--- name: "legal-ip-fortress" description: "Startup legal and IP protection operating system covering entity formation, co-founder agreements, IP strategy (patents, trademarks, trade secrets, copyright), employment law, contract management, regulatory compliance by industry, data privacy (GDPR/CCPA/DPDP), open-source license compliance, litigation prevention, IP valuation, M&A legal readiness, and investor-side legal requirements. Includes comprehensive India legal stack covering Companies Act 2013, FEMA, RBI regulations, SEBI compliance, Patent Act 1970, Trademark Act 1999, IT Act 2000, DPDP Act 2023, Labour Codes 2020, Shop & Establishment Acts, GST compliance, transfer pricing, and regulatory sandbox frameworks. Use when user mentions legal, lawyer, attorney, IP, patent, trademark, copyright, trade secret, contract, NDA, employment agreement, ESOP agreement, shareholder agreement, term sheet legal, regulatory, compliance, GDPR, CCPA, data privacy, open source license, litigation, lawsuit, cease and desist, incorporation, entity structure, or any legal/IP protection need." license: MIT metadata: version: 2.0.0 author: TechKnowmad AI category: legal-ip domain: startup-legal-protection updated: 2026-03-22 frameworks: ip-strategy, contract-management, regulatory-compliance data-sources: Cooley, Orrick, Wilson Sonsini, WSGR, Y Combinator, NVCA, USPTO, WIPO, EPO, Indian Patent Office, MCA, DPIIT, Nishith Desai, AZB Partners, Khaitan, Trilegal --- # Legal & IP Fortress The startup legal protection operating system. Actionable legal frameworks — not legal advice (always consult qualified counsel) — organized as decision trees, checklists, and compliance matrices so founders know what to ask, when to act, and what to protect. ## Keywords legal, lawyer, attorney, law firm, IP, intellectual property, patent, trademark, copyright, trade secret, NDA, non-disclosure, non-compete, contract, agreement, terms of service, privacy policy, employment agreement, offer letter, ESOP agreement, shareholder agreement, SHA, SSA, articles of incorporation, bylaws, operating agreement, entity formation, Delaware, Singapore, India, incorporation, regulatory, compliance, GDPR, CCPA, DPDP, data privacy, open source, license, MIT, Apache, GPL, litigation, lawsuit, cease and desist, C&D, injunction, arbitration, mediation, IP valuation, patent troll, freedom to operate, prior art, provisional patent, utility patent, design patent, 409A, fair market value, cap table legal, vesting, acceleration, ROFR, drag along, tag along, information rights, protective provisions, anti-dilution, liquidation preference, Companies Act, FEMA, RBI, SEBI, MCA, ROC, DPIIT, IT Act, Patent Act, Trademark Act, Copyright Act, Labour Code, Shop Establishment, GST, transfer pricing --- ## How to Use This Skill This skill operates in **6 modes** based on legal need: | Mode | Trigger | What It Does | |------|---------|--------------| | **Foundation** | "setting up my company", "incorporation" | Entity structure, co-founder agreements, initial IP | | **Protect** | "patent this", "protect our IP" | IP strategy, filing decisions, trade secret protocols | | **Contract** | "review this agreement", "NDA template" | Contract analysis, negotiation points, templates | | **Comply** | "GDPR compliance", "regulatory requirements" | Compliance checklists, gap analysis, remediation | | **Defend** | "cease and desist", "we're being sued" | Litigation readiness, response protocols, insurance | | **Transact** | "acquisition legal", "due diligence legal" | M&A legal prep, IP valuation, DD checklists | **Chain with existing skills:** - `fundraising-command-center` for term sheet legal terms - `crisis-war-room` for legal crises and litigation - `governance-compliance-shield` for ongoing regulatory compliance - `talent-os` for employment law and equity legal - `india-business-law` for detailed India regulatory guidance **IMPORTANT**: This skill provides frameworks and checklists for legal planning. It is NOT legal advice. Always engage qualified legal counsel for specific legal matters. --- ## 1. Entity Formation Decision Matrix ### Jurisdiction Selection ``` Where should you incorporate? ├── Raising US VC money? → Delaware C-Corp (standard, 85%+ of VC-backed startups) ├── Raising only from Indian investors? → India Private Limited (Section 2(68)) ├── Want both? → Delaware parent + India subsidiary (flip structure) ├── Hardware/manufacturing in India? → India Pvt Ltd (easier to operate) ├── IP licensing model? → Consider Singapore + India subsidiary ├── Crypto/Web3? → Cayman/BVI + operating entity (consult counsel) └── Bootstrapped, India-only? → India LLP or Pvt Ltd ``` ### Entity Type Comparison | Factor | Delaware C-Corp | India Pvt Ltd | Singapore Pte Ltd | LLP (India) | |--------|----------------|---------------|-------------------|-------------| | VC Fundraise | Standard | Acceptable | Good for SEA | Not suitable | | ESOP Flexibility | Excellent | Good (post-2020) | Excellent | Limited | | Tax Efficiency | Higher corp tax | Lower initially | Low (17%) | Pass-through | | Flip Structure | N/A | Needs RBI approval | Easier | N/A | | Compliance Burden | Low-Medium | High | Medium | Medium | | Cost to Set Up | $1,500-3,000 | INR 10,000-25,000 | SGD 3,000-5,000 | INR 5,000-15,000 | ### Day-1 Legal Checklist (Pre-Revenue) - [ ] Entity incorporated with clean structure - [ ] Co-founder agreement / SHA signed - [ ] IP assignment agreements (all founders assign IP to company) - [ ] CIIA (Confidential Information & Invention Assignment) for all team members - [ ] Vesting schedule established (4yr/1yr cliff standard) - [ ] Board resolutions for initial actions - [ ] EIN/PAN/TAN obtained - [ ] Basic employment agreements drafted - [ ] NDA template ready - [ ] Domain names secured - [ ] Trademark search conducted for company name - [ ] Privacy policy and ToS drafted (if customer-facing) --- ## 2. IP Strategy Matrix ### IP Protection Decision Tree ``` What type of IP do you have? │ ├── Technical invention (novel, non-obvious, useful)? │ ├── Yes → Consider patent │ │ ├── Software/algorithm → Provisional patent (buy time) + trade secret for implementation │ │ ├── Hardware/device → Utility patent (strong protection) │ │ ├── Design/UI → Design patent (cheaper, narrower) │ │ └── Pharma/biotech → Utility patent (essential, long timeline) │ └── No → Trade secret + copyright │ ├── Brand name, logo, slogan? │ └── Trademark registration (file early, enforce always) │ ├── Creative work (code, content, design)? │ └── Copyright (automatic, but register for enforcement) │ ├── Customer data, algorithms, processes? │ └── Trade secret (strongest when patent not viable) │ └── Open source contributions? └── License compliance + CLA (Contributor License Agreement) ``` ### Patent vs Trade Secret Decision | Factor | Patent | Trade Secret | |--------|--------|-------------| | **Duration** | 20 years (utility), 15 years (design) | Indefinite (as long as secret) | | **Disclosure** | Full public disclosure required | Must remain secret | | **Cost** | $15K-50K+ per patent (US) | Low (internal controls) | | **Enforcement** | Can stop independent invention | Only protects against misappropriation | | **Speed** | 2-5 years to grant | Immediate | | **Best for** | Hardware, pharma, defensible tech | Algorithms, processes, data, recipes | | **Startup budget** | Provisional first ($3-5K), full later | NDA + access controls + documentation | ### Patent Filing Strategy for Startups **Phase 1: Provisional Patent ($3-5K)** - File as early as possible for priority date - 12-month window to file full application - "Patent Pending" status for investor conversations - Can be broad — refine in full application **Phase 2: PCT Application (Month 12, $5-10K)** - International treaty — buys 30 months to choose countries - Single application covers 150+ countries - Essential if you plan international expansion **Phase 3: National Phase (Month 30, $10-30K per country)** - File in jurisdictions where you'll do business or face competition - Priority countries: US, EU (EPO), China, India, Japan - Cost-benefit: only file where enforcement is realistic ### Trademark Protection Protocol | Action | Timeline | Cost | Priority | |--------|----------|------|----------| | Trademark search (TESS/TMR) | Before naming | Free-$500 | Critical | | File trademark application | Day 1 | $250-350/class (USPTO) | High | | Domain name registration | Day 1 | $10-50/year | Critical | | Social media handles | Day 1 | Free | High | | International trademark (Madrid Protocol) | When expanding | $600-1,500/country | Medium | | Monitor for infringement | Ongoing | $100-500/month | Medium | ### India IP Filing | IP Type | Filing Office | Typical Cost | Timeline | |---------|-------------|-------------|----------| | Patent (Provisional) | Indian Patent Office | INR 8,000-15,000 | Immediate | | Patent (Complete) | Indian Patent Office | INR 50,000-2,00,000 | 3-7 years | | Trademark | TMR, Controller General | INR 4,500-9,000/class | 12-24 months | | Copyright | Copyright Office | INR 500-2,000 | 6-12 months | | Design | Design Wing, Patent Office | INR 4,000-8,000 | 6-12 