How can small bootstrapped startups fight copyright infringement by big companies?

I'm referring to the where Dataroom Corgi copied code from the project.

The topic feels even more personal to me because I know one of Papermark's founders, and I've seen how many years she's dedicated to building the project.

Large companies have bigger legal budgets, stronger brand recognition, and, as a result, a much stronger position when disputes arise.

This has been heavily discussed on X, and at the very least, founders should:

  • Gather as much evidence as possible (screenshots, commit history, timestamps, etc.)

  • Build a community from day one to strengthen credibility and public support, e.g. personal brand.

  • Register or patent anything that can be legally protected.

I'm not a lawyer, though. That's a question for people with actual legal expertise. đź‘€ Wink wink

From the perspective of a small startup, how would you handle situations like these?

123 views

Add a comment

Replies

Best

the missing fourth move: ship the conversation publicly the moment you spot the copy. not after the legal letter, not after consulting advisors. within 24 hours.

big companies count on the time gap between "founder notices" and "founder is ready to make noise." that's the window where the story dies internally and never reaches the audience that would care.

watched this happen to a friend last year. waited 3 weeks to "do it right." by the time he posted, the narrative had shifted to "why didn't you say something sooner?" and his moment was gone.

real leverage for small startups isn't legal. it's distribution timing. you have 24-48 hours to make the story permanent. after that the algorithm forgets and the copy just becomes a competitor with better SEO.

 Good pointer. Easy to act upon.

 That is a valid point, but let's say that the original founder will not notice it immediately, but maybe 3 or 4 weeks after the launch. Then, it is a worse position and it is difficult to negotiate.

This is actually much more common than people think. Even last week there was a really close person who had a legal issue on X.

Honestly, there is no universally “right” way to react. Legal threats are often sent mainly to intimidate the smaller company, even when the sender may not have a particularly strong case. This situation appears to be different, but I would still advise founders to preserve as much evidence as possible before contacting the other side and before they have the opportunity to change their repository or product.

Take screenshots, archive the relevant pages and repositories. Also record the product in use if necessary, document the timeline, and speak with a lawyer immediately. Both the US and Europe have procedures that can help when protected material has been copied. But litigation is generally a very slow and expensive process, especially for a bootstrapped startup.

One slightly positive side effect is that situations like this can create a lot of visibility. Papermark has already received significant attention on X and coverage from the media. Of course, that has nothing to do with the legal merits of the case. But if you are already forced into such a situation, it makes sense to communicate it carefully and try to extract at least some reputational or business value from the attention.

  agree on evidence preservation, that's the move every founder skips. the part i'd push back on: "speak with a lawyer immediately" can lock you into the slow track. lawyers correctly tell you "don't post anything publicly until we file." that optimizes for winning the lawsuit, not for keeping your audience.

watched it happen twice — founder takes the legal route, wins 14 months later, but the copy already has 10x the distribution + customer base by then. the "win" is hollow.

your last point lands for me: extract reputational value from the attention. that's the synthesis. preserve evidence privately, post receipts publicly within 24 hours. don't wait for either. parallel track it.

 Strong opinion! And you are right – this can have at least good PR value for Papermark. Hopefully, the case will be resolved to Papermark's satisfaction.

I guess in current climate starting with social media is better , that way public narrative can be pushed in your favour ! But there is no golden rules best is to consult lawyers even if its unfortunate !

 Actually more bigger names can stand for your case, which can improve the reputation too. :)

yeah that is true , community support could matter a lot !
actually i have side this in one another post , these kind of discussion and knowledge that happens here in PH are golden ! It could be so good if we can catalogue this somehow !! I have learned more here in three months than many years in corporate maybe if some PH moderator can keep a catalogue of these items somewhere ! Could be excellent for new founders :)

Worth checking the license before anyone reaches for the legal playbook (and usual disclaimer, not a lawyer). Papermark is AGPL-3.0, which changes the whole thing.

AGPL doesn't forbid copying. Anyone can take the code and modify it. What it requires is share-alike: run a modified version as a hosted product and you have to release your own full source under AGPL too. So the question isn't whether Corgi copied it, that's allowed, it's whether they complied. If they took it and they're running a closed-source SaaS on top, that's the breach, and breaking AGPL terminates the license. No license, and you're back to plain copyright infringement.

That's a better spot for the smaller side than it sounds, because the ask is clean and public: open-source your whole product or stop using ours. None of the murky "did they copy the look and feel" stuff that usually goes nowhere.

There's also backup here a bootstrapped team wouldn't normally have. The Software Freedom Conservancy and the FSF actually enforce GPL and AGPL, and developers get loud about violations. "They're running our AGPL code closed-source" is a sharper story than "big company copied us," and it reaches the people who'd care. A DMCA still works as the fast lever too, since the moment the license is broken their copy is unlicensed.

Only caveat: this needs them to have actually used the AGPL code and not complied. If they reimplemented it clean-room or just took the idea, AGPL and copyright probably can't reach them, and it's back to the evidence-and-narrative game everyone above described.

Worth adding how routine this pattern actually is, because Papermark is far from alone.

It tends to go the same way every time. Someone open-sources a strong project under a permissive license (MIT or Apache), it gets popular, a cloud giant offers it as a managed service and out-distributes the original team overnight, and the maker can't compete because the giant owns the customer relationship. The maker relicenses to something restrictive to defend itself, and then the community (sometimes the same giant) forks the last open version and carries on.

