A Legal Checklist for Early-Stage Tech Companies

Download the Legal Checklist for Early-Stage Tech Companies

In a tech company’s early days, it’s easy for the founders to make legal missteps.  Most mistakes are unintentional and result from a lack of knowledge or legal budget rather than bad intent. Nonetheless, it’s critical to remedy them as the company moves forward.  Failure to do so can place the company in breach of its business-to-business contracts; it can create uncertainty about the company’s ownership of its intellectual property; and it can create a host of operational risks.  It can also kill or devalue outside investment deals when investors discover these problems in their due diligence.

But how to know what mistakes need fixing in the first place?  To answer this question for our firm’s own technology clients, we sometimes use a legal gap analysis: an exercise to expose any gaps that may exist between how the company should be handling various matters and what the current state of affairs actually is.  Where we find daylight between the two, we help clients close the gaps.

This article contains the very same gap analysis worksheet that we use with our clients.  Each item below lists a legal best practice.  Ideally, your organization can check the box next to the item to confirm it is already in compliance with it.  Unchecked boxes mean issues that we recommend discussing with your business attorney.  While this worksheet alone cannot identify all potential legal pitfalls, checking all boxes will go far toward minimizing future problems (not to mention your peace of mind).

Do not panic if you cannot check every box.  A surprisingly large number of companies miss at least one or two of these.  Most of these can be addressed retroactively.  The key is to simply use this exercise now to identify your legal baseline.

The Company’s Organization

• The business venture should be organized as the correct type of entity (usually a corporation or limited liability company; sometimes other forms such as a benefit corporation). It should be formed in the correct state (which could be Delaware or your own state). This “choice of entity” question requires considering factors including taxes, the company’s plans for outside investment, whether the company will give equity to employees or admit future co-owners, and more.
• All of the company’s owners should sign written documents with the company confirming the terms of their ownership and any separate shareholder or buy-sell agreements they may have with other owners.
• The company’s capitalization table should consider how the company will be capitalized, how equity will be allocated in the near term and in the future and whether employees or consultants will receive equity (restricted stock, stock options or otherwise).

Internal Legal Documents

• All personnel who contribute any creative work to the company must sign a written agreement granting the company itself ownership of their work. These should be signed by anybody who writes code, writes copy or creates art or graphic designs (whether used by the company internally or folded into customer products) – anybody who creates work that can be read, seen, watched or listened to. All of this work is subject to copyright protection and much of it cannot be used by the company or licensed to customers without a written agreement with the personnel who create it. These agreements are generally called “Intellectual Property Assignment” or “Work For Hire” documents.
• All personnel should sign confidentiality agreements (NDAs). In addition to protecting the company’s trade secrets, many tech companies agree in their business-to-business contracts that they will ensure their personnel protect the customers’
• Optionally, companies may wish to have employees and contractors sign non-compete agreements. Non-compete laws are changing rapidly and state laws vary enormously, so do not ask any personnel to sign one without consulting with an attorney.
• Business-to-business tech companies generally should ask each of their personnel to sign a non-solicitation agreement pledging not to poach the employer’s clients after leaving the company. Like non-compete agreements, however, “no poach/no hire” agreements may be restricted by state law, so you should consult with your business attorney.
• Independent contractors / consultants should have written agreement s that define the scope of the engagement and clarify the nature of the contractor relationship.
• Companies should consider simple employment agreement with their employees to outline duties, expectations, compensation, and termination. Optionally, establish a company-wide Employee Handbook with appropriate workplace policies (harassment, data security, payroll practices, equal employment opportunity, etc.) that each employee and owner should sign to confirm receipt.
• Some companies, in particular B2B Software-as-a-Service companies (SaaS) and developers of custom-made software, will also need internal Data Protection Agreements and Information Security Policies. A large and growing number of companies are requiring vendors to have these internal agreements in place with their personnel, and in some cases to show them to the clients.

Ensuring the Company’s Ability to Use Intellectual Property and Labor

• If the company uses open-source software in any of its work, it should ensure it is using the particular open source license appropriate for its goals. Using the wrong license can result in software being automatically published free for all to use without compensation, which severely devalues it. The wrong license can also require downstream restrictions on redistribution that can be hard to unravel later.
• The company should secure written confirmation from its founders, employees and contractors that they are not bound by non-compete agreements with any former employers that prevent them from working with the company.

Public-Facing Documents

• The company must have a Privacy Policy for its website. If it provides consumer SaaS products, each such product must also have a Privacy Policy.
• Each software product should have a written agreement that binds its customers or users. Depending on the product, this might be called an End User License Agreement, Terms of Use, Software as a Service Agreement, or another name.
• Customer/user agreements and privacy policies should be updated when legally necessary and notices of updates communicated to previous users when required. The company should permanently keep proof of the versions of each document in effect at the time each user agreed to it. Users do not necessarily need to manually “click to accept” online documents – this is an issue to discuss with counsel.

Documents for Business-to-Business Deals

• The company should use appropriate written agreements with all customers. For SaaS companies, these may be Master Services Agreements with attached Statements of Work or Software License Agreements. For manufacturers of physical products, these may be Master Purchasing Agreements with Purchase Orders.
• (Optional) Data Processing Agreements (DPAs) are increasingly important for B2B software firms. As noted above, some B2B software agreements require the vendor to enter into a DPA with the client while also having its employees sign an Information Security Policy approved by the client.
• (Optional) Service Level Agreements (SLAs) are required for some B2B deals – typically large enterprise clients. Other clients may instead accept a simple warranty clause as part of a client contract, which is far easier for the vendor.

Best Practices for Risk Mitigation

• The company should purchase business insurance in amounts and types appropriate for its business. For all companies, insurance limits the risk inherent in doing business. For B2B companies, they are often required for a more immediate reason: clients will require it. An insurance broker can advise you on the appropriate lines and amounts to carry, but generally you will want at least Errors & Omissions insurance, General Liability, and Cyber insurance in the amounts of $1 million per occurrence and $1 or $2 million in aggregate.

Marketing and Advertising

• If the company uses any intellectual property published by other individuals or organizations (including open-source software and Creative Commons materials), then the company should ensure its usage complies with the relevant license terms. Even free software and material usually has some usage restrictions.
• (Optional but recommended) The company should conduct a trademark search to reduce the risk that another firm using a similar name or logo will force the company to rebrand, and register the company and product names and logos as federal trademarks. If the company’s mark is available, the company should consider registration with the USPTO to secure valuable rights.
• (Optional but recommended) The company should register the copyrights of its most valuable, public-facing, shareable, and attractive creative assets that are susceptible of copyright protection. Registration must usually be made within 90 days of “publication” to fully protect the organization’s rights.

* * *

Adam Nyhan is an attorney in the Business and Intellectual Property practice groups at Perkins Thompson, P.A., a law firm serving clients throughout the United States and in other countries. Adam represents SaaS companies, custom software developers, mobile app developers, I.T. vendors and employees of freelancers of all of the above.

Related Articles:

• User Experience (UX) Design Agreements: 4 Essential Clauses to Include
• A Hiring Checklist for U.S. Tech Companies