Summary

This guide maps common founder legal decisions across three tiers: what you can largely handle yourself, where mistakes stay hidden, and where legal counsel is genuinely needed. Most founders can independently handle issues like entity formation, standard SAFEs, and founder vesting with good templates and light legal oversight. "Considered risk" decisions like 83(b) elections, AI vendor contracts, non-standard SAFE terms, and privacy policies contain more hidden risk and are harder to DIY. Legal counsel is often necessary for fact-specific regulatory exposure, frameworks that interact across jurisdictions, or consequences that are hard to reverse once they've compounded.

AI legal tools have genuinely expanded what founders can handle themselves. Issues like contract triage, regulatory monitoring, first-pass document review, and acceptable use policies can now be self-serviced in a way they weren't just a few weeks ago. 

But this expansion comes with a catch. As the legal ground founders can cover themselves has grown, so has the gap between what feels manageable and what actually is. Even if a founder uploads as much context as possible into an MCP Claude deployment to get the most accurate response possible, these tools are only as good as the questions you know to ask. Many overlooked issues tend to remain hidden until a major event like a fundraise or acquisition makes them expensive or impossible to fix. This guide is designed to close the gap before that happens.

What follows is a three-tier framework for making this distinction. It maps the legal decisions most tech founders face across a spectrum, from what you can genuinely handle yourself to where self-service becomes a bad bet. The goal is not to tell you that you need a lawyer for everything, or that you can handle everything yourself. It's to give you a more precise instrument than either of those positions.

For specific questions see the FAQ page, which addresses those directly. 

How to Evaluate Legal Decisions

Most legal decisions a founder faces can be evaluated on three variables: risk (what the magnitude of harm is if this goes wrong), complexity (how much judgment is required to apply the document correctly to your specific facts), and reversibility (whether you can fix a mistake later or are locked in).

Legal decisions founders can handle themselves tend to score low on all three, with standard templates and terms that can be retroactively revised if needed. Decisions in the middle tier are moderate on at least one variable, usually reversibility (ex: a document seems accessible but a mistake made there can lock you in and surface later). Situations that genuinely require counsel score high on at least two variables, and often all three simultaneously. 

What tier a legal decision belongs in isn't fixed. It's a function of your facts. For instance, a standard YC SAFE falls neatly into the “self-service” tier. On the other hand, a SAFE with a side letter, pro-rata rights, or MFN provisions from a strategic investor does not. The following breakdown should make it easier for you to tell the difference.

What founders can handle themselves with appropriate forms and light legal oversight

The legal “DIY tier” covers more ground than most legal practitioners are willing to admit, and AI tools have pushed it even further. Lawyers who suggest otherwise are either being overcautious or failing to distinguish between work that requires professional judgment and work that simply requires professional, up-to-date templates and some light legal oversight.

It only takes a few moments to run a standard vendor agreement through a legal AI tool to flag unusual terms or check a NDA against a standard playbook. But even with the latest tools, it’s important to manually confirm that any given template fits your specific facts without meaningful adaptation, and the terms are standardized enough that variation is unlikely to affect you meaningfully down the line.

Below are some of the common legal decisions that meet the above standards. For each one, a well-maintained template exists with terms that don't require material adaptation to your facts, provided, however, if you are a first time founder we do suggest you have some light legal oversight as you learn the ropes.

• Entity formation. You can form a Delaware C-corp through the Delaware Division of Corporations website, Clerky, or Stripe Atlas. If you're a solo or small-team founder building a software product and plan to raise venture capital, Delaware C-corp is almost always the right structure, and the filing is straightforward.

• Standard SAFEs for small angel rounds. The YC post-money SAFE is free, widely understood, and designed to work without negotiation for a standard pre-seed raise. If you're raising from angels who've seen SAFEs before, at a reasonable valuation cap, with no side letters or unusual provisions, you can execute this yourself.

• Basic NDAs. For routine conversations with potential partners, vendors, or hires, a mutual NDA template from YC, Cooley GO, or a similar source is fine. You do not need a custom NDA for an intro call.

• Founder vesting. Standard 4-year vesting with a 1-year cliff is available in template form and should be set up before raising money, even if it feels premature. The concept is simple; the documentation is accessible. 

• Simple contractor agreements. Standard independent contractor agreements that cover the basics (i.e. includes an IP assignment clause, a confidentiality provision, and a clear scope of work). If the agreement is more complex or the contractor is writing code or building anything central to your product, legal counsel may be required.

• 409A valuations. You need one before granting stock options, and you need to refresh it every 12 months or after a material event. The administrative process for ordering one is DIY; the valuation itself is performed by a third-party provider.

When it comes to the above decisions, a lawyer's contribution would typically be marginal relative to their fee. For specific how-to guidance on any of these, see the FAQ.

Where templates and tools may not be enough

This is where AI tools create a failure mode that didn't exist at the same scale before. A founder who skipped contract review knew they were taking a risk. A founder who ran a contract through an AI legal tool and got a clean summary may not realize the summary was accurate but incomplete. The tools review your document against a general standard. They don't know which deviations matter for your product specifically.

The mistakes in this “Considered Risk” category tend to be invisible at the time of signing and expensive at the moment of consequence. Oftentimes, these types of issues surface during fundraising diligence or an acquisition, when you’re on an aggressive timeline and have the least leverage to fix them.

