MVP (Minimum Viable Product): How to make an MVP app legally compliant?

⟨⟨ Back

Most start-ups that are now thriving companies with dozens or hundreds of employees were previously just an idea and a product or service in the testing phase. In business, it is then said that a Minimum Viable Product (MVP) is created.

However, what start-ups – often programmers who want to create their project “after hours” – forget about are legal issues. The MVP, just like the target product, because it already has some basic elements to commercialise the idea, is subject to legal regulations. Depending on what you actually want to achieve by releasing a test product/service will depend on which legal issues you need to pay attention to.

Let’s take the most common product that developers want to go to market with, which is a SaaS (software as a service) application. Let’s assume that this is to be an application for managing processes and companies in a particular market, e.g. insurance. Unfortunately, you cannot launch such an application into the market and test it without any legal preparation.

However, let’s start with a brief introduction of what an MVP, or Minimum Viable Product, is in general.

What is and how to create an MVP?

Minimum Viable Product (MVP) is a strategy for creating a simple product with the necessary features. It aims to get to market quickly, collect user feedback and reduce costs. A startup creating an MVP focuses on key elements, eliminating unnecessary ones, which speeds up production significantly. This allows the business concept to be tested quickly without full implementation, adapting the product to customer expectations based on the feedback received. Simplicity, functionality and speed are key features of the MVP, enabling dynamic adaptation to market requirements.

The MVP is first and foremost a tool for testing your business model. Market giants such as Uber, Dropbox, Figma or Slack started their path to unicorn status precisely by creating an MVP of their product or service.

Very often, developers spend months or even years of their work, only to realise at the end that their hypothesis was wrong and no one really cares about their product. This is why getting the MVP to market as soon as possible is crucial.

It is also important not to forget the 80/20 rule, also known as the Pareto principle. It says that 20% of the effort produces 80% of the results. In the context of software, this rule takes a slightly different shape: 20% of the features satisfy 80% of the users’ needs. MVP developers therefore always aim to define and address this crucial 20%. This corresponds exactly to the concept of “minimum viable” – exactly as much as the ordinary user needs, neither more nor less.

Having understood what an MVP is, the steps that precede its development and its importance for software developers, let us then move on to the legal aspects of bringing an MVP to market.

Firstly, the terms and conditions or client agreement

The first issue you should look at is the terms and conditions or contract. If you are starting to test your app in the form of an MVP, you are probably already charging some minimum fee for it. This means that you are committing to providing a SaaS application access service in return for payment. This is nothing more than an agreement to provide SaaS cloud services. It can take the form of a terms and conditions if you are already targeting your product at the MVP stage to an unspecified group of customers, or a contract if you are only making the application available to selected parties.

The basic requirements for terms and conditions for the provision of electronic services are described in the Act on the Provision of Electronic Services.

As the developer of the MVP, you must ensure in the regulations that they specify:

  1. types and scope of services provided electronically;
  2. the conditions for the provision of services by electronic means, including:
    1. technical requirements necessary to cooperate with the ICT system used by the service provider,
    2. the prohibition on the provision of unlawful content by the recipient of the service;
  3. the conditions for conclusion and termination of agreements for the provision of services by electronic means;
  4. the complaint procedure.

Remember, however, that these are the minimum requirements set by law. In practice, terms and conditions are quite extensive documents and may also include provisions on liability, intellectual property, account opening procedures, etc.

MVP and data protection

In fact, there is no company today that does not process personal data when providing its services or selling a product. Even in the most basic forms of your MVP you will be collecting some kind of personal data, even if only the most basic ones like your name, email address and phone number.

You need to remember that the moment you start processing personal data you become the controller. If you are a sole trader then the controller is you as an individual. If you are operating through an entity – such as a limited liability company – then the controller is that company.

What is the processing of personal data? Since your potential data protection obligations depend on it, it is worth knowing the scope of the term. Processing means an operation or set of operations which is performed upon personal data, whether or not automated, such as collection, recording, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

As you can see, the scope is very broad. For example, if a customer has created an account in your app then you have already started to process their personal data. Furthermore, you are also processing data, documents or data of your customers that have been added by your customer to their account.

In the context of what you have read above, you need to ensure at least a minimum level of personal data protection in the context of marketing the MVP of your product, ie:

  1. preparing a privacy policy on the website,
  2. conclude personal data entrustment agreements with your suppliers and customers,
  3. preparing a basic document showing that you know what personal data processing takes place in your company.

MVP and intellectual property

The final issue that you need to pay attention to first is the issue of copyright of your MVP. It is very often the case that, as an originator, you use your friends to help you create a product MVP.

There is nothing strange about this as costs count at this stage and need to be contained. However, such founders at the MVP stage often forget to secure the transfer of copyright from these ‘subcontractors’ to themselves or their company. This can give rise to many problems.

In extreme cases, which are not all that rare, even a developed product used by many customers will already contain key code snippets made while still in the MVP stage. As is often the case, contact with old acquaintances fades.

If you have not taken care of the transfer of copyrights in advance, this may be important, for example, when raising funding in the form of a VC fund, which will certainly investigate such an issue. Analogous mechanism should be applied to other elements such as graphics, logos, trademarks, domains (although these are subject to different regulations, but you should take care to control them).

How to make an MVP legally compliant? – summary

In summary, when creating an MVP, it is important to bear in mind not only its business aspects, but also legal issues related to regulations, personal data protection and intellectual property. It is particularly important to secure the copyright of the MVP, especially if you use the help of others to create it. It is imperative that you take care to transfer copyright from subcontractors to yourself or your company. Unsettled copyright issues may cause problems in the future, for example when you want to attract investors.