Startup Legal Checklist · 2026

5 Legal Documents Every Startup Founder Needs

Most early-stage founders skip their legal foundation until something goes wrong. This guide covers the five documents that protect your equity, your company, and your users — in plain English.

Get Your Free NDA → Get All 18 Documents — $49 →
What's in this guide

Jump to a document

  1. Non-Disclosure Agreement (NDA)
  2. Founders Agreement
  3. Privacy Policy
  4. Terms of Service
  5. Shareholders Agreement
Document 01

Non-Disclosure Agreement (NDA)

Protects your ideas before you share them.

An NDA is a legal contract that prevents someone from disclosing confidential information you share with them. For founders, that means you can have a real conversation with a potential co-founder, investor, or contractor without worrying about your idea walking out the door.

NDAs are typically mutual (both parties agree not to disclose the other's confidential information) or one-way (only the receiving party is bound). For early-stage startup conversations — sharing your product idea, business model, or technical architecture — a mutual NDA is the standard starting point. It sets a professional tone and makes the other party take the relationship seriously.

You need an NDA before sharing anything sensitive: your pitch deck with an investor, your source code with a freelancer, or your business model with a potential co-founder. The common mistake is thinking NDAs only matter later. They matter most early, when your idea hasn't been validated by the market yet.

Common NDA Mistakes
  • Using a blank template that doesn't specify what counts as "confidential information"
  • Forgetting to include a term — NDAs with no expiry date are harder to enforce
  • Asking sophisticated investors to sign NDAs before a first call (they won't, and it signals inexperience)
  • Not keeping a signed copy — verbal NDA agreements are worthless
Get a free, personalized NDA in 30 seconds Enter your company name, download a ready-to-sign .docx. No signup, no payment.
Get Free NDA →
Document 02

Founders Agreement

Settles the hard questions before they become hard conversations.

A Founders Agreement defines the relationship between co-founders before the company makes money. It covers equity splits, roles and responsibilities, decision-making authority, and — critically — what happens if a founder leaves. Without one, you're operating on trust. Trust is fine until the first major disagreement, and then it isn't.

The most important clause in any Founders Agreement is the vesting schedule. Standard founder vesting is four years with a one-year cliff: if a co-founder leaves in the first year, they get nothing. After the cliff, equity vests monthly over the remaining three years. This protects the remaining founders from a co-founder who leaves early but keeps a large equity stake. Investors will expect to see vesting — if you don't have it, add it before your first fundraising conversation.

Roles matter too. "We'll both do everything" works for two weeks. After that, someone needs to own product decisions, someone needs to own commercial decisions, and someone needs the authority to make a call when there's a disagreement. The Founders Agreement is where you write that down while everyone still likes each other.

Common Founders Agreement Mistakes
  • Splitting equity 50/50 with no vesting — one founder can leave Day 1 and keep half the company
  • No buyback provisions — if a founder leaves, can the company buy back unvested shares?
  • Not addressing what happens to IP built before the company was incorporated
  • Signing it too late — after a dispute has already started, it's too late to document the original agreement
Founders Agreement included in the full FounderVault pack Auto-filled with your names, equity splits, and vesting schedule. Ready to sign in minutes.
Get Full Pack — $49 →
Document 03

Privacy Policy

A legal requirement for any website or app that collects data.

A Privacy Policy is a public document that tells users what data you collect, how you use it, who you share it with, and how they can request deletion. It's not optional. GDPR (Europe), CCPA (California), and PIPEDA (Canada) all require it if you collect any personal data — including email addresses, analytics, or cookies. "Any website" is not an exaggeration: if you have a contact form or Google Analytics installed, you're collecting personal data.

The fines for non-compliance aren't hypothetical. GDPR violations can result in penalties up to 4% of annual global turnover or €20 million, whichever is higher. For a pre-revenue startup, the reputational risk and potential cleanup cost are more likely concerns — app stores, payment processors, and enterprise customers will ask to see your Privacy Policy before they work with you.

