Internal Comms & Meetings

How to write an exec brief as Small Legal and Compliance Teams

Internal Comms & MeetingsFor Small Legal and Compliance Teams3 apps12 steps~24 min to set up

You're a two-person legal team at a 150-person company, and at least once a quarter someone from the C-suite asks for an exec brief on legal exposure, pending contract risk, or compliance posture — usually with 48 hours notice. You pull from three places that don't talk to each other: a Notion contract tracker that's three months stale, a Gmail thread with the latest vendor-risk responses, and a Vanta dashboard you screenshot and paste into Google Slides. The result is a deck that takes half a day to assemble, contains caveats nobody reads, and is already outdated by the time it's presented. Ironclad and OneTrust would solve this — for $120k/year and a dedicated legal-ops hire.

Build this on Starch → See the apps used

Internal Comms & MeetingsFor Small Legal and Compliance Teams3 apps12 steps~24 min to set up

Outcome

What you'll set up

A living exec-brief app that pulls contract status, open risk items, and policy-attestation completion rates from your actual systems — so the next brief takes 20 minutes, not half a day

An automated weekly digest that surfaces new vendor-risk items, contracts awaiting signature, and overdue policy attestations — delivered to Slack or email before the leadership standup

A presentation-ready output you describe in plain English and Starch drafts — structured sections, real numbers from your connected data, ready to export to PDF or send as a shareable link

The Starch recipe

Apps, data, and prompts

The combination of Starch apps, the data sources they pull from, and the prompts you use to drive them.

Apps used

Presentation Agent Knowledge Management

Data sources & config

Starch syncs your Gmail data on a schedule so the brief can reference vendor-risk email threads and signature-chase history without you manually searching. Connect Notion from Starch's integration catalog; the agent queries your contract tracker live when the brief runs. Connect Google Drive from Starch's integration catalog for any DPAs or MSAs stored as files. Starch automates DocuSign through your browser — no API needed — to check envelope status and pull pending-signature counts. Slack is connected from Starch's integration catalog for weekly digest delivery.

Prompts to copy

Build me an exec brief app that pulls open contracts from our Notion tracker, flags any MSAs or DPAs that are unsigned or expiring in the next 60 days, shows vendor-risk questionnaire status from our Gmail thread history, and summarizes policy-attestation completion rates. Format output as a one-page briefing with a risk section, a contracts section, and a compliance section — exportable to PDF.

Every Monday at 8am, send me a digest of: (1) contracts in Notion tagged 'pending signature' with the counterparty name and deal owner, (2) any vendor-risk questionnaire emails in Gmail that are more than 5 business days old without a response logged, and (3) any policy attestations due in the next 30 days. Send to Slack #legal-ops.

Draft an exec brief for the April board update covering our contract exposure (unsigned MSAs, DPAs without data-processing addenda, contracts expiring before Q3), our current vendor-risk queue depth, and our SOC 2 readiness posture based on what's in Notion. Write it at a level appropriate for a CFO who has 4 minutes to read it.

Run these in Starch → or paste them into your favorite agent

Walkthrough

Step-by-step

1 Connect Gmail — Starch syncs your Gmail data on a schedule, so vendor-risk threads, DSAR acknowledgment emails, and signature-chase chains are all queryable without you digging through your inbox.

2 Connect Notion from Starch's integration catalog. Point it at your contract tracker database — Starch queries it live to get current contract status, counterparty names, expiration dates, and any custom fields you're tracking.

3 Connect Google Drive from Starch's integration catalog. This gives Starch access to your stored MSA and DPA files so it can cross-reference document status against your Notion tracker.

4 Wire in DocuSign via browser automation — Starch automates DocuSign through your browser, no API needed, to check which envelopes are still pending and who the outstanding signer is.

5 Connect Slack from Starch's integration catalog so Starch can deliver the weekly digest to your #legal-ops channel without you having to log in and trigger anything.

6 Open the Email Triage starter app and customize it: tell Starch to flag emails tagged with vendor-risk, DSAR, subpoena, or attestation keywords and route them into a prioritized queue rather than letting them age in your inbox.

7 Build your exec-brief app by describing what you want in plain English — sections, data sources, risk thresholds. Starch assembles the surface; you review and adjust the layout once.

8 Set the weekly automation: every Monday at 8am Starch runs the digest — pulls from Notion, Gmail, and DocuSign browser check — and posts the summary to Slack before your Monday leadership standup.

9 When a board meeting or leadership review is coming, open the Presentation Agent and describe the brief you need. Starch drafts the slide content from your connected data; you review the numbers and export to PDF or a shareable link.

10 Store the brief template and any supporting reference documents in the Knowledge Management app so the next person who needs to run this workflow — or a future third team member — can find it without asking you.

11 Set a Slack reminder trigger: if any contract in Notion has been in 'pending signature' status for more than 7 days, Starch posts a nudge to you with the counterparty name and the deal owner's name so you know exactly who to chase.

12 After the first brief cycle, review what the exec team actually asked follow-up questions about and update your prompt to pre-answer those in the next draft — the app gets more accurate to your leadership's actual questions over time.

See this running on Starch

Connect your tools, describe what you want, and the agent builds it. Closed beta is free.

