As as founder it is not uncommon to be paranoid about developer stealing your code to launch his own venture. Also giving production server access can also tricky. Of course, you could keep the access only to yourself but if you have multiple servers etc. it doesn't scale over long term and takes lot of your time.
This is particularly challenging when your developer is completely remote and taking legal actions half way across the world isn't something you would want to spend you time/money on.
Here is few things I tried:
Curious to hear your thoughts on this