// writing

Writing

Essays and notes, organized by audience and date.

2026.04.25 "Reasonable security": what the FTC's latest SaaS order means for your startup A consent order against a SaaS CRM whose weak security let attackers walk off with $186 million is not a story about someone else. It is a roadmap for what regulators now expect. tech
2026.04.20 Vendor diligence is the new sales channel Procurement and security review are now where SaaS deals are won or lost. The companies that treat the questionnaire as a sales asset have a real advantage. tech
2026.04.13 Business associate agreements for non-clinical wellness apps Wellness platforms partnering with healthcare providers keep signing BAAs without understanding what they are signing. The recent enforcement uptick is a useful prompt to look again. wellness
2026.04.06 Why your social handle is not a trademark Creators routinely conflate owning a username with owning the underlying brand. The trademark register treats the two very differently. creators
2026.03.30 AI agents and the legal meaning of agent The word 'agent' in 'AI agent' borrows from a legal concept with two centuries of doctrine behind it. The borrowing is creating problems. tech
2026.03.23 Washington's My Health My Data Act applies to you Operators outside Washington keep concluding the law does not reach them. Most of them are wrong, and the obligations are not light. wellness
2026.03.16 Dark patterns rules are about to reach the creator economy The FTC and state regulators have spent years sharpening the dark-patterns doctrine on subscriptions and checkout flows. The next surface is creator monetization. creators
2026.03.09 What the Florida Digital Bill of Rights actually does Florida's privacy law was framed as 'Big Tech only' when it passed. The thresholds are narrower than that, and the outline of who actually has to comply is worth understanding. tech
2026.03.02 Health claims after the FTC's latest wellness consent order A recent consent order against a wellness brand for unsupported claims is a useful map of what the agency now expects the substantiation file to look like. wellness
2026.02.23 Section 230 and the platform problem creators keep running into Section 230 is supposed to protect platforms. The way it functions in 2026 also protects platforms from the creators they host. creators
2026.02.16 SOC 2 will not save you in diligence Founders treat the SOC 2 report as a finish line. Buy-side diligence teams treat it as the floor of a much longer conversation. tech
2026.02.09 Telehealth across state lines after the latest enforcement actions The pandemic-era licensure flexibilities are gone, and state medical boards in 2026 are pursuing telehealth providers with renewed focus. wellness
2026.02.02 FTC endorsement disclosures, version 2026 The Endorsement Guides got teeth two years ago, and the enforcement trend in 2026 is worth understanding before your next campaign. creators
2026.01.26 AI training data and the contracts your enterprise customers will start asking for Enterprise procurement is now asking SaaS vendors what their AI features were trained on. The answers founders give today will be quoted back to them later. tech
2026.01.19 Where wellness meets HIPAA, and where it does not Most wellness operators believe HIPAA does not apply to them. They are usually right and increasingly often wrong. wellness
2026.01.12 Why your NIL deals are starting to look like SaaS contracts Brand deals for athletes and influencers are quietly absorbing the structure of enterprise software agreements, and not always for the athlete's benefit. creators
2026.01.05 The 2026 privacy law map for SaaS founders The patchwork of state privacy laws hit a new milestone on January 1, and most SaaS companies are now in scope of more than they realize. tech