Resources for insight and
inspiration
Guides
Insights
Management Rights Letter: Granting Institutional Investors Oversight Access
When startups take money from venture capital funds subject to ERISA or similar regulations, those funds need a special document: the Management Rights Letter (MRL). This short but powerful agreement ensures the investor has sufficient rights to “manage” their investment, helping them comply with legal requirements.
Indemnification Agreement: Personal Protection for Startup Directors and Officers
When startup leaders make tough calls - hiring, spending, pivoting - they expose themselves to personal liability. The Indemnification Agreement serves as a legal shield, protecting directors and officers against lawsuits, claims, and costs incurred while serving the company.
ROFR and Co-Sale Agreement: Managing Share Transfers While Preserving Cap Table Control
In venture-backed startups, control of the cap table is critical. The Right of First Refusal and Co-Sale Agreement (ROFR/Co-Sale) helps founders and investors maintain that control by regulating how shares are transferred - particularly when founders, early employees, or other major holders want to sell.
Voting Agreement: Aligning Shareholder Power in Key Company Decisions
While founders often assume they’ll control their company post-funding, the Voting Agreement tells a more nuanced story. This document outlines how shareholders agree to vote their shares on critical company matters, including board elections and future financing approvals.
FAQs
Open allWhy do investors care about these agreements?
Because without them, your startup may not legally own its core technology - a major risk in funding, acquisitions, or IPOs.
Are invention assignment agreements enforceable everywhere?
Generally yes, but enforceability can depend on state law. Some states restrict how broadly employers can claim ownership, so tailoring language matters.
Do contractors need to sign invention assignment agreements?
Yes. Contractors often create code, designs, or strategies, and without an agreement, they may legally own the IP.
What’s the difference between a CIIAA and a PIIAA?
They serve the same function - assigning inventions to the company and protecting confidentiality. The terminology varies by company or industry.
Should contractors and employees sign NDAs?
Yes. Pair NDAs with confidentiality and IP assignment agreements to ensure ownership of work product and protection of sensitive data.
Are NDAs enforceable?
Yes, but courts often scrutinize them. NDAs that are too broad or vague are harder to enforce.
How long should an NDA last?
Two to five years is standard. Trade secrets may be protected indefinitely if defined clearly.
Do investors usually sign NDAs?
Most venture capitalists won’t sign NDAs at the pitch stage. However, some strategic investors or partners may sign if sensitive technical information is involved.
Do we need a formal open source policy?
Yes. Even a short policy clarifying what licenses are acceptable and requiring license checks before use can protect your company from major risks.
Is open source safe for SaaS companies?
It depends. Copyleft licenses like AGPL may apply even if you don’t distribute your code. Always check terms before using them in your backend.
What happens if we violate an open source license?
You could face legal action, be forced to release your proprietary code, or lose investor confidence. Compliance is critical.
Can my startup use open source code in a commercial product?
Yes, but it depends on the license. Permissive licenses (like MIT or Apache 2.0) allow it, while copyleft licenses (like GPL) may require you to open source your own code.
How can startups build trust around privacy?
Be transparent, respond quickly to user requests, and show that you protect data. Investors and customers reward startups that treat privacy as a priority, not an afterthought.
Do I need consent for all data I collect?
Not always. Consent is required for marketing emails, cookies, and sensitive data. Other legal bases, like contracts or legitimate interest, may apply.
What’s the most important privacy step to take early?
Start with a clear Privacy Policy and limit the data you collect. These two actions cover many compliance basics and set a strong foundation.