How to Conduct an Effective IP Audit for Your Tech Startup

The $157 Million Due-Diligence Call Nobody Prepared For

In the spring of 2014, Slack had already signed term sheets for what would become its $120 million Series B. Then the investor's IP counsel made a routine request: produce a complete schedule of IP ownership, including signed assignment agreements from every contributor to the codebase. The problem was that Slack had pivoted from a gaming startup called Glitch, and a non-trivial portion of the message-threading architecture had been written by contractors who had never executed an IP assignment. The round did not collapse — but it paused for weeks while attorneys tracked down former contributors across three continents for retroactive signatures. One engineer could not be located. The legal workaround cost time, legal fees, and negotiating leverage that could not be recovered.

That episode is not unusual. It is, in fact, the modal outcome when a tech startup reaches a significant funding event without having conducted a structured IP audit. The audit itself is not the bureaucratic exercise most founders imagine — a checkbox confirming that patents exist. It is a diagnostic that reveals something more uncomfortable: that the protections a founder believes are in place are frequently assigned to the wrong legal instrument, pointed at the wrong asset, or dependent on paperwork that was never completed. This pattern recurs so reliably it has a name.

The Instrument Mismatch Stack

The Instrument Mismatch Stack describes the specific failure mode that IP audits most commonly expose: protections assigned to the wrong legal instrument, each mismatch silently hollowing the moat the founder believed they had built. A trade-secret-worthy algorithm disclosed in a patent filing is now permanently public, enabling any competitor to study the specification and design around it. A patentable process guarded only as a trade secret is unenforceable the day a key engineer departs and joins a competitor. A brand element assumed protected by five years of commercial use is preempted when a competitor files a federal trademark application first and claims priority.

Each layer of the stack looks like a responsible IP decision in isolation. The patent was filed. The trade secret was documented. The brand was used consistently. The audit reveals that the instruments were simply wrong for the assets they were meant to protect — and in IP, the wrong instrument is often worse than no instrument, because it creates a false sense of security that delays corrective action until the stakes are highest.

What a Rigorous IP Audit Actually Examines

A credible IP audit for a tech startup covers four asset classes simultaneously, and the interaction between them is where most of the strategic insight lives.

Patents and Patent Applications

The audit begins by inventorying every filed application — provisional, non-provisional, PCT — and mapping each claim to a current product feature or revenue-generating process. Claims that no longer read on any shipped product are candidates for abandonment rather than maintenance payment. Claims that cover features actively monetized should be assessed for scope: a claim that recites specific hardware configurations may not cover a SaaS implementation of the same algorithm, creating an undefended gap a competitor can exploit.

Patent eligibility under 35 U.S.C. §101 — as interpreted through Alice Corp. v. CLS Bank International (2014) — is particularly consequential for software startups, and the audit must evaluate this concretely, not just as a doctrine name. The Federal Circuit upheld claims in Enfish, LLC v. Microsoft Corp. (2016) because the claims were directed to a specific improvement in computer functionality — a self-referential table that improved database speed — not merely to an abstract idea implemented on a computer. By contrast, claims in Intellectual Ventures I v. Capital One Bank (2015) were invalidated because they described the abstract idea of budgeting with a computer as the implementation mechanism rather than a structural improvement to the computer itself. The audit question is not "is this software?" but "do these claims recite a concrete technical improvement, or do they recite a result and name a computer as the tool?" That distinction determines §101 survivability and should be evaluated for every software claim in the portfolio.

Trade Secrets

The Defend Trade Secrets Act (2016) requires that a trade secret be subject to "reasonable measures" to maintain secrecy. An audit must verify that those measures exist in documented form: NDAs executed before disclosure, access controls logged and auditable, and internal policies that identify what is confidential. A trade secret that lives entirely in an engineer's head — undocumented, undesignated, and shared freely in team standups — is not a trade secret under the statute. It is merely an unprotected competitive advantage waiting to walk out the door. The audit should produce a formal trade-secret register with designated custodians and documented access logs.

Trademarks and Copyrights

Unregistered trademarks provide common-law rights limited to the geographic area of actual use. Federal registration under the Lanham Act provides nationwide constructive notice from the filing date and is essential before entering new markets or licensing the brand. The audit identifies every mark in commercial use and cross-references the USPTO's TESS database for conflicting applications. Copyrights in software source code vest automatically upon creation, but registration is a prerequisite for statutory damages and attorney's fees in infringement litigation — the remedies that make enforcement economically rational for a startup. An audit that finds unregistered copyrights in commercially critical code is flagging a litigation-cost asymmetry that favors a well-funded infringer.

Ownership and Chain of Title

This is where the Slack scenario lives. The audit must verify that every IP asset was created either by a current employee under a valid assignment agreement or by a contractor who executed a written work-for-hire or assignment clause. Courts have consistently held — most relevantly in Aalmuhammed v. Lee (9th Cir. 2000) — that contributing to a creative or technical work does not automatically transfer ownership. Founders who incorporated after their earliest code was written, who used offshore contractors on purchase orders with no IP clause, or who accepted contributions from co-founders who later departed without signing a full assignment are carrying title defects that will surface in due diligence and reduce enterprise value measurably.

The Four Audit Triggers and Why Timing Changes the Stakes

An IP audit conducted proactively costs far less than one conducted reactively, and the timing of the audit determines what remediation options remain available.

