Intellectual property and contracts are the legal infrastructure of your US business. They determine who owns what your business creates, how your commercial relationships are governed, what happens when a counterparty does not perform, and whether you can enforce your rights in a US court. For a non-US founder, both areas carry specific complexity: US IP law differs in important ways from the systems you may be familiar with, and US contract law has characteristics that can surprise founders whose commercial experience is primarily in other jurisdictions.

This part covers the four categories of US intellectual property protection and how they apply to a foreign-owned US business, the IP ownership questions that arise most frequently in a multi-entity structure, the most important contracts your US entity needs, how US contract law works and where it differs from other systems, the governing law and dispute resolution choices that matter for a non-US founder, and data privacy obligations that now affect almost every business selling to US consumers.

1. Intellectual Property in the United States: The Four Categories

The United States protects intellectual property through four distinct legal regimes: copyright, trademark, patent, and trade secret. Each protects a different type of asset, arises through a different mechanism, and requires different actions to preserve and enforce. Understanding which regime protects which assets is the starting point for any IP strategy.

Copyright

Copyright protects original works of authorship fixed in a tangible medium. In a business context, this means software code, website content, marketing materials, written documentation, design assets, training materials, videos, and any other original creative work your business produces. Copyright protection arises automatically the moment a qualifying work is created and fixed; registration with the US Copyright Office is not required for the right to exist.

However, registration matters for enforcement. A copyright owner who has registered the work before infringement occurs, or within three months of publication, can recover statutory damages (statutory damages ranging from $750 to $30,000 per work, which can increase to up to $150,000 per work for willful infringement and may be reduced for innocent infringement) and attorney fees in a federal infringement lawsuit. Without registration, the owner can only recover actual damages, which are often difficult to quantify and may be substantially less than the cost of litigation. For important business assets, particularly software and flagship content, registration is worth the modest cost.

The term of copyright protection for works created by individuals is the author's life plus 70 years. For works made for hire (works created by employees within the scope of their employment, or by contractors under a valid written work-for-hire agreement for specified categories), the term is 95 years from publication or 120 years from creation, whichever is shorter. Because the work-for-hire doctrine automatically applies to employees but not to independent contractors, the IP ownership question covered in Section 2 of this part is particularly important for software and content businesses.

Trademark

A trademark is a word, phrase, symbol, design, or combination thereof that identifies the source of goods or services and distinguishes them from those of others. For a US business, your company name, product names, logos, and any distinctive branding elements that consumers associate with your business are potential trademarks. Trademark rights in the US arise from use in commerce, not from registration, but federal registration with the United States Patent and Trademark Office (USPTO) provides significant advantages.

Federal trademark registration creates a legal presumption of ownership and the exclusive right to use the mark nationwide in connection with the registered goods or services. It also allows you to use the registered trademark symbol, provides a basis for blocking importation of infringing goods through US Customs (if recorded), and creates a public record that others can search before adopting potentially conflicting marks. Registered marks can be licensed to related entities, which is relevant for non-US founders who operate under the same brand across multiple entities in different countries.

The trademark application process begins with a search to confirm that no conflicting marks are already registered or in use. Applications are filed online through the USPTO's TEAS system and take approximately 12 to 18 months to complete, assuming no significant office actions or oppositions. The filing fee is $250 to $350 per class of goods or services, per mark. A mark registered in one class does not protect use in other classes, so founders whose business operates across multiple categories should consider registering in each relevant class.

For non-US founders with existing trademark registrations in their home country, the Madrid Protocol provides a mechanism to extend protection to the United States through an international application filed through the World Intellectual Property Organization, designating the US as a territory. This is often more cost-effective than filing directly with the USPTO for founders who already have an international registration.

Patent

A patent grants the holder the exclusive right to make, use, sell, and import an invention in the United States for a limited period, typically 20 years from the filing date for utility patents. Patents are the most expensive and time-consuming form of IP protection, requiring a formal application to the USPTO, examination by a patent examiner, and often multiple rounds of prosecution before a patent is granted. The process takes two to four years on average and costs aprox $15,000 to $50,000 or more in attorney fees and filing costs for a utility patent.

