Visual Artists AI Art Training Lawsuits and Artist Protections: What Visual Artists Actually Own and How to Opt Out Visual artists' work is being scraped into AI training datasets without consent. Copyright registration, Andersen v. Stability AI, platform opt-outs (DeviantArt, ArtStation, Adobe Firefly), Glaze, Nightshade, and VARA — here is what you actually own and how to opt out.
EdTech EdTech Student Data Privacy Compliance: FERPA, COPPA, and State Laws for Startups Selling to Schools EdTech founders assume FERPA only applies to schools. But the school official exception, COPPA, and 40+ state laws like California SOPIPA impose direct obligations on vendors. Here's what to build before selling to school districts.
Founders ADA Website Accessibility Compliance: A Founder's Guide to the 2024 DOJ Rule and Demand Letters Most founders assume mobile-friendly means accessible. It doesn't — and courts are enforcing WCAG 2.1 AA against DTC brands and SaaS startups with increasing frequency.
Founders Does Your Startup Have a National Security Data Problem? The DSP Compliance Checklist Founders Are Missing Your privacy program does not cover the DOJ Data Security Program. Since October 2025, the DSP and PADFAA restrict which vendors, investors, and engineers can access your users' data based on ties to Countries of Concern. Here is how to find your exposure.
Health Tech Genetic Data Privacy for Health Tech: The 2026 Compliance Roadmap GINA, GIPA, Florida's DNA Privacy Act, Illinois BIPA, Texas HB 130, and FTC enforcement — the operational compliance roadmap for health tech apps that collect, process, store, or share DNA and genetic data in 2026.
Privacy Law AI in EdTech: FERPA, COPPA, and State Student Privacy Laws When Your App Adds AI Features When your EdTech app adds AI tutoring, grading, or content generation, three regulatory layers apply at once: FERPA, COPPA's updated 2026 rule, and 100+ state student privacy laws restricting profiling and automated decision-making.
Regulatory Compliance & Legal Risk Management Telehealth Cross-State Licensing Compliance: The 2026 DEA and State Board Roadmap for Health Tech Health tech founders assume their telehealth platform can operate nationally once the app ships. But every state has its own medical licensing, telehealth registration, and prescribing rules and the DEA controlled-substance telemedicine rules remain in regulatory limbo through 2026.
Visual Artists When AI Trains on Your Art: Copyright, Style Imitation, and Legal Options for Visual Artists Visual artists whose work feeds AI image models like Stable Diffusion and Midjourney have legal rights. Here is what copyright law, active litigation, the Copyright Office, and technical tools like Glaze and Nightshade mean for your art today.
Game Studios When Players Build: UGC Legal Compliance for Game Studios Game studios hosting user-generated content face overlapping obligations under Section 230, DMCA safe harbor, COPPA 2025 amendments, and the EU DSA. Here is the compliance framework.
Founders The State Privacy Law Patchwork in 2026: Which Laws Apply to Your App and What They Require Twenty states now have active privacy laws. This guide maps which ones apply to your app based on your user base, explains the California/Texas/other enforcement tiers, and covers the five elements every privacy notice must include.
Health Tech Mental Health App Data Privacy: What Therapy and Wellness Apps Must Do Beyond HIPAA Most wellness and therapy app founders assume HIPAA is the only privacy framework they need to worry about. It isn't. Mental health data sits under a stricter federal layer, state confidentiality statutes, and FTC enforcement actions that apply even when you're not a covered entity.
Founders CCPA and CPRA for Consumer App Founders: What Applying to California Users Requires Most founders assume CCPA only applies to enterprise companies. It doesn't — a consumer app with 100,000 California users is covered regardless of revenue. Here's what the thresholds, six consumer rights, and 2025 CPPA enforcement actions mean for your product.