The following decisions share this profile. Each one has accessible documentation, but the judgment call about what that documentation needs to say, given your specific facts, is where the risk lives.

• 83(b) elections. The filing itself is a one-page form. But you have exactly 30 days from the date of grant to file it with the IRS, missing that deadline is irreversible, and the tax consequences of not filing can be severe if your company appreciates. The task is DIY in terms of mechanics; the cost of a mistake puts it firmly in the "Considered Risk" tier.

• AI vendor contracts. Most founders sign AI vendor agreements without reading the IP provisions carefully. Many standard contracts from major providers include clauses that assign model outputs, fine-tuned models, or derivative works to the vendor. If AI outputs are central to your product, this clause deserves careful review before you sign. 

• Non-standard SAFE terms. A standard YC SAFE for a small angel round is DIY. A SAFE with a side letter, pro-rata rights, MFN provisions, or unusual terms from a strategic investor is not. These provisions interact with each other and with your cap table in ways that compound and they tend to surface as problems during Series A diligence.

• Privacy policies. If your app collects personal information, you need a privacy policy before launch. Templates can get you started. But as your data practices evolve, your documentation needs to evolve with them. This is especially true if you're handling AI training data, health information, or serving EU users.

For all the issues above the template is accessible but the judgment call about what it needs to say given your specific facts is what creates risk. For the most common questions in this category, see the FAQ.

Legal issues that require expert guidance

Some legal decisions are fact-specific enough that getting them wrong costs more than any tool or template can save. The situations in this tier are fact-specific enough that general guidance doesn't transfer reliably. This typically involves more complex frameworks that govern issues like multi-jurisdictional regulatory exposure, AI agent liability, and token launches. 

Serotonin Legal's value comes from working through what a specific regulatory framework requires of your product, your structure, and your current agreements. AI tools are useful preparation for these conversations. But they are not a substitute for them, especially within the backdrop of a rapidly shifting regulatory environment that can be easily misread.

The consequences of getting the below decisions wrong are large enough, and hard enough to reverse, that the cost-benefit math clearly favors professional guidance.

• AI agent liability. If you're building or using an autonomous AI agent, you need to understand who bears liability when the agent causes a loss. This analysis needs to be built into your product design, not just your terms of service. 

• Multi-framework regulatory exposure. An onchain AI product can simultaneously trigger SEC securities regulation, FinCEN AML requirements, state money transmitter laws, the EU AI Act, and state-level AI legislation. The main legal question is how these requirements interact and in what sequence you address them.

• Priced equity rounds. Once you're negotiating a Series Seed or later with institutional investors, the documents are complex, the negotiation dynamics matter, and the terms you agree to will govern your company for years. This is where experienced counsel pays for itself many times over.

• M&A and complex transactions. Acquisitions, mergers, and joint ventures involve negotiated representations and warranties, indemnification structures, earnout provisions, and closing mechanics that require experienced counsel on both sides. One development worth flagging for AI founders specifically: RWI underwriters are now asking detailed questions about AI training data provenance during diligence, which means preparation on that question should start well before a transaction process begins.

• Token launches with US users. If your product involves a token and you have US users, you need a legal analysis covering securities classification under security laws, money transmitter licensing, and AML/KYC obligations under FinCEN rules. The regulatory environment is actively shifting, which means self-service is not a safe approach.

If any of these situations apply to your company right now, reach out directly and we'll give you a clear read on where you stand.

Three questions that tell you which tier you're in

When you're looking at a legal task and trying to figure out which category it belongs in, run through these three questions in order. They won't cover every edge case, but they'll get you to the right place in most situations. 

1. Is there a standard, widely-used template for exactly this situation? If yes, and the terms don't require meaningful adaptation to your facts, you're likely in the DIY tier. The test is whether the template fits your situation without needing to be modified, not just whether a template exists at all.

2. Does the template need to be adapted to your specific facts, or are you combining multiple documents that interact with each other? If yes, you're in the "Considered Risk" tier. You may be able to handle it, but the risk of getting it wrong tends to surface at the worst possible time, when you have the least leverage to fix it.

3. Is the legal analysis fact-specific, legally complex, or expensive to get wrong?? If yes to any of these, you likely need expert counsel. 

The most common mistake isn't doing something yourself. It's not recognizing when the category has changed. A standard SAFE becomes non-standard the moment an investor requests a side letter. A simple contractor agreement becomes a "Considered Risk" tier document the moment the contractor is writing core product code. The document looks the same; the risk profile doesn't.

A note on how to use this guide

The DIY tier is a genuine starting point for most founders. The goal of this framework is to help you spend your legal budget where it creates real value, which means not spending it where it doesn't.

If you're working through a decision and not sure what to do next, that uncertainty usually means your situation has shifted to a more complex decision tier. In our experience, the right reflex at this inflection point isn’t to lawyer up on everything. It’s about recognizing the moment a “standard” template stopped being standard, and acting on it before the next fundraise or transaction makes the cost of fixing it magnitudes higher.

If you have a specific question on any item covered here, our FAQ addresses the most common ones directly, organized by decision tier. If your situation feels more complex than a lookup can resolve, reach out and we'll give you an assessment of whether you can handle it yourself, require counsel, or whether the right answer is somewhere in between.

Serotonin Legal advises technology founders on corporate, regulatory, and transactional matters at the intersection of AI, blockchain, and fintech. This guide is for general informational purposes and does not constitute legal advice. No attorney-client relationship is formed by reading this material.