The US uses a first-inventor-to-file system: if two parties independently develop the same invention, the patent generally goes to the one who files first. Public disclosure of an invention before filing a patent application can destroy patentability in many countries (though the US provides a one-year grace period for the inventor's own disclosures). For a non-US founder building a technology product with potentially patentable innovations, filing a provisional patent application, which is faster and cheaper than a full application and establishes a priority date, before any public launch is worth discussing with a patent attorney.

For most early-stage software businesses, patents are not the primary IP strategy. Software patents are difficult to obtain, expensive to enforce, and of uncertain validity. Trade secret protection for proprietary algorithms and source code, combined with copyright protection for the code itself, is more practical for most software founders at the early stage.

Trade secrets

A trade secret is any information that derives economic value from not being generally known and that the owner takes reasonable steps to keep confidential. Business plans, customer lists, pricing algorithms, proprietary formulas, manufacturing processes, source code, and internal financial projections can all qualify as trade secrets if they are genuinely kept confidential and provide a competitive advantage.

Trade secret protection does not require registration and theoretically unlimited in duration, lasting as long as the secret is maintained. The Defend Trade Secrets Act (DTSA), enacted in 2016, provides a federal civil cause of action for trade secret misappropriation, allowing owners to sue in federal court for injunctive relief, damages, and in egregious cases exemplary damages up to two times actual damages plus attorney fees. The DTSA also provides for ex parte seizure orders in exceptional circumstances, allowing a court to order the seizure of misappropriated trade secrets without advance notice to the defendant.

Protecting trade secrets requires active, documented steps to maintain confidentiality. These steps include requiring all employees, contractors, and business partners who have access to confidential information to sign non-disclosure agreements, restricting access to confidential systems and documents to those who need it, maintaining secure systems with appropriate access controls, training employees on what constitutes confidential information and how to handle it, and documenting the confidentiality measures in place. A trade secret that is not actively protected is not legally a trade secret.

2. IP Ownership: The Questions that Matter Most for Foreign-Owned Entities

IP ownership questions are more complex for a foreign-owned US business than for a purely domestic one, because the business operates across at least two legal systems and may have IP created by people and entities in multiple countries. Getting IP ownership wrong in a multi-entity structure creates problems that are expensive and sometimes impossible to fix later: disputed ownership in due diligence, inability to enforce rights against infringers, transfer pricing exposure from unlicensed intercompany IP use, and in a sale context, inability to deliver clean title to the acquirer.

• Employee creates IP during employment
  Under U.S. federal copyright law, intellectual property created by an employee within the scope of employment is generally owned by the employer as a work made for hire. A properly drafted employment agreement with an IP assignment clause should still be in place, and state law limitations should also be reviewed. If this is handled correctly, the ownership risk is generally low.

• Independent contractor creates IP
  Intellectual property created by an independent contractor is generally owned by the contractor unless it is assigned in writing. A written contractor agreement with a clear IP assignment clause should be signed before work begins. If this is not addressed, the contractor may retain ownership rights and could potentially reuse, license, or sell the IP elsewhere.

• Founder contributes pre-existing IP to the U.S. entity
  Pre-existing IP developed by the founder before the company was formed remains owned by the founder unless it is formally transferred or licensed to the U.S. entity. A written IP assignment agreement or license agreement should be executed between the founder and the entity. If this is not documented properly, the U.S. company may be using IP it does not legally own, which can create serious due diligence, financing, and investor issues.

• IP developed jointly by a U.S. entity and a foreign related entity
  Jointly developed IP creates ambiguity unless ownership and licensing rights are clearly documented. A joint development agreement should specify ownership percentages, licensing arrangements, development responsibilities, and commercial rights between the entities. If this is not addressed, ownership disputes and transfer pricing exposure can arise across multiple jurisdictions.

• Open source software incorporated into a commercial product
  Open source software is governed by the terms of the applicable open source license, and obligations vary significantly depending on the license type. An IP audit should identify all open source components and confirm that the license terms are compatible with the intended commercial use of the software. Certain copyleft licenses may require disclosure of proprietary source code if incorporated incorrectly into a commercial product.

The founder IP contribution problem

One of the most common IP ownership problems in a foreign-owned US entity arises when the founder developed the product, software, or methodology before the US entity was formed, and never formally transferred that IP to the US entity. The founder simply starts operating through the US entity, using the pre-existing IP as if the entity owned it, without any formal assignment or license.

