SearchApi yesterday filed a formal motion to dismiss a trade secret and copyright lawsuit brought by SerpApi in the U.S. District Court for the Western District of Texas, arguing the case has no legal foundation and exists primarily because its founder declined to sell the company three months before the complaint was filed.

The motion, docketed as Document 18 in Case No. 1:26-CV-00143 on April 20, 2026, challenges the lawsuit on three separate grounds: lack of personal jurisdiction over SearchApi, improper venue, and failure to state a claim on every count. It lands at a moment when SerpApi is simultaneously fighting lawsuits from both Google and Reddit over web scraping practices - a context that gives the industry-within-industry dispute added weight.

The acquisition that started it all

At the centre of the defendants' argument is a blunt factual assertion. According to Zilvinas Kucinskas, SearchApi's founder and CEO, SerpApi's chief executive Julien Khaleghy approached him in December 2025 with an offer to purchase SearchApi. Kucinskas declined. According to the motion, Khaleghy then made clear that if Kucinskas refused to sell, SerpApi would sue to try to put SearchApi out of business. The complaint followed on January 20, 2026 - roughly three weeks after those discussions ended.

"Plaintiff filed this case because Defendant Kucinskas declined Plaintiff's offer to purchase SearchApi during discussions the parties had in December 2025," the motion states. That framing, if accepted by the court, would cast the entire lawsuit as a business dispute dressed in intellectual property clothing rather than a genuine case of corporate espionage.

SerpApi's complaint, covered by PPC Land when it was filed, sought damages tied to an alleged $47 million investment in proprietary technology. It claimed Kucinskas - who worked as an independent contractor for SerpApi from July 22, 2020 to July 23, 2021 - retained source code, accessed servers without authorisation after leaving, and built SearchApi using stolen trade secrets. SerpApi's general counsel Chad Anson described the evidence as "damning" in a press release published February 17, 2026.

The defendants' motion disputes every material claim in that complaint. And the technical detail in the 34-page filing is considerable.

Jurisdiction and venue: the threshold arguments

Before getting to the substance, SearchApi argues the court should not even be hearing the case. SearchApi is a Wyoming LLC with its principal place of business in New York City. It was incorporated on July 9, 2022, roughly eleven months after Kucinskas left SerpApi on July 23, 2021. The motion argues there is no basis to drag a company into a Texas court when that company has no contacts with Texas, no customers documented there, and no operations in the state.

SerpApi's complaint relied on two theories to establish jurisdiction. First, it made vague assertions that SearchApi "purposefully directed" activities at Texas and - notably - only "on information and belief" - does business there with customers that have Texas operations. Second, it pointed to a forum-selection clause in Kucinskas's Independent Contractor Agreement (ICA), which specified Texas courts. The motion dispatches both arguments. On the first, it notes the complaint "omits those facts because they do not exist." On the second, it notes SearchApi was never a party to the ICA - a separately formed LLC cannot inherit contractual obligations it never signed.

The key infrastructure SerpApi identified in its complaint - a MongoDB server located in New Jersey, and IP addresses in Lithuania and Latvia - is all outside Texas. Under the Supreme Court's reasoning in Walden v. Fiore (2014), a defendant's own conduct must create the necessary connection to the forum. The plaintiff's Texas residence alone is not sufficient. SearchApi argues this principle controls the case and requires dismissal under Rule 12(b)(2).

Venue presents a parallel problem for SerpApi. The events at the heart of the complaint - alleged server access from Lithuanian and Latvian IP addresses, connections to a New Jersey database - did not occur in the Western District of Texas. Under 28 U.S.C. 1391(b)(2), a civil action must be brought where a substantial part of the events occurred. The motion argues they did not occur in this district.

The confidentiality clause that expired

Even if jurisdiction were established, the defendants argue the breach of contract claim fails as a matter of timing. Section 10 of the ICA - a copy of which is filed as an exhibit to Kucinskas's sworn declaration - explicitly limits the survival of Section 4 (Confidentiality) and Section 5 (Equitable Remedies) to three years after termination. Kucinskas left on July 23, 2021. Three years later is July 23, 2024 - approximately eighteen months before the lawsuit was filed on January 20, 2026.

