Bootspring
HomeGet Started

Legal & Compliance Workflow

Complete guide to legal foundations including entity formation, contracts, IP protection, and compliance requirements

The Legal & Compliance workflow helps founders establish proper legal foundations and maintain compliance as the company grows.

Overview#

PropertyValue
Phases4
TierBusiness
Typical Duration2-4 weeks (initial), ongoing
Best ForCompany formation, contract setup, compliance preparation

Why Legal Foundations Matter#

Proper legal setup:

  • Protects founders - Liability protection and clear ownership
  • Enables fundraising - Investors require proper structure
  • Prevents disputes - Clear agreements prevent costly conflicts
  • Enables growth - Proper foundation for hiring, partnerships, customers
  • Reduces risk - Compliance prevents fines and lawsuits

Legal Foundation Framework#

┌─────────────────────────────────────────────────────────────────────────┐ │ LEGAL FOUNDATION LAYERS │ ├─────────────────────────────────────────────────────────────────────────┤ │ │ │ ┌─────────────────────────────────────────────────────────────────┐ │ │ │ COMPANY STRUCTURE │ │ │ │ Entity type, incorporation, ownership, governance │ │ │ └─────────────────────────────────────────────────────────────────┘ │ │ │ │ │ ┌───────────────────────────┼───────────────────────────┐ │ │ │ │ │ │ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ │ │ FOUNDER │ │ TEAM │ │ CUSTOMER │ │ │ │ │ │ AGREEMENTS │ │ AGREEMENTS │ │ AGREEMENTS │ │ │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │ │ └───────────────────────────────────────────────────────┘ │ │ │ │ │ ┌───────────────────────────┼───────────────────────────┐ │ │ │ │ │ │ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ │ │ IP │ │ PRIVACY │ │ COMPLIANCE │ │ │ │ │ │ PROTECTION │ │ & DATA │ │ & REGS │ │ │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │ │ └───────────────────────────────────────────────────────┘ │ │ │ └─────────────────────────────────────────────────────────────────────────┘

Phases#

Phase 1: Company Formation (1-2 weeks)#

Agents: legal-expert

Establish the legal entity and foundational documents.

Tasks:

  • Choose entity type
  • Incorporate the company
  • Create founder agreements
  • Set up equity structure
  • Establish governance

Entity Selection Guide:

1## Entity Type Comparison 2 3### For US-Based Startups 4 5| Entity | Best For | Pros | Cons | 6|--------|----------|------|------| 7| Delaware C-Corp | VC-funded startups | Standard for investors, easy stock issuance | Double taxation, formalities | 8| LLC | Bootstrapped, lifestyle | Pass-through taxation, flexible | Harder to fundraise, complex for equity | 9| S-Corp | Small profitable business | Tax advantages | Restrictions on shareholders | 10 11### Recommendation by Situation 12 13| Situation | Recommendation | 14|-----------|----------------| 15| Planning to raise VC | Delaware C-Corp | 16| Bootstrapping, may raise later | Delaware C-Corp (flexibility) | 17| Lifestyle business, no investors | LLC | 18| International founders | Delaware C-Corp + check visa implications | 19 20### Delaware C-Corp Formation Checklist 21 22- [ ] File Certificate of Incorporation with Delaware 23- [ ] Obtain EIN from IRS 24- [ ] Adopt bylaws 25- [ ] Hold initial board meeting 26- [ ] Issue founder shares 27- [ ] File 83(b) elections (within 30 days!) 28- [ ] Qualify to do business in operating state 29- [ ] Open business bank account 30- [ ] Set up registered agent 31 32### Cost Estimates 33 34| Item | Cost Range | Notes | 35|------|------------|-------| 36| Delaware incorporation | $200-500 | State fees | 37| Registered agent | $50-300/year | Required | 38| Legal fees (lawyer) | $2,000-5,000 | For full setup | 39| Legal fees (Stripe Atlas, etc.) | $500-1,000 | DIY platforms |

Founder Agreement Template:

1## Founder Agreement Key Terms 2 3### Equity Split 4 5| Founder | Role | Equity % | Vesting | Cliff | 6|---------|------|----------|---------|-------| 7| Founder A | CEO | 50% | 4 years | 1 year | 8| Founder B | CTO | 50% | 4 years | 1 year | 9 10### Vesting Schedule 11

Year 1: 25% vests at cliff (month 12) Year 2-4: Remaining 75% vests monthly (2.08%/month)