The result is that the US entity is using IP it does not own. This may not matter in the early stage, but it becomes a significant problem when an investor conducts due diligence, when the entity attempts to register a patent or trademark, when the entity faces an infringement claim and needs to demonstrate ownership, or when the entity is sold and the acquirer requires clean title to all IP.

The fix is straightforward: execute a written IP assignment agreement between the founder (as individual or as the foreign entity that owns the IP) and the US entity. The assignment should identify the specific IP being transferred, state the consideration paid (which can be nominal if the assignment is made at formation), and be signed by both parties. Once executed, record it with the relevant IP offices (USPTO for patents and trademarks) to ensure the assignment is recorded in the public record.

IP held in a foreign entity vs. the US entity

Some multi-entity structures intentionally keep IP ownership in a foreign entity and license it to the US entity for use in the US market. This is a legitimate arrangement with potential tax benefits: the royalty paid from the US entity to the foreign IP-holding entity is generally deductible in the US and taxable in the foreign jurisdiction, which may have a lower effective tax rate on IP income.

However, this structure requires careful execution. The IP license must be in writing and must be priced at arm's length: the royalty rate must reflect what an unrelated licensee would pay for the same IP in the same market. The transfer pricing analysis supporting the royalty rate must be documented before the arrangement begins. US withholding tax applies to royalties paid from the US entity to a foreign licensor unless a treaty reduces or eliminates the rate. And the economic substance of the IP ownership in the foreign entity must be genuine: a foreign shell entity that holds IP on paper but has no employees, no technical capability, and no genuine involvement in developing or maintaining the IP is vulnerable to challenge under both US and OECD anti-base-erosion principles.

For most early-stage founders, the complexity of an offshore IP holding structure outweighs the benefits at the revenue levels they are operating at. Holding IP in the US entity is simpler and avoids the transfer pricing and withholding compliance burden. The offshore IP structure becomes worth considering when royalty income is material and the tax savings justify the additional compliance cost.

Open source risk

Founders building software products need to understand the IP obligations that attach to open source software incorporated into their product. Open source licenses fall into two broad categories: permissive licenses and copyleft licenses.

Permissive licenses, such as the MIT License, Apache 2.0, and BSD licenses, allow use in proprietary commercial software with minimal restrictions, typically requiring only attribution. These are generally safe to incorporate into a commercial product.

Copyleft licenses, such as the GNU General Public License (GPL), impose a reciprocal obligation: if you distribute software that incorporates GPL-licensed code, you must make your entire combined work available under the GPL, including your proprietary source code. For a commercial software business, this can effectively require open-sourcing the product, which is why GPL-licensed components are generally incompatible with proprietary commercial software.

The LGPL (Lesser GPL) is a weaker copyleft license that allows linking to LGPL-licensed libraries without triggering the copyleft requirement in most cases, making it more compatible with commercial use. The AGPL (Affero GPL) is a stronger copyleft license that extends the GPL's distribution trigger to software accessed over a network, which is particularly relevant for SaaS businesses.

Conducting an open source IP audit before launching a product, particularly before any fundraising, identifies all open source components in the codebase and confirms that none of the licenses create obligations that conflict with the business model. Software composition analysis tools such as FOSSA, Black Duck, and Snyk automate this process by scanning codebases and flagging license conflicts.

3. Trademark Strategy for a Non-US Founder

Trademark strategy for a non-US founder who operates under the same brand in multiple countries requires thinking about both US and international protection from the start. The US trademark system and your home country's trademark system are separate, and rights in one do not automatically extend to the other.

Clearing the mark before launch

Before launching in the US under any brand name or logo, conduct a trademark clearance search to confirm the mark is available. A clearance search goes beyond the USPTO's online TESS database to include state trademark registrations, common law uses (unregistered but active uses that may establish priority in a geographic area), domain name registrations, and trade name registrations. A professional clearance search conducted by a trademark attorney typically costs $500 to $1,500 and provides a meaningful assessment of the risk of adopting the mark.

Launching without clearance and later discovering a conflicting prior use can require rebranding, which is expensive and disruptive. The clearance search is one of the highest-return investments in the pre-launch phase.