Try it on Starch →

Worked example

April 2026 Board Prep Brief — Legal & Compliance Snapshot

Sample numbers from a real run

MSAs pending signature (>7 days outstanding)	4
DPAs without executed data-processing addendum	2
Vendor-risk questionnaires awaiting response (>5 business days)	6
Policy attestations due before June 30	11
Contracts expiring in next 90 days	3

It's April 14, 2026. The board meeting is April 18. Your head of finance pings you Tuesday morning asking for a one-pager on legal exposure. Normally this is a four-hour exercise: open Notion, realize the tracker is stale from January, spend an hour updating it, screenshot Vanta's attestation dashboard, search Gmail for the six vendor-risk threads you've been managing, paste everything into Google Slides, write transitions, send it, and get a reply asking what 'pending DPA addendum' means. This time: you open Starch, type 'draft the April board brief on legal and compliance posture — contracts, vendor risk, attestation status,' and Starch queries your live Notion tracker, scans the Gmail sync for vendor-risk threads, checks DocuSign envelope status through browser automation, and drafts a structured brief in 4 minutes. It surfaces the 4 unsigned MSAs (one of them is the $340k ARR deal sales has been pushing for three weeks), flags the 2 DPAs that are missing addenda for GDPR-covered vendors, and notes that 11 of your 38 employees still haven't completed the annual security-awareness attestation. You edit two sentences, export to PDF, and send it. Total time: 22 minutes. The CFO reads it before the meeting. No follow-up questions about what 'pending DPA addendum' means because Starch wrote it in plain English.

Measurement

How you'll know it's working

Time to produce exec brief (target: under 30 minutes from trigger to send)

Contracts in 'pending signature' status older than 7 days (should be zero at brief time)

Vendor-risk questionnaires unresolved past SLA (tracked per quarter)

Policy attestation completion rate across employee base (% complete, broken down by department)

DPAs outstanding for active GDPR/CCPA-covered vendors (should be zero)

Comparison

What this replaces

The other ways teams handle this today, and how the Starch version compares.

Ironclad + legal-ops hire

Ironclad is a purpose-built CLM with deep contract workflow features, but it starts around $30k/year, assumes a dedicated legal-ops administrator to configure and maintain, and doesn't connect to your existing Notion tracker or Gmail history — you'd be migrating your whole workflow, not adding to it.

OneTrust

OneTrust handles privacy and vendor risk at enterprise scale, but it's priced for companies with a dedicated privacy team and a six-figure compliance budget — it won't help you write the exec brief or pull from your existing contract tracker.

Manual Google Slides + Notion + Gmail

Free and familiar, but the brief takes half a day to assemble, is always partially stale, and requires you to be the integration layer between four systems that don't talk to each other.

Evisort or LinkSquares

Strong AI contract analysis, but oriented around large contract repositories and enterprise procurement teams — overkill if your primary problem is producing a coherent exec brief from systems you already have, not AI-reviewing clause language at scale.

ChatGPT / Claude (standalone)

You can paste content in and get a draft brief, but the model has no live connection to your Notion tracker, Gmail, or DocuSign — you're still the one doing the data assembly, which is the expensive part.

On Starch RECOMMENDED

One platform — presentation agent, founder inbox, knowledge management all running on connected data. Setup in plain English; numbers stay current via scheduled syncs and live agent queries.

Try it on Starch →

FAQ

Frequently asked questions

We use Notion as our contract tracker but it's not very structured — some fields are missing, some deals are in free-text pages. Will Starch still work?

Yes. Starch connects Notion from its integration catalog and queries pages and databases live. It works with whatever structure you actually have — it's not expecting a perfectly normalized schema. If your tracker is a mix of database rows and free-text pages, tell Starch that when you describe the app and it will handle both. You may get better output by cleaning up a few key fields first, but you don't need to do a full migration before you start.

Does Starch connect to DocuSign directly?

Starch automates DocuSign through your browser — no API setup needed. It can check envelope status, see who the pending signers are, and pull that data into your brief. This is browser automation, not a native DocuSign API integration, so it works for reading and navigating DocuSign the same way you do — it won't programmatically trigger new envelopes on your behalf without you reviewing first.

We're not SOC 2 Type II certified yet — can we still use Starch for legal data?

Starch is not SOC 2 Type II certified today — that's an honest limit worth naming. If your company's security policy requires SOC 2 Type II for any tool that touches contract data or PII, that's a real blocker to check with your own IT team. Starch's compliance roadmap is active; check the current status directly with the Starch team.

Can Starch pull from Vanta or Drata to get our attestation completion rates into the brief?

Vanta and Drata are web-based platforms. Starch can automate them through your browser — no API needed — to read attestation completion dashboards and pull those numbers into your brief. This is browser automation, so it navigates the UI the way you would. If Vanta or Drata exposes an API, you can also connect them from Starch's integration catalog and have the agent query live.

What if the exec team wants a different format for the brief every quarter?

Describe the new format in plain English and Starch rebuilds the output accordingly. There's no template locked in — the app is defined by what you tell it. If Q2 needs a different risk-scoring framework or a new section on GDPR processor agreements, you update the prompt and the app reflects it. You're not editing a template in a drag-and-drop editor; you're just telling Starch what you need.

We also track subpoena responses and DSARs — can those be in the brief too?

Yes. If you track DSARs and subpoena responses in Notion or in Gmail threads, Starch can pull those into the brief. Tell Starch what your tracking conventions are (a specific Notion database, a Gmail label, a tag convention) and it will include the open count, age, and status in the relevant section. DSARs have hard legal deadlines — having Starch surface the age of each open request is exactly the kind of operational detail that helps a brief be useful rather than decorative.