"Well, There's Your Problem!" - Biggest Legal Mistakes made by Tech Startups

"Well, There's Your Problem!" - Biggest Legal Mistakes made by Tech Startups

Croatia
Tools
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

Katya and Mike are startup founders. Their small software-based company has grown tenfold in the last year and a half, primarily due to the innovative UX of their app and excellent yet cheap marketing campaign on social media. While Katya is the technical wizard with a degree in data sciences and design, Mike, the finance expert, holds the business end of their young venture. Still, as much as they worked hard bootstrapping and crowdfunding, they are painfully aware that, without further institutional investments, their future growth will be very limited and definitely below the potential of their solution.

Initially, besides their own and their family savings, they gathered a few hundred thousand Euros via crowdfunding platform based solely on a demo version of their app – basically, an embellished proof-of-concept. However, their runway is coming to an end in a few months, and Mike is working hard on finding a fitting investor. His task is initially proving to be much easier than expected. Their success seems to have already circulated through the vine, and they are in the process of opening up the data room for three potential investors – one angel and two early-series venture capitalist funds. The goal is near; both Katya and Mike are sure of it. Based on initial non-binding offers, they are now convinced they will be getting more than expected while giving away much less than initially predicted equity.

A month later, as the due diligence was completed and binding offers started arriving, Mike and Katya were shaking their heads in disbelief. One VC pulled out even before they completed the due diligence process. The remaining two offers are, to say the least, underwhelming. And both of them have a big unsaid "target of significant risk" label on them. How could this have been happening when at the same time, their app is trending higher than ever on app stores, and their traction is off the charts? There was even a big fight between (until recently) honeymoon-level bonded founders, on who was to blame. So, why did things go so wrong so quickly? Short answer: their legal was shambolic and threatened to kill off their business in the future unless a significant amount of money and time is invested in clearing that out. If that will even be possible, that is.

It is a story heard so often. Many startups focus on their core business activities – product, sales, marketing – and (consciously or not) leave everything else for later when there is more money, time, and people to deal with the "boring stuff." Of course, legal is by nature at the top of the "boring" pyramid. Terms & Conditions? "Just copy them from YYY, they are doing something similar to us." GDPR compliance? "Oh, damn… Yeah, I think there's a free app for that. Let's use that." Employment and subcontracting? "We shook hands. Our word is golden, and Tom is a great guy." And so on. It is understandable. For people starting their business and risking everything, getting off the ground is the beginning and the end of all concerns. Having legal issues in order – is not. And yet, those pesky little details are exactly what comes to bite the founders on their behinds just at the wrong moment, i.e., when they are looking for and talking to investors. Naturally, there are hundreds or even thousands of potential legal mistakes, which can be highly individualized depending on the product or service. Still, a few prevailing ones are often a detriment to the future of the business and can be easily avoided by applying simple and effective legal solutions.

1. IP – Wow, Do I Look Like a Unicorn?

Depending on the type of the product or service, there are various ways to protect and ensure the intellectual property rights of the startup. Ignoring those (or leaving them for later) is the worst possible solution. In todays' market, where any idea or concept is most likely being independently developed by a few hundred or even thousands of people simultaneously, the winner may be the one who copyrighted, trademarked, or patented the solution first. Of course, not all IP protection is the same in order of magnitude, costs, and time. While protecting a trademark may only be a matter of a few clicks online and paying a few hundred or thousands of Euro at most, patent protection can be technically challenging and expensive. However, many startups are in the same boat, and the sole preparation for patenting a product as soon as practicable goes a long way. Unfortunately, software, the most prevalent startup product, is not patentable in most countries. Still, the source code can be copyrighted and registered as such, protecting the basis in the course of development. Even though it is clear that software code changes often, and even slight changes may be considered as a different product in some jurisdictions, the mere act of registering the copyright with the appropriate agency sends a clear signal to potential investors that the founder is legal-savvy, and not only a great product developer.

2. Those Pesky Subcontractors with Their Requests

As with everything in life, it is often impossible for the founders or their small team to do everything on their own. So, expert subcontractors are hired to do a part of the job on the project development. Some founders pay with startup equity, but most usually go for the simple service-for-cash transaction. Be it just a part of the developer code or a crucial cog in the prototype, the part created by the subcontractor may become a wrench, especially as the investment round is announced. And the subcontractor comes-a-knockin', claiming she owns rights to a part of the product, which may be released for a certain consideration. A dispute ensues, with nobody a true winner. Why does that happen more often than most people imagine? Poor or even non-existent contracts between the startup and the subcontractor and lack of awareness or knowledge of local IP and copyright laws. In some countries, the transfer of IP and copyright from the executor (subcontractor) onto the orderer (the startup) is mandated. However, in other countries, that is not so. For example, the recently replaced Croatian Copyright Act stated that the author owns the copyright on the product created for and delivered to another person per individual work order or similar contract, unless the contract explicitly says otherwise. The percentage of "explicitly otherwise"? Shockingly low.

In conclusion – two simple things may save the founders and their startup from a glorious headache: 1. A valid written contract with the subcontractor, and 2. An explicit and undisputable provision in that contract stating that all rights on the deliverables are transferred from the subcontractor to the startup at the moment of delivery.

3. GDPR – Schmeedeepeeaarr

While not universally applicable to all tech startups, the mistake of ignoring or simplifying the personal data protection issues is still generic enough and (more importantly) costly enough that it deserves to be in the startup legal mistakes pantheon.

While software, especially B2C software solutions, is inevitably linked to data protection issues, even most of today's hardware solutions are not immune to that part of the regulatory framework. IoT lifted "an app for that" principle to the next level, and it is hard to find any piece of retail-sold technology that does not have a companion mobile app. And if there is an app, there is (almost always) a user account. And if there is a user account, there comes GDPR. That all-encompassing global beacon and personal data protection juggernaut. Which does not forgive, nor forget (unless stated otherwise in the Privacy Policy). However, GDPR Compliance is often considered just "a template solution issue," where you need a bowl of the generic privacy policy, a pinch or two of good cookie policy, and a touch of Data Protection Addendum with the most critical data processors. However, GDPR does not discriminate between startups and Big Tech behemoths. Any breach is significant, and penalties are horrific, especially if you are already a cash-strapped beginner. Also, data protection compliance is not just a legal issue; it involves the complete product design structure (privacy by design and by default), which can be very expensive to adjust once founded on the wrong premises. Still, most startups put their data protection compliance in the same shed with other legal and compliance issues – the one marked "to do later." Unfortunately, the investors don't like that, as they are fully aware that any past breaches are judged by the level of legal and technical compliance at the moment of the breach, and that can be fatal. While customized compliance packages can be on the expensive side, that is nothing compared to the amounts of penalties the regulators can impose. There are even ready-made software-based solutions (not for free, mind you) that promise to cover everything a young and ambitious startup needs in its quest for glory. Some of them (not naming any names here) actually deliver promised coverage for most imaginable situations.  

In conclusion, besides the three described favorites, there are many more potential mistakes any startup can (and will) make in their rise to stardom. And, as always, there are no perfect systems, nor does any investor expect to find a flagless due diligence report. However, by acting on time and removing a majority of potential deal-breakers or value diminishers, any startup can ensure that their investment rounds will go through cleanly and under desired conditions. Investors, just like any business, are there to maximize their gains with the least possible input, and any potential exploit will be exploited. However, the vast majority of investors are not scavengers looking for a faulty system – they prefer to invest more money for less equity in something less risky and better organized. As with anything in life – prevention is much better than curing symptoms for all parties involved.

By Marko Porobija, Managing Partner, Porobija & Spoljaric