Establishing use in commerce

US trademark rights arise from use in commerce, meaning the mark must be used in connection with the actual sale or offer for sale of goods or services in interstate or foreign commerce. Simply registering the mark without using it does not create enforceable rights. If you apply for a trademark registration based on a bona fide intent to use, you must submit proof of actual use within six months of the USPTO issuing a Notice of Allowance (with extensions available up to three years total).

For the purposes of establishing use, keep records of your first US sale or service transaction under the mark, the date on which you first used the mark in US commerce, and specimens showing the mark in use (product packaging, website screenshots showing the mark alongside a purchase opportunity, service invoices bearing the mark).

Which entity should own the trademark

If you operate both a US entity and a foreign entity under the same brand, decide from the start which entity will own the US trademark registration. Options include: the US entity owns the US registration (simplest for US enforcement purposes), the foreign entity owns the US registration and licenses it to the US entity (potentially useful for brand consolidation but requires a formal license agreement and may create US withholding implications on any royalty), or a dedicated IP holding entity owns the registration and licenses it to operating entities in both jurisdictions.

For most early-stage founders, having the US entity own the US trademark registration is the cleanest arrangement. It avoids the intercompany licensing complexity and ensures that the entity conducting business in the US is the entity with enforceable rights in the US market.

4. US Contract Law: What Non-US Founders need to know

US contract law shares the common law foundation of English, Australian, Canadian, and other Commonwealth legal systems, but it has developed its own distinct body of case law, commercial customs, and contractual norms that differ from what founders from civil law countries (France, Germany, Italy, Spain, the Netherlands, and most of continental Europe and Latin America) may be familiar with. Even founders from common law countries will find that US commercial contracts have specific characteristics worth understanding.

Formation: offer, acceptance, and consideration

A US contract is formed by an offer, an acceptance of that offer, and consideration exchanged between the parties. Consideration is the requirement that each party give something of value: a promise, a payment, or performance of an act. Without consideration on both sides, a promise is generally not enforceable as a contract. This is different from civil law systems, where a written agreement signed by both parties is generally enforceable regardless of whether formal consideration exists.

In practice, consideration is rarely a problem in commercial transactions: the price paid and the goods or services delivered constitute mutual consideration in most commercial contracts. However, it does matter in specific situations: an agreement to modify an existing contract without new consideration from both parties may not be enforceable, and a unilateral promise of a gift without consideration is generally not a binding contract.

The statute of frauds

Certain contracts are only enforceable if they are in writing under the statute of frauds. The contracts covered by this requirement vary by state but commonly include contracts for the sale of goods worth $500 or more (under the Uniform Commercial Code), contracts that cannot be performed within one year, contracts for the sale of real estate, and contracts for the transfer of IP rights. For a business context, the practical implication is that any significant commercial agreement should be documented in writing, both for enforceability and for clarity.

The parol evidence rule

The parol evidence rule limits the use of extrinsic evidence (prior negotiations, oral agreements, and contemporaneous writings outside the contract itself) to contradict or vary the terms of a fully integrated written contract. If your written contract contains an integration clause (also called a merger clause) stating that the written agreement is the complete and final expression of the parties' agreement, prior oral promises and negotiations generally cannot be introduced to change its terms.

This rule has important practical implications for non-US founders negotiating commercial agreements: what you agreed in verbal discussions does not supplement the written contract unless it is explicitly included. Before signing any commercial agreement, confirm that every material term you have negotiated is reflected in the written document. Do not assume that an oral understanding reached during negotiations will be enforceable if it is not in the written agreement.

Implied warranties and the UCC

The Uniform Commercial Code (UCC) is a model set of commercial laws adopted with variations by all 50 states. Article 2 of the UCC governs contracts for the sale of goods and implies certain warranties into every sale unless they are explicitly disclaimed. The most important implied warranties are the warranty of merchantability (that goods are fit for the ordinary purpose for which they are used) and the warranty of fitness for a particular purpose (that goods are fit for a specific purpose the buyer has made known to the seller).

Commercial contracts, particularly software license agreements and product sale terms, routinely disclaim these implied warranties in capital letters (often presented in capital letters or other conspicuous formatting, as many states require warranty disclaimers to be clearly visible). If your customer agreement does not disclaim implied warranties, you may be liable for warranty claims that your written terms do not address. This is a standard provision that your attorney should include in any product or software agreement.