Acceleration triggers:

  • Single trigger: None
  • Double trigger: 50% acceleration on acquisition + termination
### Key Provisions 1. **Roles & Responsibilities** - Founder A: Business, fundraising, operations - Founder B: Product, engineering, technology 2. **Time Commitment** - Full-time dedication required - No outside employment without consent - Notification of side projects required 3. **Decision Making** - Day-to-day: Individual domain - Major decisions: Unanimous consent - Major decisions include: Fundraising, hiring execs, pivots, M&A 4. **IP Assignment** - All work product belongs to company - Prior IP listed and excluded - Assignment executed at incorporation 5. **Departure Scenarios** - Voluntary departure: Unvested shares forfeited - Termination for cause: All shares forfeited - Termination without cause: Vesting continues 3 months - Death/disability: Full acceleration 6. **Non-Compete & Non-Solicit** - Non-compete: 1 year in same market - Non-solicit: 1 year for employees and customers - Geographic scope: [Defined] 7. **Confidentiality** - Indefinite confidentiality obligation - Covers all company information - Survives departure

Phase 2: Contracts & Agreements (1-2 weeks)#

Agents: legal-expert

Create standard agreements for employees, contractors, and customers.

Tasks:

  • Create employment agreements
  • Create contractor agreements
  • Create customer terms of service
  • Create privacy policy
  • Create NDA template

Essential Contracts Checklist:

1## Contract Templates Needed 2 3### Employment / Team 4- [ ] Offer letter template 5- [ ] Employment agreement 6- [ ] Contractor agreement (CIIA) 7- [ ] Advisor agreement 8- [ ] NDA (mutual and one-way) 9 10### Customer 11- [ ] Terms of Service 12- [ ] Privacy Policy 13- [ ] Data Processing Agreement (DPA) 14- [ ] Service Level Agreement (SLA) 15- [ ] Enterprise Master Service Agreement 16 17### Business 18- [ ] Partner agreement template 19- [ ] Vendor agreement template 20- [ ] Referral agreement

Terms of Service Outline:

1## Terms of Service - Key Sections 2 3### 1. Acceptance of Terms 4- Agreement to be bound 5- Eligibility requirements (age, authority) 6- Changes to terms 7 8### 2. Account Registration 9- Account creation requirements 10- Account security responsibilities 11- Accurate information requirement 12 13### 3. Services Description 14- What the service provides 15- Service availability 16- Modifications to service 17 18### 4. Payment Terms 19- Pricing and billing 20- Payment methods 21- Refund policy 22- Auto-renewal terms 23 24### 5. Acceptable Use 25- Permitted uses 26- Prohibited activities 27- Content guidelines 28- Enforcement 29 30### 6. Intellectual Property 31- Company IP ownership 32- User content license 33- Feedback license 34 35### 7. Privacy 36- Reference to Privacy Policy 37- Data handling summary 38 39### 8. Disclaimers 40- Service provided "as is" 41- No warranty of availability 42- No warranty of accuracy 43 44### 9. Limitation of Liability 45- Cap on damages 46- Exclusion of consequential damages 47- Exceptions (gross negligence, willful misconduct) 48 49### 10. Indemnification 50- User indemnifies company 51- Scope of indemnification 52 53### 11. Termination 54- Termination rights 55- Effect of termination 56- Survival of terms 57 58### 12. Dispute Resolution 59- Governing law 60- Arbitration clause (if applicable) 61- Venue 62- Class action waiver 63 64### 13. General Provisions 65- Entire agreement 66- Severability 67- Waiver 68- Assignment

Privacy Policy Outline:

1## Privacy Policy - Key Sections 2 3### 1. Information We Collect 4- Information you provide 5- Information collected automatically 6- Information from third parties 7 8### 2. How We Use Information 9- Provide the service 10- Improve the service 11- Communicate with you 12- Marketing (with consent) 13- Legal compliance 14 15### 3. How We Share Information 16- Service providers 17- Business transfers 18- Legal requirements 19- With your consent 20 21### 4. Data Retention 22- How long we keep data 23- Deletion upon request 24 25### 5. Your Rights 26- Access your data 27- Correct your data 28- Delete your data 29- Export your data 30- Opt out of marketing 31 32### 6. Security 33- Measures we take 34- No guarantee of absolute security 35 36### 7. International Transfers 37- Where data is processed 38- Safeguards for transfers 39 40### 8. Children's Privacy 41- Not intended for children 42- Age requirements 43 44### 9. Changes to Policy 45- How we notify of changes 46- Effective date of changes 47 48### 10. Contact Information 49- How to reach us 50- Data protection officer (if applicable)

Phase 3: IP Protection (1 week)#

Agents: legal-expert

Protect company intellectual property.

