// for tech
For technology companies
SaaS, AI, data, and the contracts that wrap them.
Most of my work in technology lives at the seam between what a product actually does and what its legal documents say it does. Vendor security questionnaires, data processing addenda, AI use disclosures, IP assignments, platform terms, the FTC's "reasonable security" standard, and state privacy regimes all assume a level of fluency in software that traditional deal counsel often does not have. I treat that fluency as the table stakes, not the differentiator.
For early-stage founders, the writing here tends to focus on what to put on paper before a customer or regulator asks for it. For more mature companies, it leans toward the diligence-side risks that compound quietly until an exit forces them into the open.
- Data you kept but did not need is the FTC's new target
- Colorado rewrote its AI law, and your vendor contracts are the part that changed
- Connecticut just passed the broadest state AI law on the books
- "Reasonable security": what the FTC's latest SaaS order means for your startup
- Vendor diligence is the new sales channel
- AI agents and the legal meaning of agent
- What the Florida Digital Bill of Rights actually does
- SOC 2 will not save you in diligence
- AI training data and the contracts your enterprise customers will start asking for
- Why the NIST Cyber AI Profile will not save your business
- The 2026 privacy law map for SaaS founders
- The Florida wiretap theory aimed at your website
- What the Trump AI executive order changes for state compliance
- California is making executives personally certify privacy compliance
- When your vendor gets breached, the liability stays with you
- California's frontier AI law and what it actually requires
- What AI content actually costs you when it goes wrong
- Algorithmic bias is the employer's problem, not the vendor's
- AI in hiring, and the way the EEOC actually thinks about it
- What the Florida CHOICE Act actually changes about non-competes
- What the Crumbl case is teaching about audio on social
- Florida's two-party consent rule, and the lawsuit risk most businesses miss
- What an AI policy needs to actually cover
- Florida's cybersecurity safe harbor, on its third try
- The three buckets of IP, and why most businesses misallocate
- SIM swap and the end of SMS as a second factor
- Ransomware after CIRCIA and the enforcement wave
- The guards of innovation: trademarks and patents in plain terms
- Who actually owns the IP
- Software IP: patent or trade secret
- Software contracts are not like talking to Google
- The first 24 hours after a data breach in 2026
- Patenting software after Alice, and what the AI inventorship cases mean
- Foreign-made drones after the DJI restrictions
- Enforcing IP rights without a patent or registered trademark
- The desktop cybersecurity threats that actually matter in 2026