5. The Contracts your US Entity Needs

The specific contracts your US entity requires depend on your business model, but the following table covers the most important agreements for the majority of non-US founders operating US businesses.

• Customer agreement / Master Services Agreement (MSA)
  A customer agreement or MSA governs the sale of products or services to customers and is usually the foundational commercial contract for the business. Key terms include payment terms, intellectual property ownership of deliverables, limitation of liability clauses, indemnities, governing law, and dispute resolution procedures. For foreign-owned U.S. entities, the agreement should clearly specify that U.S. state law governs the contract, include a forum selection clause naming a U.S. court or arbitration body, and clearly identify which entity is the contracting party.

• SaaS or subscription terms
  SaaS or subscription terms govern how users access and use software products delivered as a service. Important provisions include the scope of the license grant, acceptable use restrictions, data ownership, security obligations, uptime commitments, auto-renewal clauses, and termination rights for non-payment. Foreign-owned U.S. businesses should also address U.S. privacy requirements, including California privacy rules where applicable, and consider whether cross-border data transfer provisions are needed if user data is stored or processed outside the United States.

• Non-Disclosure Agreement (NDA)
  An NDA protects confidential information shared during business discussions, negotiations, partnerships, or vendor relationships. Key provisions include the definition of confidential information, exclusions from protection, the duration of confidentiality obligations, return or destruction of information, and remedies for breach. Foreign-owned entities should specify which country’s law governs the NDA. U.S.-governed NDAs are generally well understood and enforceable with U.S. counterparties, while complex foreign governing law clauses can create unnecessary uncertainty.

• Vendor and supplier agreement
  Vendor and supplier agreements govern purchases of goods or services and define delivery, payment, warranty, and liability obligations. Important terms include delivery obligations, acceptance procedures, payment schedules, warranty periods, liability caps, and ownership of any custom deliverables. Foreign-owned businesses should ensure the correct contracting entity is identified, particularly where both a U.S. entity and a foreign parent exist, because this affects which entity records the liability and which entity can enforce the contract.

• Partnership and reseller agreement
  Partnership and reseller agreements govern relationships with distributors, referral partners, channel partners, and resellers. Key terms include territory rights, exclusivity, commission structures, reporting obligations, intellectual property licensing rights, and termination provisions. Foreign-owned businesses should assess the tax and regulatory consequences before granting territory rights, because reseller activities in certain jurisdictions may create state or international nexus exposure.

• Employment agreement
  Employment agreements document the terms of employment for key employees and usually supplement the offer letter with confidentiality, intellectual property, and restrictive covenant provisions. Important terms include IP assignment clauses, confidentiality obligations, non-solicitation restrictions, non-compete provisions where enforceable, and at-will employment acknowledgements. Foreign-owned entities should tailor the agreement to the employee’s work state because enforceability rules vary significantly. For example, California generally prohibits post-employment non-compete clauses.

• Intercompany services agreement
  An intercompany services agreement governs management fees, shared services, intellectual property licensing, and other transactions between the U.S. entity and related foreign entities. Important provisions include the description of services, transfer pricing methodology, payment terms, adjustment mechanisms, and governing law. For multi-entity international structures, this agreement is essential for transfer pricing compliance and should be implemented before intercompany transactions begin. Pricing should be arm’s length and supported by appropriate transfer pricing analysis and documentation.

The master services agreement structure

For service businesses and SaaS companies with repeat customers, the most efficient contract structure is a Master Services Agreement (MSA) combined with a Statement of Work (SOW) for each engagement or project. The MSA governs the relationship at a high level: IP ownership, confidentiality, limitation of liability, indemnification, governing law, and dispute resolution. The SOW, executed under the MSA, describes the specific services, deliverables, timeline, and price for each project.

This structure allows the parties to negotiate the MSA once and then execute lightweight SOWs for subsequent work without renegotiating the foundational terms each time. For a non-US founder with enterprise customers, proposing an MSA structure also signals commercial sophistication and familiarity with standard US business contracting practices.

6. Limitation of Liability and Indemnification: Two Clauses That Matter More Than They Look

Two provisions appear in almost every commercial contract and are frequently negotiated intensely: the limitation of liability clause and the indemnification clause. Non-US founders often encounter these clauses in US contracts without fully understanding their significance.