Tasks:

  • Ensure IP assignment from founders
  • Register trademarks
  • Implement trade secret protection
  • Review open source usage
  • Document IP inventory

IP Protection Framework:

1## Intellectual Property Protection 2 3### IP Assignment 4 5**From Founders:** 6- [ ] Technology Assignment Agreement signed 7- [ ] Prior IP disclosure completed 8- [ ] IP transferred to company 9 10**From Employees/Contractors:** 11- [ ] CIIA (Confidential Information and Inventions Assignment) 12- [ ] Work-for-hire provisions 13- [ ] IP assignment clauses 14 15### Trademark Protection 16 17| Mark | Type | Status | Class | Filing Date | 18|------|------|--------|-------|-------------| 19| Company Name | Word mark | Registered | 42 | [Date] | 20| Logo | Design mark | Pending | 42 | [Date] | 21| Product Name | Word mark | TBD | 42 | Planned | 22 23**Trademark Checklist:** 24- [ ] Conduct clearance search 25- [ ] File intent-to-use application 26- [ ] Monitor for infringement 27- [ ] Maintain registrations 28 29### Trade Secret Protection 30 31**Information Categories:** 321. Source code and algorithms 332. Customer data and lists 343. Business strategies and plans 354. Financial information 365. Vendor relationships and pricing 37 38**Protection Measures:** 39- [ ] NDAs with all employees and contractors 40- [ ] Access controls (need-to-know basis) 41- [ ] Document marking (Confidential) 42- [ ] Exit interviews with departing employees 43- [ ] Security policies and training 44 45### Open Source Compliance 46 47**License Categories:** 48 49| Type | Examples | Obligations | Risk Level | 50|------|----------|-------------|------------| 51| Permissive | MIT, Apache, BSD | Attribution | Low | 52| Weak Copyleft | LGPL, MPL | Share modifications | Medium | 53| Strong Copyleft | GPL, AGPL | Share all linked code | High | 54 55**Open Source Policy:** 56- Permitted: Permissive licenses 57- Review required: Weak copyleft 58- Prohibited: Strong copyleft in proprietary code 59 60**Open Source Inventory:** 61- [ ] Maintain SBOM (Software Bill of Materials) 62- [ ] Review new dependencies before adding 63- [ ] Document license compliance 64- [ ] Attribute properly in product 65 66### Patent Considerations 67 68**For most startups:** 69- Patents are expensive ($15-30K+ per patent) 70- Long timeline (2-4 years) 71- Defensive value primarily 72- Consider provisional patents for key innovations 73 74**Patent Strategy:** 75- [ ] Identify potentially patentable inventions 76- [ ] Document with dated lab notebooks 77- [ ] Consult patent attorney for key innovations 78- [ ] File provisional patents if needed

Phase 4: Compliance Requirements (Ongoing)#

Agents: legal-expert, security-expert

Establish and maintain compliance with relevant regulations.

Tasks:

  • Identify applicable regulations
  • Implement compliance measures
  • Create compliance documentation
  • Set up ongoing monitoring
  • Prepare for audits

Compliance Framework:

1## Compliance Requirements 2 3### Regulatory Landscape 4 5| Regulation | Applies If | Key Requirements | 6|------------|------------|------------------| 7| GDPR | EU users/data | Consent, data rights, DPO | 8| CCPA/CPRA | California residents | Privacy notice, opt-out | 9| SOC 2 | Enterprise sales | Security controls, audit | 10| HIPAA | Health data | BAA, security standards | 11| PCI DSS | Payment data | Card handling, encryption | 12 13### GDPR Compliance Checklist 14 15**Legal Basis:** 16- [ ] Consent mechanisms implemented 17- [ ] Legitimate interest assessments 18- [ ] Processing records maintained 19 20**Data Subject Rights:** 21- [ ] Access request process 22- [ ] Deletion request process 23- [ ] Portability (data export) 24- [ ] Correction mechanism 25 26**Documentation:** 27- [ ] Privacy policy (GDPR compliant) 28- [ ] Cookie policy and consent 29- [ ] Data processing records 30- [ ] DPA template for vendors 31 32**Technical Measures:** 33- [ ] Data encryption 34- [ ] Access controls 35- [ ] Breach detection 36- [ ] 72-hour notification capability 37 38### CCPA/CPRA Compliance Checklist 39 40- [ ] Privacy notice with required disclosures 41- [ ] "Do Not Sell My Personal Information" link 42- [ ] Consumer request response process 43- [ ] Employee and contractor training 44- [ ] Vendor contract updates 45 46### Corporate Compliance 47 48**Delaware C-Corp Requirements:** 49- [ ] Annual franchise tax payment (March 1) 50- [ ] Annual report filing 51- [ ] Board meeting minutes 52- [ ] Stock ledger maintenance 53- [ ] Registered agent maintenance 54 55**Employment Compliance:** 56- [ ] I-9 verification for employees 57- [ ] State employment registrations 58- [ ] Workers' compensation insurance 59- [ ] Unemployment insurance 60- [ ] Required posters displayed 61 62**Tax Compliance:** 63- [ ] Federal tax filings 64- [ ] State tax filings 65- [ ] Sales tax collection (if applicable) 66- [ ] 1099 issuance for contractors

Essential Legal Documents Library#

1## Document Inventory 2 3### Formation Documents 4| Document | Status | Location | Last Updated | 5|----------|--------|----------|--------------| 6| Certificate of Incorporation | Complete | [Link] | [Date] | 7| Bylaws | Complete | [Link] | [Date] | 8| Board consent (initial) | Complete | [Link] | [Date] | 9| Stock purchase agreements | Complete | [Link] | [Date] | 10| 83(b) elections | Filed | [Link] | [Date] | 11 12### Founder/Team Documents 13| Document | Status | Location | Last Updated | 14|----------|--------|----------|--------------| 15| Founder agreement | Complete | [Link] | [Date] | 16| Employment agreement template | Complete | [Link] | [Date] | 17| Contractor agreement template | Complete | [Link] | [Date] | 18| Offer letter template | Complete | [Link] | [Date] | 19| NDA template | Complete | [Link] | [Date] | 20 21### Customer Documents 22| Document | Status | Location | Last Updated | 23|----------|--------|----------|--------------| 24| Terms of Service | Complete | [Link] | [Date] | 25| Privacy Policy | Complete | [Link] | [Date] | 26| DPA template | Complete | [Link] | [Date] | 27| Cookie Policy | Complete | [Link] | [Date] | 28 29### Compliance Documents 30| Document | Status | Location | Last Updated | 31|----------|--------|----------|--------------| 32| GDPR compliance assessment | Complete | [Link] | [Date] | 33| Data processing records | Complete | [Link] | [Date] | 34| Security policies | Complete | [Link] | [Date] | 35| Incident response plan | Complete | [Link] | [Date] |

Starting the Workflow#

1# Start legal workflow 2bootspring workflow start business-legal 3 4# Generate terms of service 5bootspring legal terms create 6 7# Generate privacy policy 8bootspring legal privacy create 9 10# Check compliance status 11bootspring legal compliance check

Deliverables#

A successful Legal & Compliance workflow produces:

  • Incorporated entity
  • Founder agreements
  • Equity structure documentation
  • Employment/contractor templates
  • Terms of Service
  • Privacy Policy
  • NDA templates
  • IP assignment agreements
  • Compliance checklist
  • Legal document library

Best Practices#

  1. Get it right early - Fixing legal issues later is expensive
  2. Use templates wisely - Standard templates work for most cases
  3. Know when to get help - Complex issues need real lawyers
  4. Document everything - Paper trails matter
  5. Stay current - Laws change, update documents
  6. Train your team - Everyone should understand basics

Cost-Effective Legal Resources#

ResourceCostBest For
Stripe Atlas$500Incorporation
Clerky$500-2,000Formation docs
Y Combinator templatesFreeStandard agreements
Termly / Iubenda$10-50/moPrivacy policies
UpCounsel / PrioriVariesOn-demand legal
Local startup lawyers$300-500/hrComplex issues

Common Pitfalls#

  • Not filing 83(b) within 30 days
  • Unclear founder equity arrangements
  • Using GPL code in proprietary product
  • No IP assignment from contractors
  • Ignoring state registration requirements

Related Workflows#