Writers Newsletter Legal Checklist: CAN-SPAM, Privacy Policy, and Platform Risk for Substack and Ghost Creators Running a paid newsletter also means running an email marketing operation. Federal law, state privacy statutes, and FTC disclosure rules apply to your subscriber list whether you have 200 readers or 200,000.
Writers The Legal Guide for Newsletter Creators: Copyright, FTC Disclosures, and Privacy Compliance Running a paid newsletter is running a business. Here's what every newsletter creator needs to know about copyright, FTC disclosures, privacy compliance, and platform terms.
Game Studios Age Ratings and COPPA: What Studios Building Kids' Games Actually Need to Know An ESRB E rating doesn't create a COPPA safe harbor — and Epic Games' $275 million penalty proved it. Here's how the FTC actually determines whether your game is 'directed to children,' what the 2025 COPPA amendments changed, and what minimum viable compliance looks like for indie studios.
Health Tech HIPAA and AI — When ML Training Crosses the BAA Line HIPAA gives business associates only two narrow permissions to use PHI for their own purposes — and AI model training fits neither. A close look at the BAA line, why de-identification is not the escape hatch vendors claim, and what to demand before signing any AI vendor agreement.
Founders Texas's AI Law Is Now in Force: What TRAIGA Actually Requires of Founders and In-House Counsel Texas's Responsible AI Governance Act (HB 149) has been in force since January 1, 2026 — and it is far narrower than the bill it grew from. Here is who TRAIGA reaches, what its intent-based prohibitions mean, how the Texas AG enforces it, and the NIST safe harbor to build toward.
Game Studios The EU Digital Services Act for Indie Game Studios: What Applies to You The EU's Digital Services Act applies to US game studios selling to European players — and it's been in force since February 2024. Here's how to figure out which obligations apply to your studio and what to do about them.
Health Tech Negotiating HIPAA Business Associate Agreements with Digital Health Vendors HIPAA's statutory floor for BAAs is lower than most covered entities realize. This guide covers what to demand in BAA negotiations with digital health vendors — from permitted use scope and AI training prohibitions to breach notification, audit rights, and PHI disposition at contract end.
EdTech Parental Consent UX Patterns That Pass FTC Scrutiny COPPA requires verifiable parental consent before you collect data from children under 13 — and a checkbox doesn't cut it. Here's what the FTC actually enforces, which consent mechanisms are approved, and a practical UX checklist for EdTech product teams.
Streamers COPPA on YouTube and Twitch: What Streamers Actually Need to Know After Disney's $10M FTC settlement, COPPA enforcement is hitting creators directly. What streamers need to know about Made for Kids, Twitch's age rule, the 2025 Final Rule, and the contract terms to push for in brand deals.
EdTech COPPA's April 22 Amendments: What Changed for EdTech Operators in 2026 The FTC’s 2025 COPPA Final Rule took effect April 22, 2026 with no grace period. Here’s what changed for EdTech operators: new biometric and geolocation data categories, data minimization and retention requirements, unbundled consent mechanics, and an expanded verification menu.
EdTech Drafting Direct Notice Under COPPA: What EdTech Operators Need in Their Disclosure COPPA requires a direct notice separate from your privacy policy — two documents with two different legal functions. Here's what EdTech operators must include, from the statutory checklist to the 2025 amendments.
Visual Artists The Visual Artist's AI Opt-Out Guide: What Actually Works in 2026 Three layers of defense — dataset, technical, legal — and which actually work for visual artists in 2026. Concrete steps for Spawning HIBT registration, Glaze cloaking, current AI-crawler robots.txt entries, EU TDMRep, and where DMCA still bites against AI outputs that copy your work.
EdTech Mixed-Age Audiences and COPPA: What EdTech Founders Must Do When Teens Use Your Platform COPPA's April 22, 2026 deadline has passed. Most EdTech platforms with teen users are already out of compliance with the amended rule's mixed-audience requirements. What triggers the obligation, what the general audience defense covers, and how to design a consent flow that survives FTC scrutiny.