Limitation of liability

A limitation of liability clause caps the total amount one party can recover from the other in the event of a dispute or breach. The most common structure limits each party's total liability to the amount paid under the contract in the 12 months preceding the claim. This means that if a customer has paid $50,000 for your services in the past year, your maximum liability for any failure of service is $50,000, regardless of the actual damages the customer claims.

Limitation of liability clauses are generally enforceable in most US states for commercial contracts between businesses, though some states apply additional requirements for the limitation to be effective (such as conspicuous presentation). They are not effective against claims for fraud, willful misconduct, or in some states gross negligence. Personal injury and death claims are typically not subject to contractual limitation of liability.

As the service provider, you want a liability cap as low as possible. As the customer, you want either no cap or a higher cap. The negotiation typically settles at a multiple of fees paid, such as 1x or 2x the annual contract value. Understanding this dynamic before you enter negotiations allows you to anchor appropriately and identify which positions are commercially standard versus which are aggressive.

Indemnification

An indemnification clause requires one party to compensate the other for specified losses, claims, or damages arising from defined events. In a typical vendor agreement, the vendor indemnifies the customer against claims that the vendor's product or service infringes a third party's intellectual property rights, that the vendor's negligence caused harm, or that the vendor breached its representations and warranties. The customer often indemnifies the vendor against claims arising from the customer's misuse of the product or from the customer's data.

Indemnification is different from limitation of liability: the indemnification obligation can be triggered by third-party claims against the indemnified party, not just by direct claims between the contracting parties. An IP indemnification, for example, requires the vendor to defend the customer against a lawsuit brought by a third party claiming that the vendor's software infringes its patent, and to pay any resulting judgment or settlement.

For a non-US founder selling software or services to US enterprise customers, robust IP indemnification in your customer agreement is commercially expected. The exposure is real and should be managed through your IP clearance processes rather than by refusing to offer indemnification, which most enterprise customers will not accept.

7. Governing Law, Jurisdiction, and Dispute Resolution

Every commercial contract should specify which law governs the agreement and how disputes will be resolved. For a non-US founder entering commercial relationships in the US, these choices have significant practical consequences.

Governing law

The governing law clause specifies which state's law applies to the interpretation and enforcement of the contract. For a US entity, the governing law will generally be a US state law. Delaware, New York, and California are the most commonly chosen governing law jurisdictions in US commercial contracts.

Delaware is preferred for corporate governance matters because of its developed corporate law. New York is the preferred governing law for financial contracts, M&A agreements, and many commercial transactions because of its well-developed commercial case law, its predictability, and its explicit statutory provision allowing parties to choose New York law regardless of whether the transaction has a connection to New York. California is often the governing law of employment agreements for California employees.

For most operational commercial contracts, such as customer agreements, vendor agreements, and services agreements, choosing the law of the state where your US entity operates or is formed is a practical default. If your entity is a Delaware LLC, Delaware law is a natural choice. If you have significant California operations, California law may be chosen for employment-related documents but avoided for commercial contracts where California's consumer protection rules may create unexpected obligations.

Jurisdiction and venue

The jurisdiction and venue clause specifies the courts (or arbitration body) in which disputes will be resolved and the geographic location where proceedings will take place. For a non-US founder, having disputes resolved in a US court in a state where you have no physical presence is a significant logistical burden. Arbitration is often a more practical alternative.

Arbitration vs. litigation

Commercial disputes in the US can be resolved through litigation in state or federal courts, or through private arbitration under the rules of an arbitration body. The major commercial arbitration bodies used in US contracts are the American Arbitration Association (AAA), JAMS, and the International Chamber of Commerce (ICC) for international disputes.

Arbitration has several advantages for a non-US founder: proceedings are private rather than public, arbitrators with relevant subject matter expertise can be selected, the process is typically faster than litigation, and arbitral awards are enforceable internationally under the New York Convention, which has been adopted by most countries. Arbitration can be expensive for smaller disputes because the arbitrator's fees must be paid by the parties (unlike litigation, where the judge is effectively free), but arbitration agreements often include a small claims exception allowing parties to bring low-value claims in their local small claims court.

Litigation in US federal court or state court provides the benefit of established procedural rules, appellate review, and in federal court, substantial judicial resources. For large, complex disputes, litigation may be preferable. For most commercial disputes involving a non-US founder, arbitration is more practical.

