We have shipped a SaaS product to the market very recently and one of our bigger customers have shown interest in investing in our company. They have requested a "code review" to evaluate if the product can scale easily. What's your thought on this? Is this a standard procedure before investing in a software company? If so, how can we do so without endangering our IP?
Your primary interest, it seems to me, is the protection of the IP. Regardless whether this is standard practice or not.
Have you thought about hiring an audit firm to look through the major code components and produce a report. You can then make the report available to any investment group that requests such information. Of course, you'll need non-disclosure, etc... with the audit firm.