How to respond to a subpoena or legal hold on Starch
A subpoena or legal hold lands in your inbox and immediately creates two problems: figuring out what you actually have to produce, and making sure nothing relevant gets deleted while you figure it out. That's the subpoena response workflow — and it's messier than it sounds, because the relevant documents are usually scattered across email threads, Notion pages, Slack channels, and someone's local drive. What this looks like in practice varies depending on your company's size, legal exposure, and how buttoned-up your documentation already is. A solo operator with one entity responds differently than a team running multiple vendor contracts and a full HR stack. On Starch, the end state looks like this: a single place where the scope of the hold is documented, every relevant email thread is surfaced and flagged, a running task list tracks who owes what by when, and nothing falls through the cracks because reminders fire automatically. You're not digging through inboxes manually or chasing teammates for confirmation — you have a clear record of what was preserved, what was reviewed, and what was produced.
Why it matters
Miss a preservation deadline and you risk spoliation sanctions — courts have imposed adverse inference instructions and case-ending penalties for lost evidence. Respond too broadly and you've produced confidential information you didn't need to. Respond too slowly and you're in contempt. The cost of a botched response isn't just legal fees; it's credibility with a judge, exposure in the underlying dispute, and distraction from running the business for weeks instead of days.
Common pitfalls
The most common mistakes: waiting until you understand the full scope before issuing a hold notice — by then, auto-delete policies have already run. Treating email as the only relevant data source when Slack messages, Notion pages, and billing records are equally discoverable. Failing to document the hold itself — if you can't show you issued a notice and to whom, the hold may as well not have happened. And conflating 'preserve' with 'review' — the two are separate steps with separate deadlines, and mixing them up wastes time and creates privilege problems.
Starch apps used
See this running on Starch
Connect your tools, describe what you want, and the agent builds it. Closed beta is free.
Choose your operator
A version of this guide tailored to your role — same recipe, different starting context.
The AI stack built for small in-house legal and compliance teams.
The AI stack built for small law and accounting practices.
The AI stack built for independent clinic owner-operators.
The AI stack built for the founder's office.
Related workflows in Compliance & Legal
SOC 2 evidence collection is the part of an audit where you prove that your controls actually work — not just that they're written down somewhere.
Read guide →A Data Subject Access Request is a formal ask from an individual — a customer, a former employee, a prospect — for a copy of every piece of personal data your business holds on them.
Read guide →Vendor contracts land on your desk constantly — software subscriptions, supplier agreements, master service agreements, NDAs, statements of work.
Read guide →An annual policy attestation cycle is the process of getting every employee on record as having read and acknowledged your company's active policies — things like your code of conduct, data handling rules, acceptable use policy, or harassment prevention guidelines.
Read guide →