Limiting class actions

US commercial contracts frequently include class action waiver clauses, which require each party to resolve disputes individually rather than as part of a class action lawsuit. In the B2B context, class action waivers are generally enforceable when combined with an arbitration clause, following the Supreme Court's ruling in AT&T Mobility LLC v. Concepcion (2011). For a SaaS or consumer-facing business with many customers, a class action waiver in your terms of service limits the exposure from a single customer's complaint being used to aggregate claims from thousands of other customers.

8. Data Privacy: US Obligations for Businesses Handling Personal Data

The United States does not have a comprehensive federal data privacy law comparable to the EU's General Data Protection Regulation (GDPR). Instead, privacy is regulated through a patchwork of federal sector-specific laws and state consumer privacy laws. For a non-US founder whose US business collects personal data from US consumers, the most important privacy compliance obligation is likely the California Consumer Privacy Act.

The California Consumer Privacy Act and CPRA

The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives California residents significant rights over their personal data and imposes compliance obligations on businesses that meet certain thresholds. The CCPA applies to for-profit businesses that do business in California and meet at least one of the following criteria: annual gross revenue over $25 million, buy or sell or receive or share for commercial purposes the personal information of 100,000 or more California residents or households per year, or derive 50% or more of annual revenue from selling California residents' personal information.

For businesses that meet the threshold, CCPA compliance requires providing California residents with a privacy notice at collection, a privacy policy disclosing what data is collected, how it is used, and who it is shared with, the right to know what personal information has been collected, the right to delete personal information, the right to opt out of the sale or sharing of personal information, the right to correct inaccurate personal information, and the right to limit use of sensitive personal information.

Businesses subject to the CCPA must also have a 'Do Not Sell or Share My Personal Information' link visible on their website if they sell or share personal information with third parties. Violations can result in civil penalties of up to $7,500 per intentional violation and up to $2,500 per unintentional violation, as well as a private right of action for data breaches affecting certain categories of sensitive information.

Other state privacy laws

Following California's lead, numerous other states have enacted consumer privacy laws with varying requirements. Virginia, Colorado, Connecticut, Texas, Florida, Montana, Oregon, and Iowa have enacted comprehensive privacy laws. While the specific requirements differ, most follow a similar structure to the CCPA: notice at collection, access and deletion rights, opt-out rights for certain data uses, and data protection assessments for high-risk processing activities.

For a non-US founder building a US-facing consumer product, implementing a privacy program based on the CCPA as the highest common denominator and extending it to address other state requirements is the most efficient compliance approach. Most privacy compliance frameworks and consent management platforms (OneTrust, Termly, Osano) are designed to handle multi-state compliance from a single configuration.

Federal sector-specific privacy laws

In addition to state laws, several federal laws impose privacy obligations on specific sectors. HIPAA covers protected health information in the healthcare sector and applies to covered entities and their business associates. COPPA covers personal information collected from children under 13 and applies to any operator of a website or online service directed to children. GLBA covers financial institutions' handling of consumer financial information. FERPA covers student education records. If your business operates in any of these sectors, sector-specific compliance is required in addition to any applicable state law obligations.

Privacy policy requirements

Every US-facing website and application that collects personal data should have a privacy policy that is accurate, up to date, and accessible. The privacy policy must disclose what data is collected, how it is used, with whom it is shared, how long it is retained, and what rights the user has with respect to their data. Privacy policies must be updated whenever the data practices they describe change. A privacy policy that describes practices that are no longer accurate is both a legal risk (because it misrepresents the entity's actual practices) and a regulatory risk (because several state AGs have brought enforcement actions against companies for misleading privacy policies).

Terms of service and privacy policies for US-facing products should be drafted or reviewed by a US attorney with privacy law experience, not generated from a generic template. Templates frequently fail to reflect actual data practices and do not account for the specific requirements of the states where your users are located.

9. Protecting Your US IP Across Borders

IP rights are territorial. A US trademark registration gives you rights in the United States but not in the UK, Australia, or Germany. A US patent does not prevent a competitor from manufacturing and selling the same invention in a country where you have no patent protection. Building an IP portfolio that protects your business in all of the markets where you operate requires a deliberate international strategy.