A good Privacy Policy is written in plain language, not dense legal boilerplate. It should tell users exactly what you do with their data. The ones that hide your data practices in 40 pages of legalese create liability, not protection — if a user claims they didn't understand, and the policy was designed to obscure, you lose.

Common Privacy Policy Mistakes
  • Copy-pasting a template without updating it for your actual data practices
  • Not listing third-party services (analytics, payment processors, email tools) by name
  • Forgetting to include a contact address for data deletion requests
  • Not updating the policy when you add new features that collect new types of data
Privacy Policy included in the full FounderVault pack Jurisdiction-aware, GDPR/CCPA compliant, auto-filled with your company details.
Get Full Pack — $49 →
Document 04

Terms of Service

Your liability protection and the rules of engagement with users.

Terms of Service (also called Terms and Conditions, or ToS) is the agreement between you and your users that defines what they can and can't do with your product, limits your liability if something goes wrong, and sets out the rules for disputes. Without one, you have no agreement — which means users can argue that anything they do with your product is fair use, and you have limited grounds to remove an account or terminate a relationship.

The most important clause for early-stage startups is limitation of liability. Products break. APIs go down. If a user loses business because your software was unavailable and you don't have a liability cap, you're exposed. A standard ToS limits your liability to the amount the user paid you — for a free product, that's zero. For a $50/month subscription, that's capped at a reasonable amount. Without it, the ceiling is whatever a court decides.

Terms of Service also govern account termination rights. You need the ability to terminate accounts that violate your policies, spam other users, or engage in fraud. Without explicit termination language, terminating an account can expose you to claims of breach of contract. It's the kind of problem that never happens until it does — and then it's expensive.

Common Terms of Service Mistakes
  • No limitation of liability clause — leaving yourself exposed to unlimited damages claims
  • Using consumer-facing terms for a B2B product (or vice versa) — the legal standards are different
  • No governing law clause — disputes default to whatever jurisdiction a plaintiff chooses
  • Not requiring users to affirmatively accept the ToS (a link in the footer doesn't count in all jurisdictions)
Terms of Service included in the full FounderVault pack B2B and B2C variants included. Auto-filled and jurisdiction-aware.
Get Full Pack — $49 →
Document 05

Shareholders Agreement

Investor-ready governance before the investors show up.

A Shareholders Agreement defines the rights and obligations of company shareholders — how decisions are made, how shares can be transferred, and what happens in a sale. It supplements the company's articles of incorporation with protections that the articles can't provide: pre-emptive rights (the right for existing shareholders to buy new shares before they're offered to outsiders), drag-along rights (if a majority agrees to sell, they can compel the minority to sell too), and tag-along rights (if the majority sells, the minority can join the sale on the same terms).

Most early-stage founders don't think about a Shareholders Agreement until they're raising a seed round. By then, it's too late to negotiate the favorable terms — investors will negotiate their own rights into the document, and the founders' leverage is gone. Building a basic Shareholders Agreement before fundraising establishes governance expectations and signals to investors that the company is structured properly.

A properly structured Shareholders Agreement also defines the decision-making threshold for major events: selling the company, taking on debt, issuing new shares, or changing the business model. Without this, a 50/50 split between two founders creates a deadlock the moment they disagree on anything. The Shareholders Agreement is where you build in a tiebreaker mechanism before you need it.

Common Shareholders Agreement Mistakes
  • No drag-along rights — minority shareholders can block a sale the majority wants
  • No pre-emptive rights — dilution can happen without existing shareholders having the first right to invest
  • No reserved matters — major decisions can be made without shareholder approval
  • Waiting until investors are at the table — they'll rewrite the whole document on their terms
Shareholders Agreement included in the full FounderVault pack Covers all five essential rights. Auto-filled with your equity structure, investor-ready from Day 1.
Get Full Pack — $49 →
Ready to get covered?

All 5 documents. Plus 13 more. $49.

FounderVault generates all 18 startup legal documents in 60 seconds — auto-filled with your details, every clause explained in plain English. No subscriptions, no lawyers, no surprises.

Get All 18 Documents — $49 →

Or start with a free NDA — no signup, instant download.