What are the legal requirements for hosting business documents?
When you launch a startup, there are so many legal documents you need to have in place in order to be able to operate. Contracts with customers and suppliers, non-disclosure agreements, contracts of employment… the list goes on!
To ensure transparency and to make sure you adhere to the statutory requirements of the country you operate in, it’s essential to make the right documents available to the right people.
In this article, we’ll talk about the legal requirements of specific documents and what you need to do to ensure you fulfil your obligations as a business.
Important note: Before we start, it’s important to note that legal requirements can vary depending on the industry you work in, the type of business you have, and the country or state you operate in.
While this article will give you an overview of legal requirements, we always recommend consulting with a legal specialist to ensure you always stay compliant. No two businesses or situations are exactly alike, and it’s critical to get the right advice.
Who might need to see business documents?
It might be tempting to make every business document available to everyone. However, this can be risky from a security and data protection perspective. It’s important to strike the right balance between transparency and data protection.
This means making sure you know who needs to be able to view and access each document. The people and organizations that may need to see your documentation include:
- Customers
- Suppliers
- Directors and board members
- Stakeholders
- Anyone with equity in your business
- Investors and grant providers
- Members of staff
- Banks and financial institutions
- Courts and legal advocates
- Third-party agencies, consultants, and freelancers
- The government
- The general public
Let’s look at some types of business documents and who you might need to share them with.
The business registration documents
When you launch your startup, you will have a number of documents that show your company is officially registered for business, as well as set out the interior rules of governance.
Some of these documents will be created by you, while others may be given to you by the government and other relevant organisations. For example in the US, you will receive a certificate of formation from the Secretary of State once you’ve filed your articles of incorporation.
It’s important to understand who you need to make these business registration certificates available to. For example, your certificate of formation needs to be shared with shareholders so they understand the structure of your business and what rights they have. If you’re opening a business account or need a loan, your bank will want a copy. Investors may want to see it as part of their due diligence before they offer you a term sheet.
While you might not need to make your business registration documents available to everyone, you may need to make certain elements available.
For example, if you are based in the UK and your startup is a limited company, your directors’ details will be made available for everyone to see on Companies House — this includes name, address, and date of birth.
You also need to make sure your eight-character company registration number is visible on your website and emails, as well as letterheads, invoices, compliment slips, and order forms.
Financial statements and annual reports
You will have a vast number of financial documents as a startup. Who you need to share them with depends on the type of business you run, as well as the kind of business you operate.
If you’re a sole trader or operate a partnership, while you still need to keep records of your income and expenses, you share this information with fewer people. You typically only need to report your finances to the government as well as any relevant parties.
For example, if you have received a grant, you may need to report to the provider so they can see what you have done with the money. If you are involved in a legal matter, you may have to disclose certain information to the court.
(P.S Want to know more about grants available to your business? Check out our guides to finding and applying for business grants in the UK, US, Canada and EU.)
Some companies need to make their finances publicly available. For example in the UK, limited liability companies must file their accounts with Companies House, including a balance sheet and profit and loss account. In the US, as a general rule of thumb, private limited liability companies don’t have to disclose their finances, while public limited liability companies do.
Of course, your company can voluntarily divulge your finances if you choose to. This is often done to build trust and credibility and to attract investors. For example, Apple could just share its financial information with investors but makes it available to everyone on its website.
Copyright and trademark registrations
If your property has intellectual property like a logo or tagline, it’s important to keep it protected so competitors can’t use it. Depending on the type of intellectual property you want to safeguard, this can be done through patents, trademarks, or copyrights.
If you go down the patent or trademark route, it’s vital to understand that these methods mean your intellectual property is fully disclosed to the public. For example, in the UK, trademarks are made available to everyone on the Intellectual Property Office database. You need to bear this in mind if you don’t want your intellectual property to be made available to everyone.
Bear in mind that this doesn’t apply to non-disclosure agreements, or NDAs. An NDA is intended to be confidential between your company and the party that signed it, for example, a member of staff or a freelancer. However be mindful that if you have to go to court, your NDAs may become a matter of public interest.
Privacy policies
A privacy policy details how you collect data. This means it must be made available to everyone who is interested. Typically, this means adding your privacy policy to your website.
For example, you can find the You are launched privacy policy here.
Your privacy policy should discuss the following:
- The personal information you collect
- How do you collect the information?
- How do you use the information?
- Who do you share the information with?
- How do you store the information and the measures do you take to protect it?
- How often do you update your privacy policy?
- How do you communicate the changes?
If relevant to your industry or country, your privacy policy should also explain your approach to The General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA).
- HIPAA compliance checklist
- GDPR Compliance
It’s important that your privacy policy is clear, doesn’t contain jargon, and is regularly updated.
Additional things to bear in mind when it comes to hosting business documents
We’ve looked at the legal requirements surrounding key documents, but what else do you need to consider? Here are our expert tips for hosting your business documents.
1. Redact relevant information
While you might need to make some documents available to everyone, it may be that all the information within the document does not need to be made public. For example, the personal email addresses or contact details of employees. Publishing this information may mean you are in breach of any relevant data protection regulations.
We recommend thoroughly double-checking documents before you publish them. If there is confidential information, take it out or redact it — this means that you’re blocking the data out so it can’t be read.
2. Make your documents accessible
If you’re making documents available to people, it’s essential that they’re in an accessible format.
For example, scanning a document as an image may mean that people who use screen reader technology can’t read the content.
Provide documents in alternative formats as needed, and also offer contact details so people can get in touch if they have issues viewing them. This accessibility guide is a great starting point.
3. Ensure documents can’t be tampered with
It’s important to make sure that your documents can’t be doctored. For example, making a document available as a Word document can make it easy for someone to download it, make changes, and claim it as the correct version. This can mean you can waste time and resources trying to prove that the document was falsified.
Making documents available in PDF format makes it harder for them to be amended, although it is still possible to make amendments if you have the right technology.
A document management system can make it easy to manage your documents and prevent them from being downloaded, printed off, or amended.
4. Establish permissions for your documents
If you are sharing documents internally, not everyone in your team will need to see every document. This can be done with either password protection or a document management system with user roles and permissions in place.
We recommend following the principle of least privilege, which means users only have access to the data they need to do their jobs. That way, if someone needs access to a particular document, they can reach out to you and explain why they need it.
5. Understand retention rules
Some documents may need to be made available for a particular amount of time. For example, in the UK, financial records must be kept for six years from the date they were created.
It’s important to factor this into your record-keeping. A document retention policy makes sure everyone is aware of the legal requirements and ensures no documents are accidentally deleted.
6. Keep your documents up to date
If you update a document, it’s important to make sure it’s replaced everywhere it is shared.
This means everyone always has access to the most recent version, reducing the risk of misunderstandings, errors, and issues.
Depending on your country’s legislation, you may need to share certain documents if they are requested.
For example, take the Freedom of Information Act in the UK. If you do work for a public authority and someone submits a request to see specific information, your documentation may be included in the response.