The Paris Convention priority period

For both patents and trademarks, the Paris Convention gives you a window of time after your first filing in any member country to file in other member countries and claim the priority date of your original filing. For patents, this window is 12 months. For trademarks, it is six months. This means that if you file a US patent application on January 1, you have until January 1 of the following year to file in other countries and claim the January 1 priority date, which protects you against competitors who file in those countries between your US filing and your international filing.

The Paris Convention priority period is the standard mechanism for international IP filing strategy. File first in the US (or your home country) to establish a priority date, then use the priority period to extend to other markets based on which countries are commercially important to your business.

The Patent Cooperation Treaty

For international patent protection, the Patent Cooperation Treaty (PCT) provides a unified filing procedure that allows you to file a single international application designating multiple countries and defer the decision about which specific countries to pursue until 30 months from the priority date. This gives you time to assess the commercial potential of your invention before committing to the cost of national phase filings in each country, which can be substantial.

The Madrid Protocol for trademarks

As mentioned in Section 1, the Madrid Protocol allows you to extend a national trademark registration to multiple countries through a single international application. The current registered owner of a national trademark in a member country (the US is a member) can file an international application through that country's trademark office, designating other member countries where protection is sought. The application is examined under the national law of each designated country. This is generally more cost-effective than filing separate national applications in each country.

Before You Move to Part 12

Part 12 covers your home country obligations: the compliance layer that exists in parallel with your US obligations and that does not disappear when you form a US entity. It covers Controlled Foreign Corporation rules, reverse permanent establishment risk, treaty interaction limits, transfer pricing documentation in both directions, foreign bank account reporting equivalents in your home country, repatriation tax cost analysis, and social security double-contribution risk by jurisdiction.

Before you move on, confirm that the following from this part are addressed:

• All IP created by employees is covered by an IP assignment clause in their employment agreements

• All IP created by independent contractors is covered by a written IP assignment in their contractor agreements

• Any pre-existing IP contributed to the US entity by the founder has been formally assigned by written agreement

• Any open source components in your product have been reviewed for license compatibility with your commercial model

• Your company name, product names, and logos have been cleared for use in the US and registered with the USPTO if they are material to your business

• Your customer agreement, contractor agreement, NDA, and intercompany services agreement are in place and have been reviewed by a US attorney

• Your commercial contracts specify governing law as a US state and include a dispute resolution mechanism

• Your privacy policy accurately reflects your current data collection and use practices and complies with CCPA if you are subject to it

Antravia Advisory: IP and contract issues are legal matters that require a qualified US attorney for drafting and review. What this part provides is the framework to understand what needs to be done and why, so that when you engage an attorney you are working from an informed position and can use that time efficiently. If you need referrals to US attorneys with experience in IP or commercial contracts for foreign-owned entities, we can help with that.

Continue to Part 12: Your Home Country Obligations

About Antravia Advisory

Antravia Advisory is a US-based tax and accounting advisory firm headquartered in Winter Park, Florida, operating nationally and internationally.

We advise international businesses entering the United States and complex US companies operating across multiple states, entities, and revenue structures. Our work spans advanced tax strategy, multi-state sales tax oversight, cross-border structuring, and high-level accounting architecture for e-commerce brands, subscription and SaaS businesses, platform-based models, and multi-entity groups.

We work with founders and leadership teams who require technical precision, structural clarity, and financial frameworks built for scale, capital events, and long-term resilience.

The Non-US Founder’s Complete Guide to Running a US Business

Part 1 — Before You Start

Part 2 — Choosing Your US Entity

Part 3 — Formation

Part 4 — US Banking

Part 5 — US Federal Tax

Part 6 — US State Tax

Part 7 — Paying Yourself

Part 8 — Accounting and Bookkeeping

Part 9 — Annual Compliance Calendar

Part 10 — Hiring in the US

Part 11 — Intellectual Property and Contracts

Part 12 — Your Home Country Obligations

Part 13 — Applied Business Types

Part 14 — Exiting, Winding Down, or Restructuring

Disclaimer:
Content published by Antravia is provided for informational purposes only and reflects research, industry analysis, and our professional perspective. It does not constitute legal, tax, or accounting advice. Regulations vary by jurisdiction, and individual circumstances differ. Readers should seek advice from a qualified professional before making decisions that could affect their business.

See also our Disclaimer page