months | | GI (Geographical Indication) | GI Registry | INR 5,000-10,000 | 12-24 months | --- ## 3. Contract Essentials Matrix ### Critical Contracts by Stage | Stage | Must-Have Contracts | Nice-to-Have | |-------|-------------------|-------------| | **Pre-Seed** | Co-founder agreement, IP assignment, NDA, CIIA | Advisory agreements | | **Seed** | + Employment agreements, customer ToS, privacy policy | Vendor agreements, partnership MOUs | | **Series A** | + SHA/SSA, board consent forms, ESOP plan, data processing agreements | Channel partner agreements, licensing deals | | **Series B+** | + International contracts, joint ventures, M&A documentation | Franchise agreements, complex licensing | ### Key Contract Negotiation Points **Employment Agreements:** - IP assignment (work-for-hire + assignment of inventions) - Non-compete: enforceable varies by jurisdiction (void in California, limited in India) - Non-solicitation: 12-24 months is standard - At-will vs fixed term (India requires notice period) - ESOP grant as part of offer (vest schedule, exercise price, cliff) **Customer Agreements (SaaS):** - Limitation of liability (cap at 12 months of fees paid) - Indemnification (mutual, with carve-outs for IP infringement) - Data processing terms (GDPR Art 28 if EU customers) - SLA with remedies (credits, not termination) - Auto-renewal with notice period for cancellation **Vendor/Contractor Agreements:** - IP ownership (ensure company owns all work product) - Confidentiality (survives termination) - Indemnification for IP infringement - Termination for convenience (30-day notice) - Data security requirements (especially for PII handlers) --- ## 4. Data Privacy Compliance Matrix ### Regulation Applicability | Regulation | Applies If | Key Requirements | Penalty | |-----------|-----------|-----------------|---------| | **GDPR** | Any EU user data | Consent, DPO, DPIA, 72hr breach notice | Up to 4% global revenue or EUR 20M | | **CCPA/CPRA** | CA residents, >$25M rev or >100K consumers | Opt-out, data deletion, no discrimination | $2,500-7,500 per violation | | **DPDP Act (India)** | Indian data principals | Consent, purpose limitation, breach notice | Up to INR 250 crore | | **PIPEDA (Canada)** | Canadian user data | Consent, accountability, access rights | Up to CAD 100,000 | | **POPIA (South Africa)** | SA user data | Consent, purpose specification | Up to ZAR 10M | | **LGPD (Brazil)** | Brazilian user data | Consent, DPO, legitimate interest | Up to 2% revenue or BRL 50M | ### Privacy Compliance Checklist (Minimum Viable) - [ ] Privacy policy published and accessible - [ ] Cookie consent mechanism (if serving EU) - [ ] Data processing agreements with all vendors handling PII - [ ] Data inventory: what data, where stored, who accesses, retention period - [ ] User rights mechanism: access, deletion, portability requests - [ ] Breach notification process documented - [ ] Employee training on data handling - [ ] Encryption at rest and in transit for PII - [ ] Access controls and logging for PII systems --- ## 5. Open Source License Compliance ### License Compatibility Matrix | License | Can Use In Proprietary Product? | Must Disclose Source? | Patent Grant? | |---------|-------------------------------|----------------------|--------------| | **MIT** | Yes | No (include copyright notice) | No | | **Apache 2.0** | Yes | No (include NOTICE file) | Yes | | **BSD 2/3** | Yes | No (include copyright) | No | | **LGPL** | Yes (with dynamic linking) | Only modifications to LGPL code | No | | **MPL 2.0** | Yes | Only modified MPL files | Yes | | **GPL v2/v3** | NO (copyleft) | Entire derivative work | v3 only | | **AGPL v3** | NO (network copyleft) | Including SaaS use | Yes | | **SSPL** | NO | Entire service stack | No | | **BSL** | Varies (time-delayed) | After change date | Varies | ### Safe Practices - Maintain SBOM (Software Bill of Materials) - Automated license scanning (FOSSA, Snyk, WhiteSource) - GPL/AGPL: never import into proprietary codebase without legal review - Copyleft code in microservice? Isolate behind API boundary - Contribute back: safer than forking for long-term maintenance --- ## 6. Litigation Prevention Playbook ### Top 10 Lawsuit Triggers for Startups | # | Trigger | Prevention | |---|---------|-----------| | 1 | Co-founder dispute (no written agreement) | SHA/founder agreement on Day 1 | | 2 | IP ownership unclear (contractor/former employer) | CIIA, IP assignment, clean room | | 3 | Employee misclassification (contractor vs employee) | Follow IRS 20-factor test, state tests | | 4 | Non-compete