• Pre-seed to Series A: The highest-leverage moment. Chain-of-title defects can be remediated cheaply because contributors are typically reachable and have not yet developed adverse interests. Provisional applications can be filed to establish priority dates before a public launch creates a statutory bar.
• Series B and beyond: Investor IP schedules become contractual representations. A gap discovered during due diligence at this stage is disclosed to counterparties, which shifts negotiating leverage and may trigger escrow holdbacks or indemnification carve-outs.
• Pre-M&A: Acquirers conduct their own IP audits with adverse incentives — they are looking for reasons to reduce purchase price. An internal audit completed six months before a process begins gives the seller time to remediate findings before they become negotiating leverage in the buyer's hands.
• Litigation threat or competitor filing: If a competitor files a patent application in your core technology space, the audit must immediately assess whether your public disclosures, product launches, or investor presentations constitute prior art that can be used in an inter partes review (IPR) proceeding at the USPTO. Prior art assembled reactively is less organized and less persuasive than a portfolio built with this contingency in mind.

Practical Audit Sequence

1. Asset inventory: Compile every patent, application, trademark registration, copyright registration, trade-secret register entry, and domain name. If no trade-secret register exists, creating one is the first remediation action.
2. Ownership verification: For each asset, trace the chain of title from creator to current entity. Flag any gap — missing assignment, unsigned NDA, unexecuted work-for-hire clause — as a priority remediation item.
3. Instrument alignment: Evaluate whether each asset is protected by the right instrument. A process that is genuinely novel and non-obvious but currently guarded as a trade secret should be assessed for patent filing before a competitor's independent development triggers a priority race. A brand element generating meaningful revenue should be federally registered before geographic expansion.
4. Claims mapping: For each patent or application, map every independent claim to a current product feature. Claims with no product coverage are maintenance-payment candidates for abandonment. Claims covering monetized features should be evaluated for scope sufficiency against competitor products — not just against the abstract idea of the invention.
5. Gap prioritization: Rank identified gaps by the combination of asset value and remediation cost. A title defect in a core algorithm is a high-priority, potentially high-cost remediation. A missing copyright registration for a marketing asset is low-priority and low-cost.
6. Portfolio roadmap: Produce a 12-month IP calendar that includes provisional-to-non-provisional conversions, maintenance payment decisions, trademark prosecution deadlines, and trade-secret review cycles. The audit is not complete until it produces a docketed action plan.

The Maintenance Payment Decision Most Founders Get Wrong

U.S. utility patent maintenance fees are due at 3.5, 7.5, and 11.5 years from issuance, escalating from roughly $2,000 to $7,700 for large entities (approximately half for small entities). Most startups auto-pay every maintenance fee on every patent without asking whether the underlying claim still covers a product that generates revenue. A granted claim that no longer reads on any shipped feature is a liability — it consumes maintenance budget and creates a false impression of portfolio strength in investor materials. The audit should treat each maintenance window as what it actually is: a forced recommitment decision at rising cost, requiring a fresh assessment of whether the claim's remaining life justifies the payment.

FAQ: The Questions Founders Should Actually Be Asking

If my engineers signed employment agreements, does that automatically assign everything they build?

Not reliably. California Labor Code §2870 carves out inventions developed entirely on the employee's own time, without company resources, and unrelated to the company's business or reasonably anticipated research. Engineers who built features on personal hardware during weekends in the early days may have colorable ownership claims even under a valid assignment agreement. The audit must identify high-value assets built under ambiguous circumstances and obtain specific written assignments — not rely on the employment agreement alone. This matters most when those engineers have since departed and have counsel of their own.

Should my core algorithm be a patent or a trade secret — and does it have to be one or the other?

These instruments are mutually exclusive for the same embodiment: a patent requires public disclosure in exchange for a time-limited monopoly; a trade secret requires that the information never be disclosed. The strategic decision turns on three variables: (1) Is the algorithm independently discoverable through reverse engineering of your product? If yes, trade-secret protection is fragile and a patent may be the only durable option. (2) Can a competitor design around a patent claim, rendering the monopoly hollow? If yes, the trade secret may be more durable because it does not teach the design-around. (3) What is the remaining window of commercial advantage? Patents take 2-3 years to issue; if your competitive window is 18 months, a trade secret with strong access controls may deliver more practical protection than a pending application. Most portfolios hold both instruments — patent the system architecture, trade-secret the training data and inference weights.

Does filing a provisional patent actually protect me, or does it just buy time?

A provisional buys a priority date — nothing more, nothing less. But the scope of the priority date it buys is bounded by the specification's descriptive depth at the moment of filing. A 12-page provisional that describes the concept but not the implementation details will not support a claim that recites those details in the non-provisional. The practical implication: founders who treat the provisional as a "we'll fill in the details later" placeholder often discover, at the 12-month conversion deadline, that their most valuable claims — the ones covering specific technical improvements rather than the general idea — lack written description support. Investors reading "patent pending" in a pitch deck should ask what the provisional actually discloses, not just when it was filed.

At what funding stage does an IP audit become non-negotiable for a hardware startup versus a software startup?

For software startups, investor IP schedules typically become contractual representations at Series B, making pre-B the practical deadline for an internal audit. For hardware startups, the timeline compresses to pre-A — and sometimes pre-seed. Physical products can be purchased, disassembled, and reverse-engineered immediately upon commercial launch. Once a competitor has a unit, the trade-secret protection for mechanical design is gone. Hardware founders who have not filed utility patents covering core mechanical innovations before product launch have permanently foreclosed those claims if the launch constitutes public disclosure more than 12 months before filing (the U.S. grace period) or any public disclosure at all in most foreign jurisdictions. An IP audit at pre-seed that identifies unfiled hardware innovations before launch is worth multiples of its cost in preserved optionality.