"SerpApi's breach of contract claim relies on confidentiality obligations that were no longer in effect when suit was brought," the motion states. That expiry also matters to the trade secret claims, because SerpApi chose to let contractual confidentiality protections lapse rather than renewing them or seeking alternative protections.

The ICA itself - signed July 22, 2020 - also contained a provision expressly permitting Kucinskas to work for other entities, provided he complied with the confidentiality terms while they were in force. SerpApi's complaint does not allege facts showing any specific use of confidential information within the three-year window. According to the motion, the company identified only access events, not evidence of actual use or transfer of protected material.

The security lapses at the heart of the trade secret claims

The most technically detailed section of the motion concerns what happened - and failed to happen - when Kucinskas left SerpApi in 2021. To maintain a trade secret claim under either the federal Defend Trade Secrets Act (DTSA) or the Texas Uniform Trade Secrets Act (TUTSA), a plaintiff must demonstrate it took reasonable measures to protect the information. The defendants argue SerpApi did the opposite.

According to Kucinskas's declaration, SerpApi sent his system credentials in plain text in an unencrypted onboarding email on July 22, 2020. The company did not deploy mobile device management or endpoint detection tools to his personal device. It did not provide a company computer or company password manager, instead allowing him to work on a personal MacBook Pro. It never required him to sign a security policy or document identifying supposed trade secrets.

More significantly, SerpApi stored production database backups on a private GitHub repository named "serpapi-mongodb-backup-v8" - hosted on CEO Khaleghy's personal GitHub account, not a corporate account. That repository contained a banner stating "THIS IS UPDATING FROM OUR LIVE PRODUCTION DATABASE." Kucinskas's collaborator access to that repository, granted during his employment in 2021, was never revoked. It remained active for more than four years - until December 1, 2025, when SerpApi's lawyers confirmed revocation in a letter from Kirkland & Ellis. The lawyers had only raised the issue after Kucinskas's counsel flagged it in a letter dated November 7, 2025.

SerpApi markets a SOC 2 Type II certification. The motion notes the continued active collaborator access "appears inconsistent with standard logical-access deprovisioning controls, i.e., SOC 2 CC6.3 - Access Modification and Removal." In other words, SerpApi's own certification standards required revoking that access in July 2021. It did not happen for more than four years.

The December 1, 2025 letter from Kirkland & Ellis attorney Akshay Deoras, filed as an exhibit, confirms that the "serpapi-mongodb-backup-v8" repository is not the "util server" SerpApi alleged Kucinskas improperly accessed. That backup repository sits on a personal GitHub account - separate from the infrastructure SerpApi named in its original access allegations. Deoras confirmed Kucinskas's access to that account was revoked, but also confirmed a second system: the "util server" is a live database containing the production database, test database, and CI database. According to SerpApi's lawyer, each access to that server "contains a fingerprint (i.e., driver line) that shows SerpApi's codebase was retained on Mr. Kucinskas's computer over the years." The defence contests this interpretation entirely.

Software expert Dr. Paul Martin, whose declaration is attached to the motion, disputes the "fingerprint" theory directly. The driver-name and driver-version string recorded in MongoDB connection logs is identical for every client running the same driver release. It does not uniquely identify a user and does not show what code was running on the connecting machine. According to Martin's declaration, this string "cannot establish what code Mr. Kucinskas's computer was running, what data was accessed, or whether the connection was intentional." The forensic basis for SerpApi's most striking allegation - that the MongoDB connections prove Kucinskas was actively running SerpApi's codebase for years - collapses under that technical analysis.

The motion also draws attention to what MongoDB actually contains. SerpApi's own expert, forensic investigator M. Schroeder, describes the MongoDB environment as "a central repository that enables its code; containing the data they use to answer queries and to store information about users, test data, statistics, and more." As the motion notes: MongoDB is a runtime data store. It does not contain application source code. Access to a MongoDB database - even if unauthorised - does not enable access to or download of source code. Stripe, similarly, is a payment processor, not a code repository.

The copyright and trade secret claims concerning SearchApi's products face a different category of problem: the elements SerpApi identifies as proprietary are, according to the defendants, standard across the SERP API industry.

