Technology

Y Combinator Startup Corgi Denies Copying Code From Open-Source Platform Papermark

Martin HollowayPublished 3w ago4 min readBased on 5 sources
Reading level
Y Combinator Startup Corgi Denies Copying Code From Open-Source Platform Papermark

Y Combinator Startup Corgi Denies Copying Code From Open-Source Platform Papermark

Corgi, a fast-growing insurance startup backed by Y Combinator, has rejected claims that it used code from Papermark, an open-source document-sharing platform, without proper credit. The accusation surfaced on June 25, 2026, when Papermark's founder posted to Reddit's r/SaaS community and quickly spread to tech discussion forums like Hacker News.

The core claim: Corgi's data room product — a tool for securely storing and sharing documents during business deals — borrowed code from Papermark without following the rules set by Papermark's licence. Papermark uses something called Elastic License 2.0 (EL2), a type of licence that lets you read the code but restricts how you can use it. Specifically, EL2 prohibits offering the software as a hosted service and requires giving credit to the original creators.

Corgi replied the same day. In a Hacker News thread, the company said any similarities were coincidental and that it did not copy Papermark's code. TechCrunch reported on June 26 that Corgi maintained this position.

What's Actually at Stake Here

To understand why this matters, it helps to know what EL2 is. Elastic, a major data company, created the licence in 2021 to protect its work from being used by cloud providers without permission or credit. EL2 sits in a grey zone: the code is publicly visible on GitHub, but the rules around using it are strict. That distinction is important. The question isn't whether Papermark's code was publicly available — it was. The question is whether Corgi's use, if it happened, followed the licence's rules.

Neither company has filed a lawsuit as of June 27, 2026. Both have made public statements, but the facts remain contested. Without access to Corgi's internal code or a neutral technical comparison, it's impossible to verify either side's claim from publicly available information alone.

Why This Matters Beyond the Two Companies

Corgi's profile makes this dispute worth attention. According to its Y Combinator profile, the company grew from zero to $100 million in annual revenue in just seven months. That's a remarkable pace. It also means Corgi is one of the most visible startups from its cohort and under considerable public scrutiny. A reputational hit from a public accusation of this kind carries real costs, regardless of how the dispute ends.

The broader context here shapes how we should think about this. Corgi is a "full-stack" insurance carrier, meaning it builds its own policies and tools rather than just brokering insurance from other companies. A data room — a secure document storage system — fits naturally into that business, but it's not the company's main focus. When a team is under pressure to ship products quickly, the temptation to use existing building blocks from GitHub can be strong. That doesn't prove wrongdoing, but it describes the environment where it might happen.

There is also a practical lesson embedded in this episode. Elastic License 2.0 doesn't yet have much case law behind it. Elastic has litigated similar disputes, but courts haven't built up a large body of decisions that clarify what the licence actually requires in edge cases. For any engineer or founder who pulls code from GitHub — particularly from projects licensed under EL2 or similar "source-available" licences — this is a useful reminder: public code isn't automatically free to use.

The Wider Trend

This dispute also reflects something bigger happening across the software industry. AI-assisted coding tools have made it faster for teams to build and ship products. But the pace of shipping hasn't always kept up with the diligence required to check licences properly. Many engineering organizations haven't yet set up automated tools — like FOSSA, Black Duck, or GitHub's dependency scanner — to catch licence violations before code goes live. That's not unique to Corgi; it's a common gap right now.

The most likely outcomes are a negotiated agreement where Corgi either adds attribution or gets a proper licence, or the company demonstrates that its code is independently built and there was no copying. Either way, the public record of the accusation now exists, and it's a data point for how quickly reputation and licence disputes can escalate in public view.