Section 10: Legal, IP & Compliance
PromptVault handles user prompts, test results, and analytics data across LLM providers. As a SaaS targeting AI teams, prioritize VC-friendly structure, data privacy for prompts (potentially sensitive), AI disclaimers, and IP protection for branding. Total Year 1 legal budget: $2,500-$5,000 (blended DIY/attorney).
1. Business Structure Recommendations
β Recommended: Delaware C-Corp
Rationale: PromptVault seeks $350K pre-seed funding with VC interest, enterprise pilots by Month 12, and MRR growth to $10K. Delaware C-Corp enables preferred stock, stock options for engineers (critical for hiring), and investor familiarityβ90% of VC-backed SaaS use it (CB Insights). Avoids S-Corp shareholder limits. Liability protection shields personal assets amid AI liability risks. Formation via Stripe Atlas/Clerky streamlines for founders. Switch from LLC post-funding if bootstrapping initially.
| Structure | Best For | Pros | Cons | Recommendation |
|---|---|---|---|---|
| Sole Proprietorship | Testing phase | Simple, cheap | Personal liability | Not recommended |
| LLC | Bootstrapped | Liability protection, tax flexibility | Less investor-friendly | If pre-funding |
| C-Corp (Delaware) | Venture-backed | VC-friendly, stock options | More complexity | β Primary |
| S-Corp | Profitable small biz | Tax advantages | Shareholder restrictions | Later stage |
- Formation Cost: $500-$1,000 (Stripe Atlas)
- Annual Maintenance: $800/year (franchise tax $400+, agent $300)
- Timeline: 1-2 weeks
Incorporate Before: Funding raise, contractor hires, public launch (Month 3 MVP). Form now for pre-seed diligence.
2. Intellectual Property Strategy
| Asset | Status | Priority | Cost | Timeline |
|---|---|---|---|---|
| Product Name (PromptVault) | π΄ Not protected | High | $500-$1,500 | 8-12 months |
| Logo | π΄ Not protected | Medium | $500-$1,500 | 8-12 months |
| Tagline | π‘ Consider | Low | $500-$1,500 | 8-12 months |
| Domain (promptvault.com) | β Secured | Critical | $15/year | Immediate |
Trademark Action Items:
- USPTO search (free) + attorney review ($300)
- Secure .com/.io domains
- File intent-to-use app ($350/class DIY via USPTO)
- Monitor via Trademarkia
Patent Considerations: No. Core features (versioning, testing) use standard tech (Git-like DB, API calls). Not novel per Alice Corp. v. CLS (abstract ideas ineligible).
Patent Strategy: Trade secrets instead. Cost savings: $10K+ avoided.
Trade Secrets (Protect): Scoring algorithms, analytics logic, prompt templates, customer lists. Use NDAs, repo access controls, 4-year vesting in founder agreements.
Copyright: Auto-protects React/FastAPI code. Add notices; track OSS licenses (MIT for deps) in LICENSE file.
3. Data Privacy & Protection
| Regulation | Applies? | Why | Key Requirements |
|---|---|---|---|
| GDPR | Maybe | EU AI users | Consent, DPA for B2B |
| CCPA/CPRA | Yes (post-revenue) | CA users, >$25M future | Opt-out sale, disclosures |
| COPPA | No | Adult users | N/A |
| HIPAA | No | No health data | N/A |
| SOC 2 | Future | Enterprise teams | Type 1 by Month 12 |
| PCI-DSS | Via Stripe | Payments | Stripe compliance |
Required Docs:
- Privacy Policy: Detail prompt storage, LLM transmission (OpenAI/Anthropic don't train on API data), analytics. Use Termly.io ($10/mo).
- ToS: User grants license for service delivery. Attorney review $1,500.
- Cookie Banner: For EU (CookieYes free tier).