Kucinskas's counsel Jean-Marc Zimmerman, of Lucosky Brookman LLP, argued this in pre-litigation correspondence. A November 7, 2025 letter submitted as an exhibit sets out that SearchApi's API parameters - including "location," "uule," and query - are standard Google Search parameters used by competitors including Autom.dev, Novada, Scrapeless, NetNut, ScrapingBee, and RapidAPI. These are not proprietary to SerpApi; they are required for compatibility with the underlying search infrastructure.

On user interface patterns, the motion notes both companies use the same third-party live chat platform, Intercom, which is also used by more than 30,000 companies worldwide. SearchApi uses Tailwind and Hotwire/Turbo for its frontend stack; SerpApi uses React and Bootstrap. The pattern "input - submit - iframe - JSON view" used in both companies' API playgrounds has been an industry standard since Yahoo Search BOSS's July 2008 release, nine years before SerpApi was founded. Pricing plan tier names such as "Starter," "Developer," and "Production" appear routinely across competitors including SerpWow, Serper, and OxyLabs.

Martin's declaration also examines the specific "identical bug" allegation from SerpApi's complaint - one of its more pointed claims. SerpApi alleged that negative account balance behaviour was a unique programming error it identified in its own code, which SearchApi replicated. According to Martin, the negative balance behaviour results from optimistic concurrency with eventual consistency - a deliberate engineering trade-off chosen to improve throughput in high-volume distributed systems, not an unintentional bug. SearchApi's own penetration testing report independently confirms this design choice.

SerpApi's copyright registration certificate, attached to its own complaint, states that "computer program" material is excluded from the registered claim and lists the year of completion as 2025. Despite the complaint's references to "eight years" or "nearly a decade" of development, the only registered copyright in evidence covers a 2025 deposit that excludes the very code SerpApi seeks to protect.

Pre-litigation interference allegations

The motion adds a dimension to the story that extends beyond the courthouse. According to Kucinskas's sworn declaration, before filing on January 20, 2026, SerpApi contacted open-source integration maintainers including n8n, falsely accused SearchApi of theft, paid to have SearchApi integrations removed, and offered financial incentives to persuade those maintainers to switch to SerpApi. Since the lawsuit was filed, the company has "engaged in an ongoing public relations campaign accusing Defendants of dishonesty and theft."

These allegations are unproven and contested. But they matter procedurally because they support the defendants' narrative that SerpApi's objective was not litigation in good faith but rather competitive elimination of a smaller rival. The broader context - SerpApi simultaneously defending against Google's DMCA lawsuit and Reddit's amended complaint while prosecuting a trade secret case against a competitor - sharpens that picture.

Why this matters for the ad tech and marketing community

PPC Land has followed SerpApi's legal battles since Google filed its lawsuit on December 19, 2025, and has noted repeatedly that SerpApi's products sit at the infrastructure layer that powers SEO tools, competitive intelligence platforms, and data pipelines used by marketers worldwide. The company's scraping services feed directly into the research and monitoring workflows that marketing professionals depend on for keyword analysis, rank tracking, and paid search intelligence.

The outcome of SerpApi v. Kucinskas will not directly affect those workflows in the near term. But the CFAA and DTSA arguments in the motion to dismiss touch principles that have broad application across the ad tech ecosystem. The question of whether using active credentials - even after a contractor relationship ends - constitutes "access without authorisation" under the Computer Fraud and Abuse Act is not a narrow issue. It bears on how companies in the marketing technology space structure offboarding procedures, access revocation timelines, and security documentation for contractors.

The court docket, last updated April 21, 2026 and assigned to Judge David A. Ezra, shows the motion is still pending. The court today granted an unopposed motion for the defendants to exceed page limits - a procedural step that allowed the 34-page motion to be formally accepted. No hearing date has been set.

