In 2010, two long-time employees of Zoho, a Software-as-a-Service (SaaS)-based provider of online business tools, left the company to found Freshworks. A decade later, Zoho sued Freshworks for trade-secret misappropriation under the Defense of Trade Secret Act (DTSA) and the California Uniform Trade Secrets Act (CUTSA), alleging that Freshworks has been stealing Zoho’s confidential information since the company’s inception, including by relying on Zoho’s private financial figures and by recruiting Zoho employees. In its recently filed motion to dismiss, Freshworks denies the merits of the accusations, but also raises a procedural defense based on the three-year statute of limitations under the DTSA and CUTSA. Freshworks contends that Zoho’s delay in filing suit, despite being on notice of Freshworks’ alleged malfeasance as early as 2010, is dispositive for several of its allegations. Multiple Freshworks’ products allegedly developed using stolen information were created and publicly launched more than three years ago, raising a potentially challenging statute of limitations hurdle. Even if Zoho’s version of events is correct and theft occurred, it could be the case that Zoho’s failure to quickly take action against Freshworks would preclude them from recovering damages.

Regardless of the outcome, this case provides a useful example of how companies must be prepared to protect trade secrets in an increasingly SaaS-dominated world. According to a study conducted by Bettercloud, 86% of businesses will use SaaS technology for at least 80% of internal applications by 2022. This means that businesses will have the vast majority of confidential information stored on web-based applications that are available to employees. While this accessibility allows for greater productivity and communication, it also heightens theft concerns. As such, it is imperative that businesses take steps to ensure that information is only viewed for legitimate purposes. Zoho, for example, has a need-to-know policy where confidential information could only be accessed by an employee if it was in furtherance of the employee’s duties. Zoho also utilizes confidentiality agreements, NDAs, two-factor authentication, and passwords to prevent unapproved access. An assessment of what constitutes “reasonable” protective measures is determined on a case-by-case basis.

Ultimately, it is employees with authorized access to confidential information that pose the greatest threat. According to a 2016 study, roughly 85% of trade-secret thefts are perpetrated by employees. So even when a company follows best practices, the company is vulnerable to what an employee can do with validly-obtained confidential information. Therefore, it is important that businesses develop a specific plan of action to respond to suspected trade-secret theft by an employee. Part of this plan must be a willingness to file a lawsuit if those suspicions are confirmed. As the Zoho matter exemplifies, the potential harm from timely inaction is great.


  • Make Use of Exit Interviews: An exit interview provides a reminder to the ex-employee of exactly what was signed with regards to NDAs, confidentiality agreements, and also what trade secrets were learned in the course of employment. A signed writing confirming what was discussed in the interview would also help establish the record in case of suit.
  • Identify and Train Response Teams in Advance: Trade secret protection should not fall to a single department. While lawyers will need to play a key role, having members from other departments, such as IT and HR, trained on these issues will help speed up and improve the investigative process.