- DPA: For Team/Enterprise B2B.
| Data Type | Collected? | Stored? | Shared? | Retention | Encryption |
|---|---|---|---|---|---|
| Yes | Yes (PG) | No | Deletion req | At rest/transit | |
| Prompts/Versions | Yes | Yes | LLM providers | User-controlled | AES-256 |
| Test Results | Yes | Yes | No | 2 years | At rest |
| Payments | Via Stripe | No | Stripe | N/A | Stripe |
| Analytics | Yes | Yes | Provider (e.g., PostHog) | 2 years | Transit |
AI Privacy: Disclose LLM forwarding; confirm providers' no-training policies. EU data residency via AWS EU regions if needed.
4. Terms of Service Key Provisions
- 1. Limitation of Liability: Cap at 12 months fees; exclude AI output damages.
- 2. Indemnification: Users indemnify for prompt content (e.g., IP in prompts).
- 3. IP: Retain product IP; users license inputs for testing/service.
- 4. AUP: No illegal prompts, scraping competitors.
- 5. Disclaimers: "AI tests not guaranteed accurate; not advice."
- 6. Payments: Monthly, 30-day notice for changes.
- 7. Disputes: Delaware law, arbitration.
5. Regulatory Compliance
| Regulation | Domain | Applies? | Requirements |
|---|---|---|---|
| FTC | All | Yes | No false ROI claims |
| CAN-SPAM | Yes | Unsubscribe in newsletters | |
| ADA/WCAG | Web | Recommended | Alt text, keyboard nav |
| EU AI Act | AI | Low risk | Transparency disclosures |
AI-Specific: Label AI-generated analytics; monitor bias in performance scoring. No high-risk uses (hiring/health).
6. Contracts & Agreements Needed
| Agreement | Purpose | Priority | Cost |
|---|---|---|---|
| Founder Agreement | Equity/vesting | Critical | $300 |
| IP Assignment | Own contractor code | Critical | $200 |
| Contractor NDA | Engineers | High | $200 |
| Privacy Policy/ToS | Launch | Critical | $500 review |
| DPA | B2B | High | Template |
7. Insurance Requirements
| Type | Purpose | Cost/Year | Priority |
|---|---|---|---|
| Professional Liability (E&O) | AI errors | $1,500 | High |
| Cyber Liability | Breaches | $2,000 | High |
| D&O | Post-funding | $3,000 | High |
| General Liability | General | $800 | Medium |
Start with E&O/Cyber pre-launch via Next Insurance.
8. Compliance Checklist by Stage
Pre-Launch
- β C-Corp formation
- β EIN/Bank
- β Privacy/ToS live
- β Trademark search
- β IP assignments
At Launch (M3)
- β CAN-SPAM footers
- β AI disclaimers
- β Stripe PCI
0-6 Months
- β Trademark file
- β E&O/Cyber ins.
- β Incident plan
Growth
- β SOC 2 Type 1
- β D&O ins.
- β Intl. review
9. Legal Budget Estimate
| Item | DIY | Attorney | Recommended |
|---|---|---|---|
| C-Corp Formation | $500 | $1,000 | $500 (Atlas) |
| Privacy/ToS | $100 | $2,500 | $1,000 review |
| Trademark | $350 | $1,500 | $800 |
| Contracts | $200 | $1,000 | $300 |
| Total Y1 | $1,150 | $6,000 | $2,600 |
Approach: Templates (Rocket Lawyer) + 3hr attorney consult ($750). Fits $20K funding allocation.
10. Legal Risks & Mitigations
| Risk | Description | Mitigation | Severity |
|---|---|---|---|
| #1 AI Output Liability | Bad test results sued | Disclaimers, E&O | π‘ Medium |
| #2 Data Breach | Prompt secrets exposed | Encryption, cyber ins., plan | π΄ High |
| #3 IP Infringement | Name conflict | Search pre-launch | π‘ Medium |
| #4 UGC Issues | Harmful prompts | AUP, moderation | π’ Low |
Next Steps: Form C-Corp this week (Stripe Atlas), draft ToS/Privacy (Termly), USPTO search for "PromptVault". Budget: $2,600 Y1. Low legal barriersβgreen light for MVP.