Timeline

  • July 22, 2020 - SerpApi engages Zilvinas Kucinskas as an independent contractor; sends credentials in plain text via unencrypted email
  • July 23, 2021 - Kucinskas departs SerpApi; GitHub collaborator access, MongoDB credentials, and Stripe credentials are not formally revoked
  • July 9, 2022 - Kucinskas incorporates SearchApi as a Wyoming LLC with principal offices in New York City
  • May 5, 2023 - SearchApi publicly launches its service
  • September 8, 2023 - Final alleged unauthorised access to SerpApi's MongoDB server, according to SerpApi's complaint
  • July 26, 2025 - SerpApi CEO Julien Khaleghy emails Kucinskas accusing him of IP theft
  • September 2, 2025 - Kucinskas's counsel Jean-Marc Zimmerman sends first denial letter to SerpApi's counsel
  • October 22, 2025 - Reddit files lawsuit against SerpApi, Oxylabs, AWMProxy, and Perplexity AI over DMCA violations
  • November 7, 2025 - Zimmerman's letter to SerpApi reveals Kucinskas still has active GitHub collaborator access more than four years after departure
  • December 1, 2025 - Kirkland & Ellis confirms GitHub access is revoked; ten letters exchanged in pre-litigation correspondence
  • December 2025 - SerpApi proposes acquisition of SearchApi; Kucinskas declines; SerpApi CEO warns of litigation
  • December 19, 2025 - Google files DMCA lawsuit against SerpApi in the Northern District of California
  • January 20, 2026 - SerpApi files complaint against Kucinskas and SearchApi in the Western District of Texas; case assigned to Judge David A. Ezra; filing fee $405
  • January 27, 2026 - Summons issued for Kucinskas and SearchApi
  • January 29, 2026 - SearchApi served
  • February 16, 2026 - SearchApi files motion for extension of time to answer; SerpApi announces lawsuit publicly via press release
  • February 17, 2026 - Court holds extension motion in abeyance
  • February 18, 2026 - SearchApi files motion for Jean-Marc Zimmerman to appear pro hac vice
  • February 19, 2026 - Court grants Zimmerman pro hac vice application
  • February 20, 2026 - SerpApi files motion to dismiss Google's DMCA complaint in Northern District of California
  • February 24, 2026 - Court grants extension; defendants' answer due April 20, 2026
  • March 13, 2026 - SerpApi files renewed motion to dismiss Reddit's amended DMCA lawsuit
  • April 20, 2026 - SearchApi and Kucinskas file motion to dismiss (Document 18), Kucinskas declaration, Zimmerman declaration, and Martin expert declaration in Texas court
  • April 21, 2026 - Court grants motion to exceed page limits; motion to dismiss now formally pending before Judge Ezra

Summary

Who: SerpApi LLC, an Austin, Texas-based web scraping platform founded in 2017 by Julien Khaleghy, is the plaintiff. Zilvinas Kucinskas, a Lithuanian software engineer who worked as a senior contractor for SerpApi from July 2020 to July 2021, and his company SearchApi LLC (a Wyoming LLC based in New York City, publicly launched May 2023) are the defendants. SerpApi is represented by Kirkland & Ellis LLP; SearchApi and Kucinskas are represented by Lucosky Brookman LLP.

What: SearchApi and Kucinskas filed a 34-page motion to dismiss SerpApi's complaint, which alleged trade secret misappropriation under the Defend Trade Secrets Act and Texas Uniform Trade Secrets Act, copyright infringement, breach of contract, and Computer Fraud and Abuse Act violations. The motion challenges personal jurisdiction over SearchApi, argues venue is improper in the Western District of Texas, and contends every claim fails to state a cause of action on its merits.

When: The motion was filed on April 20, 2026. The underlying complaint was filed January 20, 2026. The case was last updated on the court docket on April 21, 2026.

Where: U.S. District Court for the Western District of Texas, Austin Division, Case No. 1:26-CV-00143, assigned to Judge David A. Ezra.

Why: The defendants argue the lawsuit was triggered by Kucinskas's refusal to sell SearchApi to SerpApi in December 2025. Their motion contends SerpApi's alleged trade secrets are not protectable because the information at issue is publicly available industry-standard material, SerpApi failed to take reasonable measures to protect it - including leaving credentials active for over four years after Kucinskas departed - and the confidentiality obligations in the ICA expired in July 2024, eighteen months before the complaint was filed. The case sits within a broader pattern of litigation over web scraping data rights in which SerpApi itself is defending claims brought by Google and Reddit.

Share this article
The link has been copied!