violation (from previous employer) | Legal review before hiring, clean room | | 5 | Customer data breach | Security program, incident response plan | | 6 | Trademark infringement | Search before naming, register early | | 7 | Patent infringement | Freedom-to-operate search for core tech | | 8 | Securities violation (fundraising) | Use standard docs, Reg D compliance | | 9 | Employment discrimination | Document everything, consistent policies | | 10 | Vendor payment dispute | Clear contracts, documented deliverables | ### Insurance Requirements by Stage | Insurance | When to Get | Typical Cost | Coverage | |-----------|------------|-------------|---------| | **D&O** | At first funding | $2,000-10,000/yr | Director/officer liability | | **E&O/Professional Liability** | At first customer | $1,000-5,000/yr | Service errors, negligence | | **Cyber Liability** | At first user data | $1,000-7,500/yr | Data breach costs | | **General Liability** | At incorporation | $500-3,000/yr | Physical injury, property damage | | **Workers' Comp** | At first hire | State-mandated | Employee injuries | | **Key Person** | At Series A | Varies | CEO/CTO incapacity | | **IP Insurance** | If patent-heavy | $5,000-25,000/yr | Patent defense/enforcement | --- ## 7. M&A / Exit Legal Readiness ### Legal Due Diligence Checklist (What Acquirers Examine) - [ ] Clean cap table with no disputes - [ ] All IP properly assigned to company (no gaps) - [ ] No pending or threatened litigation - [ ] All employment agreements current and enforceable - [ ] Regulatory compliance documented - [ ] Customer contracts transferable (no change-of-control issues) - [ ] No material undisclosed liabilities - [ ] Tax filings current and accurate - [ ] Insurance policies adequate - [ ] All corporate governance documents in order - [ ] Data privacy compliance documented - [ ] Open source compliance verified - [ ] No outstanding government investigations - [ ] Material contracts have assignment provisions ### India M&A Legal Considerations - **CCI Approval**: Competition Commission of India approval if turnover/asset thresholds met - **FEMA Compliance**: RBI approval for cross-border M&A - **Stamp Duty**: Varies by state on share transfer - **Capital Gains**: Short-term vs long-term based on holding period - **Section 56(2)(x)**: Consideration below fair value triggers tax - **NCLT Scheme**: Court-approved merger scheme for complex structures --- ## Reference Files For detailed templates and India-specific legal guides, load: - [`reference/contract-templates-index.md`](reference/contract-templates-index.md) — Key clauses and negotiation points for all startup contracts - [`reference/india-legal-compliance.md`](reference/india-legal-compliance.md) — India Companies Act, FEMA, labor law, and tax compliance matrices ## Forensic Intelligence & Regulatory Arbitrage Layer ### Benford's Law for Due Diligence ``` In legitimate data, digit "1" leads ~30%. Fabricated → uniform distribution. Protocol: Extract financials → first-digit analysis → chi-squared test p < 0.05 → Flag for investigation. 30% more likely adverse SOX opinions. Use as screening tool, not definitive proof. ``` ### OSINT for Competitive Intel ``` 1. Job postings → strategic direction (new ML hires = AI pivot) 2. BuiltWith → competitor tech stack (costs, capabilities) 3. Patent/trademark filings → future product direction 4. Glassdoor/Blind → culture intelligence, litigation risk 5. Google dorking: site:competitor.com filetype:pdf 6. Court records → ongoing litigation exposure ``` ### Regulatory Sandbox Strategies | Jurisdiction | Regulator | Timeline | Key Benefit | |-------------|-----------|----------|-------------| | UK | FCA | 6-12mo | Regulatory cover | | Singapore | MAS | 6mo | Clear path to full license | | India | RBI | 12-18mo | Test without full compliance | | India | IFSCA (GIFT City) | Varies | No FEMA, tax holiday | | UAE | DFSA | 12mo | Tax-free + regulatory cover | ### R&D Tax Credit Optimization | Jurisdiction | Benefit | Key Detail | |-------------|---------|------------| | US Section 174 | Full deduction | Immediate expensing restored (2025) | | UK RDEC | 20% credit | Enhanced for R&D-intensive SMEs | | India Section 35 | 100% deduction | DSIR approval required | | Singapore | 250% deduction | First S$400K qualifying R&D | ### Forward/Reverse Flip (2025-2026) Forward flip: India → Delaware/Singapore. Pre-Series A with US VC interest. Reverse flip: Overseas → India. Major trend (Razorpay, Zepto, Meesho completed 2025). September 2024 fast-track process: 90-120 days vs previous 8-12 months.