Resources for insight and
inspiration
Guides
Insights
NDAs 101 for Startups: Protecting Your Ideas with the Right Agreement
Non-Disclosure Agreements (NDAs) are one of the most common contracts founders encounter - and one of the most misunderstood. They’re often signed quickly, but a poorly drafted NDA can leave your startup’s ideas, code, or confidential data exposed.
Startup Best Practices for Data Privacy: Build Trust from Day One
In today’s digital world, data privacy isn’t optional - it’s strategic. Whether you’re collecting emails, tracking app usage, or handling sensitive customer info, how you manage personal data can make or break your startup’s credibility.
FAQs
Open allNo. A BAA is only part of compliance. You must also implement security, privacy, and breach response programs that meet HIPAA standards.
Any business that handles Protected Health Information (PHI) on behalf of a healthcare provider, insurer, or related entity is required to have a BAA.
Yes. In many settlements, both parties agree to release each other from claims, creating a clean break for both sides.
Yes. Federal law requires review and revocation periods in certain situations, especially for employees over 40. This ensures the agreement is fair and enforceable.
Not always. Courts require the agreement to be clear, voluntary, and compliant with state-specific laws. Some claims, like wage or workers’ compensation rights, may not be waived.
It protects your startup by having another party waive their right to bring certain legal claims against you.
Focus on intellectual property rights, payment terms, liability limits, and termination clauses, as these areas create the most potential risk.
Templates are a good starting point, but every deal has unique risks. Having counsel customize terms ensures your startup is protected.
Yes. Vendor agreements protect you when purchasing services, while customer agreements protect you when selling or licensing your own products.
A sales agreement transfers ownership of goods or services, while a licensing agreement grants permission to use intellectual property without transferring ownership.
These agreements clearly define who owns the work product, whether ownership transfers to the customer, or if your startup retains certain rights. This clarity helps prevent disputes later.
Yes, but it is less efficient. Without an MSA, every project must include all legal terms, which can slow down deals and create inconsistencies.
Not always, but if you plan to work with a customer or vendor on more than one project, an MSA saves significant time and prevents repeated negotiation.
An MSA sets the overall legal terms of the relationship, while an SOW outlines the specifics of an individual project.
No. Only institutional investors that need it for compliance, not angel investors or most venture funds without ERISA LPs.
Generally, no. It’s considered a standard compliance document, though founders can negotiate limits on inspection frequency or reporting burdens.
No. It typically provides inspection rights, reporting access, and sometimes observer rights—but no formal voting authority.
Because funds with ERISA or pension fund LPs must show they are “managing” investments to avoid regulatory restrictions.
Bylaws may provide some protection, but stand-alone indemnification agreements are stronger and more enforceable, offering tailored protection for each director or officer.
The indemnification agreement provides contractual protection, while D&O insurance provides financial backing. Together, they form a two-layer shield.