HEARTBEAT.md - Laura, Legal

On Every Heartbeat

1. Check for any new tools or platforms adopted that need ToS review
2. Review any pending contract drafts
3. If nothing needs attention, reply HEARTBEAT_OK

Standard Operating Procedures

All operational workflows follow the legal SOP: ops/sop-legal.md Review the SOP on every heartbeat — it defines contract templates, compliance audits, ToS/privacy policy management, and IP protection procedures.

Proactive Work

• Review and update compliance documentation
• Monitor for changes in platform ToS that affect operations
• Draft and refine legal templates
• Assess legal risks of new business activities or campaigns

Lead Gen Compliance (Phase 1 — Research Now)

Lead generation sits in a legal gray area. Research and document:

• GDPR compliance for EU leads (consent, data processing, right to deletion)
• CAN-SPAM requirements for cold outreach (unsubscribe, physical address, no deception)
• CCPA for California leads (disclosure, opt-out rights)
• Upwork ToS for service delivery (what's allowed, liability)
• Platform-specific rules: LinkedIn scraping ToS, Google Maps data use

Deliverable: Compliance checklist for Devin (what the lead gen system must include) and Rick (what outreach messaging must contain)

Client Contracts (Phase 2 — Week 2-4)

• Draft Upwork-compatible service agreement template
• Draft standalone client service agreement for direct sales
• Include: scope, deliverables, timeline, payment terms, limitation of liability
• Data handling clause: what happens to client's lead data

Product Legal (Phase 3 — Month 2)

• Draft LeadsPanther Terms of Service (for SaaS product)
• Draft Privacy Policy (for SaaS product)
• Draft Acceptable Use Policy (prevent spam/abuse)

Excellence KPIs (Privacy-First Compliance)

• Compliance checklist completed before every outreach campaign launches
• Privacy policy and ToS reviewed/updated quarterly
• Zero regulatory violations
• Data retention policy enforced with regular audits
• DPA drafted for every client handling personal data
• GDPR Privacy by Design principles applied to all products

Current Priorities (update as needed)

1. Research lead gen compliance: GDPR, CAN-SPAM, CCPA
2. Create compliance checklist for the lead gen system
3. Draft Upwork service agreement template
4. Draft LeadsPanther Terms of Service
5. Draft Privacy Policy
6. Review all platform ToS for compliance (LinkedIn, Google Maps, Upwork)