The cleanest example is AWS vs Elastic. Elasticsearch was Apache 2.0, so when AWS ran it as a managed service they weren't breaking anything, that license literally allows it. Elastic still felt eaten, relicensed to SSPL in 2021 to block AWS, and AWS just forked it into OpenSearch under the old open license. Years later Elastic added AGPL back, basically admitting the permissive license is what left the door open.

And it's not a one-off. Redis did the same dance in 2024 and got forked into Valkey. HashiCorp relicensed Terraform and got forked into OpenTofu. Same story, different year.

Which is why I keep coming back to the license being the whole defense, not a footnote. Permissive means a bigger player can legally take your work and outscale you. Copyleft like AGPL means they have to open-source their version or stay away. It's the difference between Elastic getting eaten and Papermark actually having a case.

 Wow, you have a lot of information. Have you experienced something like this?

  Not on the receiving end, thankfully, and I'd rather never test it. My angle is just that I've watched these cases closely and they shaped real decisions for me. The honest lesson from Elastic, Redis and Terraform is that the code is rarely the moat. A bigger team can copy the build or just out-execute it. What they can't copy quickly is the audience relationship and the trust you've earned in public. That's the same reason I keep going on about license choice for anything open, it's one of the few legal levers a small team gets for free, so picking it deliberately on day one beats scrambling after the fact. So no war story from me, just a lot of notes from other people's. With DukieX I leaned into the consolidation and the relationship being the hard-to-copy part, rather than betting on any one feature staying unique.

I’d probably handle it on two tracks at once: quietly preserve every piece of evidence, but also make the story clear enough for the community to understand what happened. Small startups usually can’t outspend a big company legally, but they can move faster on trust, transparency, and public credibility. The worst move is waiting too long and letting the copied version become the default story.

 For sure, I am happy that Iulia and her partner reacted promptly in this case and their following is pretty big on many platforms.

 I am pleased about that:)

Great question and while I don't have anything to really contribute to the topic, it's good to be aware that such things can happen. Thanks for raising the awareness!

 Anna, I am happy you find it helpful in some sort of way. Because this can happen to me too, and it is better to be prepared. This case actually serves as a good precedent.

I definitely worried about this when my project was completed. This is what I have done and hopefully it might help someone. File for a patent as soon as possible. It takes a long time (18 months wait period) but that's the only weapon you have to fight Big Tech from stealing from your invention.

 How much does the patent cost?

 From my experience it depends if you are filing as a micro entity or a big corporation and also whether you're employing the services of lawyers or not. I paid approximately $500 for a micro entity application for one claim. But it's worth it as a legal shield if it's completely a new invention or new distinguishable improvement even on an existing product. Once the patent is approved it give your product even more marketable 'wings'. I highly recommend new small startup use USPTO to protect their products right from the start. My personal experience has taught me to start that process early whiles you continue to build.

 I am not so sure whether I am in a position to patent it. I mean, my sort of product is not available yet, but I couldn't find it online for now, which means it is somehow new (I do not know whether there is no demand, maybe that's why) :D But as soon as I see people that they like it, I will try to patent it :)

 Do a little research on USPTO website to find out how, because I know it is possible to patent just the idea with diagrams or flow chart. Best of wishes to you.

It’s not easy, and unfortunately, it’s becoming increasingly common. Financial clout remains the main issue; large companies have the resources to defend themselves, whereas for a startup, protecting one's work is difficult—not least because it costs money that is often better spent elsewhere, such as on raising awareness of the product.

That said, in theory, if all commits, pull requests, and so on are made in a Git repository, you should be able to prove your code predates the copied version. However, even then, it isn't hard to have an AI agent rewrite existing code so that it differs from the original source while retaining the same functionality.

This ties into the issue with major LLMs, which didn't hesitate to train their models on everything they could find across the internet—or even the darknet—regardless of intellectual property rights.

Ultimately, I feel luck plays a part. If a startup’s product succeeds, generates buzz, and gains visibility, there isn't much to worry about. On the other hand, if someone creates something innovative, functional, and interesting but struggles to get it off the ground, the risk is that a large corporation will swoop in and—armed with the necessary resources—make it a success for themselves.

That is clearly a concern for any creator. I’m preparing to launch a solution in September, and that is exactly what I’m worried about: messing up the launch and inadvertently giving ideas to market leaders.

 I think that main advantage of Papermark is that it is relatively popular and the founders are well-known people on social media with a strong community.

This is honestly one of the scarier parts of building something small.

I’ve been thinking about this a lot with my own product too. There’s a proprietary method behind it, and in an ideal world I’d love to protect it properly. Patent it, lock the IP, do everything “by the book”.


But in reality patents are expensive. Legal work is expensive. And when you’re bootstrapping, that same money is also your product runway, your design budget, your user research, your next release.

So you end up in this strange place where you know you should protect what you’re building, but protecting it too early can also slow you down.

For now, I think the most realistic defense for small founders is a mix of things: document everything, keep clean version history, make sure authorship is visible, build in public where it makes sense, and create enough trust around the founder/product that copying you doesn’t look harmless.

Because having legal rights is one thing. Being able to afford enforcing them is another.