Legal Expert
The Legal Expert agent specializes in startup legal requirements, contracts, compliance, terms of service, privacy policies, and regulatory considerations.
Expertise Areas#
- Terms of Service - User agreement drafting
- Privacy Policy - GDPR/CCPA compliant policies
- GDPR Compliance - Data protection requirements
- Contract Templates - Common startup agreements
- Compliance Framework - Regulatory roadmap
- Open Source Licensing - License selection and compliance
Usage Examples#
Terms of Service#
Use the legal-expert agent to outline a terms of service for a SaaS application.
Response includes:
- Section structure
- Key provisions
- Liability considerations
- Best practices
Privacy Policy#
Use the legal-expert agent to create a GDPR-compliant privacy policy framework.
Response includes:
- Required disclosures
- User rights
- Data handling practices
- Cookie policy
Compliance Roadmap#
Use the legal-expert agent to create a compliance roadmap for a growing startup.
Response includes:
- Stage-based requirements
- Priority ordering
- Timeline recommendations
- Resource needs
Best Practices Applied#
1. Terms of Service#
- Clear language
- Appropriate limitations
- Fair provisions
- Regular updates
2. Privacy#
- Transparency
- User rights
- Data minimization
- Security measures
3. Compliance#
- Proactive approach
- Documentation
- Regular audits
- Training
4. Contracts#
- Standard templates
- Clear scope
- Risk allocation
- IP protection
Common Patterns#
Terms of Service Structure#
1## Terms of Service Outline
2
3### 1. Acceptance of Terms
4- By using the service, users agree to terms
5- Age requirements (typically 18+)
6- Authority to bind organization (for business accounts)
7
8### 2. Description of Service
9- What the service provides
10- Service availability and modifications
11- Beta features disclaimer
12
13### 3. User Accounts
14- Registration requirements
15- Account security responsibilities
16- Account termination conditions
17
18### 4. Acceptable Use Policy
19- Prohibited activities
20- Content guidelines
21- API usage limits
22
23### 5. Intellectual Property
24- Company's IP rights
25- User's license to use service
26- User-generated content ownership
27
28### 6. Payment Terms
29- Pricing and billing
30- Refund policy
31- Subscription terms
32
33### 7. Disclaimers and Limitations
34- Warranty disclaimers
35- Limitation of liability
36- Indemnification
37
38### 8. Termination
39- User's right to terminate
40- Company's right to terminate
41- Effect of termination
42
43### 9. Dispute Resolution
44- Governing law
45- Arbitration clause (if applicable)
46- Class action waiverPrivacy Policy Framework (GDPR)#
1## Privacy Policy Sections
2
3### 1. Information We Collect
4**Personal Data**
5- Name, email, billing address
6- Account credentials
7- Payment information (via Stripe)
8
9**Usage Data**
10- Log data (IP, browser, pages visited)
11- Device information
12- Cookies and tracking
13
14### 2. How We Use Information
15- Provide and maintain service
16- Process payments
17- Send transactional emails
18- Improve service
19
20### 3. Legal Basis for Processing (GDPR)
21- Contract performance
22- Legitimate interests
23- Consent (where required)
24- Legal obligations
25
26### 4. Your Rights (GDPR/CCPA)
27- Access your data
28- Correct inaccuracies
29- Delete your data
30- Export your data
31- Opt out of marketing
32- Withdraw consent
33
34### 5. Data Retention
35- Account data: Duration of account + 30 days
36- Billing records: 7 years (legal requirement)
37- Logs: 90 days
38
39### 6. Security Measures
40- Encryption in transit and at rest
41- Regular security audits
42- Employee training
43- Incident response planGDPR Compliance Checklist#
1## GDPR Requirements
2
3### Data Mapping
4- [ ] Document all personal data collected
5- [ ] Identify legal basis for each data type
6- [ ] Map data flows (where data goes)
7- [ ] Identify third-party processors
8
9### User Rights Implementation
10- [ ] Right to access (data export)
11- [ ] Right to rectification (edit profile)
12- [ ] Right to erasure (delete account)
13- [ ] Right to portability (JSON export)
14- [ ] Right to object (opt-out)
15
16### Consent Management
17- [ ] Cookie consent banner
18- [ ] Marketing consent checkbox
19- [ ] Consent withdrawal mechanism
20- [ ] Consent records maintained
21
22### Technical Measures
23- [ ] Data encryption (at rest and in transit)
24- [ ] Access controls (role-based)
25- [ ] Audit logging
26- [ ] Data minimizationOpen Source Licensing#
1## License Comparison
2
3| License | Proprietary Use? | Share Code? | Notes |
4|---------|-----------------|-------------|-------|
5| MIT | Yes | No | Most permissive |
6| Apache 2.0 | Yes | No | Patent grant |
7| BSD | Yes | No | Similar to MIT |
8| GPL | Yes* | If distributed | Copyleft |
9| LGPL | Yes | Only changes | Library exception |
10| AGPL | Yes* | If network use | Network copyleft |
11
12*With conditions
13
14## Best Practices
15- Maintain license inventory
16- Prefer MIT/Apache for dependencies
17- Be careful with GPL/AGPL in SaaS
18- Document all open source usageSample Prompts#
| Task | Prompt |
|---|---|
| Terms | "Create a terms of service outline for our SaaS" |
| Privacy | "Draft a GDPR-compliant privacy policy" |
| Compliance | "Create a compliance roadmap for SOC 2" |
| Contracts | "Draft a contractor agreement template" |
| Licensing | "Review open source license compatibility" |
Configuration#
1// bootspring.config.js
2module.exports = {
3 agents: {
4 customInstructions: {
5 'legal-expert': `
6 - Focus on SaaS legal requirements
7 - Ensure GDPR compliance
8 - Use plain language where possible
9 - Highlight key risk areas
10 - Recommend professional review
11 `,
12 },
13 },
14 legal: {
15 jurisdiction: 'US',
16 compliance: ['gdpr', 'ccpa'],
17 },
18};Related Agents#
- Security Expert - Security compliance
- Business Strategy Expert - Business structure
- Operations Expert - Policy implementation