensure the proprietary "algorithms" were actually there as proposed as part of the value being bought into.
Most investors focus on the team and their resourcefulness not the product alone, in code the product is often the code and although I think it should be more common, I don't think it is... mainly, I think is because most investors (I'm assuming") don't care for the code part or understand it anyway.
Your primary interest, it seems to me, is the protection of the IP. Regardless whether this is standard practice or not.
Have you thought about hiring an audit firm to look through the major code components and produce a report. You can then make the report available to any investment group that requests such information. Of course, you'll need non-disclosure, etc... with the audit firm.