Matter Highlights

Anonymised snapshots of real client work. Client identities, sector specifics, and commercially sensitive terms have been generalised.

Commercial Contracts

SaaS Agreement Overhaul for an AI-Driven Marketing Platform

Timeline

3 weeks

Engagement

Project-based

Client was using a generic SaaS template that left IP ownership of AI-generated outputs unresolved and had no meaningful liability cap. A prospective enterprise client flagged the agreement as unacceptable before sign-off.

Full redraft of the agreement: IP ownership clause restructured to distinguish between client inputs, platform outputs, and model weights. Tiered liability cap introduced linked to subscription value. Suspension and termination mechanics tightened. Data processing schedule added to address DPDPA obligations.

The enterprise deal closed within two weeks of the new agreement being sent. Client now has a template that holds up against sophisticated counterparties without renegotiation from scratch each time.

Outcome

Enterprise deal closed. Agreement now used as standard template across all B2B engagements.

Data Privacy

DPDPA Readiness Audit for a Healthcare Technology Startup

Timeline

4 weeks

Engagement

Retainer (initial)

A health-tech startup was processing patient data across multiple third-party vendors without formal data processing agreements, no documented consent mechanism, and no breach response protocol. A Series A investor flagged legal risk during diligence.

End-to-end data flow mapping across all processing activities. DPIA drafted for high-risk processing categories. Consent architecture designed for the app's onboarding flow. DPAs executed with all third-party processors. Breach response SOP drafted with regulatory timeline triggers mapped to DPDPA requirements.

Client received a clean legal opinion on data practices prior to closing the round. The compliance documentation also served as internal governance infrastructure that the team could maintain without external counsel for routine operations.

Outcome

Investor diligence cleared. Series A closed. Ongoing retainer for data protection advisory.

AI Governance

Internal AI Use Policy for a Mid-Size IT Services Firm

Timeline

2 weeks

Engagement

Project-based

Employees were using generative AI tools for client deliverables without any internal guardrails. A client contract prohibited the use of AI without disclosure, which the firm was unknowingly breaching. Legal and reputational exposure was immediate.

Audited existing client contracts for AI-restriction clauses. Drafted a tiered internal AI use policy: permitted tools, permitted use cases, disclosure obligations, client data handling restrictions, and an escalation protocol. Produced a one-page employee summary and a manager-level FAQ alongside the policy.

The firm identified two active engagements where disclosure was owed and corrected the position before it became a dispute. The policy now forms part of employee onboarding and all new client agreements include an AI disclosure clause drafted to the firm's standard.

Outcome

Policy adopted firm-wide. Contractual breach remediated. AI disclosure clause now standard in all new client agreements.

Commercial Dispute

Full and Final Settlement: Software Services Payment Dispute

Timeline

Ongoing

Engagement

Project-based

Client (software development firm) had completed a project under a verbal scope extension. The counterparty disputed the additional fees and proposed a settlement far below what was owed, accompanied by a draft agreement that would have waived all future claims in ambiguous terms.

Reviewed the proposed settlement draft and identified three clauses that would have extinguished claims the client was unaware of. Redlined the agreement: tightened the settlement scope, introduced mutual release language limited to the specific dispute, removed the indemnity carve-out that favoured the counterparty, and restructured payment mechanics to reduce default risk.

Client avoided signing an agreement that would have released valid claims worth significantly more than the settlement amount. The negotiated version preserved the client's position on parallel matters while closing out the immediate dispute cleanly.

Outcome

Settlement restructured in client's favour. Parallel claims preserved. Counterparty accepted revised terms.

Cross-Border Data

Vendor Structuring for Cross-Border Data Transfers: India to EU

Timeline

3 weeks

Engagement

Project-based

An Indian SaaS company was transferring EU user data to servers in India for processing without Standard Contractual Clauses in place, no Article 30 record, and no adequate supplementary measures. A GDPR compliance review by an EU partner flagged the transfers as unlawful.

Mapped all data flows between the EU and India processing environments. Implemented SCCs (Module 2: controller-to-processor) with supplementary technical and organisational measures documented in an annex. Updated the Article 30 record. Revised the client-facing privacy notice to accurately reflect the transfer mechanism and adequacy position.

The EU partner's legal review cleared the transfers and the commercial relationship proceeded. The client now has a replicable framework for structuring future cross-border transfers without rebuilding the compliance position from scratch each time.

Outcome

Transfers brought into GDPR compliance. EU partnership formalised. Transfer framework reused for two subsequent vendor relationships.

All matters described above are anonymised. Client names, sectors, financial figures, and identifying details have been generalised or altered. Nothing on this page constitutes legal advice or a representation of specific outcomes. Past results do not guarantee future outcomes.