Top 15 Legal Issues in a SaaS Agreement

Top 15 Legal Issues in a SaaS Agreement
Posted by   Brian Heller Feb 29, 2024

SaaS (Software as a Service) subscription arrangements are incredibly common these days. As hosting costs have come down and hosting reliability and stability have gone up, choosing a SaaS model over traditional modes of software delivery, such as downloadable or “on premise” software, is simply a smart business decision.

For vendors, SaaS offers greater protection of their intellectual property (the customer never gets access to the software and source code), as well as more insight and control over how it is being used and an agile development process (with constant updating and improving capabilities). Customers prefer subscription services for their ease of use, efficiency, cost effectiveness, and faster and easier implementation. In some situations, implementation is as easy as logging in, rather than downloading, installing, integrating, etc.

And with continued innovation in areas such as AI-powered applications and 5G edge computing capability, SaaS solutions will undoubtedly continue gaining popularity among tech-oriented businesses. With this in mind, business teams on both sides of a SaaS arrangement may wish to sharpen their understanding of the key legal issues associated with a subscription services agreement, particularly if they are to play any role in their company’s review or negotiation of a such deals. 

The below comparison chart summarizes the top 15 legal issues in SaaS agreements from the perspectives of both vendors and customers. Additional insights for certain topics are provided in “read more” links. The below chart is intended to be a resource that you can review with your legal counsel.

 Common Vendor Preferences:Common Customer Preferences:
License ScopeA narrow scope, limited to specified named users, to be used only internally within the customer entity. Standard license restrictions (e.g., no reverse engineering, reselling, using competitively, etc.).  A broader scope, to include possible use by subsidiaries, affiliates and contractors. Fewer license restrictions, that are fair and reasonable.  
Payment Terms
Read more here.
Payment in advance. Shorter payment terms (e.g., net 30 after invoice date). Right to charge interest and collection costs for late payments.
Payment in arrears. Longer payment terms with right to dispute payments in good faith (e.g., net 60 after receipt of undisputed invoice). Avoid interest and penalties; or minimize their impact via a written notice requirement and cure periods before any interest or penalties can begin.  
Service Level Agreement (SLA)
Read more here.  
Reasonable SLAs (if any). Include “commercially reasonable efforts” standard, and manageable targets, as well as exceptions for things beyond vendor’s control (e.g., general internet issues).  Robust SLAs, including a right to service credits or refunds for excessive downtime, as well as a right to terminate after a certain number (or length) of incidents.  
Use of Data/ Data RightsRights to use customers’ aggregated, anonymized usage data, especially when such data is needed to train vendor AI.Retain all rights to its data; or grant limited rights to vendor for the use aggregated and anonymized data only.  
Data Privacy Addendum (DPA)
Read more here.
Reasonable DPA that meets the requirements of applicable privacy laws.DPA that requires prompt vendor notice (e.g., 48 hours) in the event of not only an actual security breach, but also any suspected or alleged security breaches; quick remediation (at vendor expense); termination rights for customer; and indemnity for security breach with either unlimited liability or a higher “super-cap.”  
Reps and WarrantiesStandard, but narrow, vendor reps and warranties, such as a representation that vendor’s services will substantially comply with the documentation.Standard, but broader, vendor reps and warranties, e.g., that vendor will comply with applicable laws and industry standards, confidentiality and privacy protections, IP rights (non-infringement), etc.  
Indemnities Read more here.Offer only basic indemnities (e.g., non-infringement), if any, to customer and include exceptions for modification or misuse of the Services. If possible, secure indemnities from the customer regarding its IP rights to any data or content being shared with vendor.      No indemnities given to vendor; or give indemnities with a narrow scope (and include exceptions for modification or misuse of your content or data). Robust indemnities from vendor (e.g., non-infringement, confidentiality & privacy, injury to persons or property, arising from any material breach, etc.).  
Limitation on Liability
Read more here  
Limit vendor liability. May give a “super cap” for certain issues, like indemnity, IP violations, and confidentiality/privacy.Uncapped vendor liability, if possible, especially for issues such as indemnities, IP violations, and confidentiality or privacy breaches. May accept super caps if they are reasonable, based on the scope of possible harm, not necessarily proportional to the size of the deal.  
Termination RightsLimited termination rights for the customer, and no obligation to provide refunds, or refunds only in very limited circumstances.Broad termination rights (e.g., due to vendor breach, SLA failures, privacy issues, decrease in service features or functionality, chronic issues, and, if possible, for convenience); with rights to pro-rata refund, if possible.  
Renewal Read more here Auto-renewals for reduced churn.Auto-renewal may be acceptable, but only with reasonable opt out dates for customer to avoid paying for an unwanted renewal term. (See Notice Periods below).
Notice PeriodsPreferred length of notice periods will vary.

Short notice periods (5-10 days) for things like your notice to customer for non-payment; and longer notice requirements for others such as customer’s notice to you (e.g., 60-90 days prior) to opt out of auto renewal.  
Preferred length of notice periods and timelines also varies.

Shorter notice requirements for things relating to customer rights. Longer notice periods for any provisions giving the vendor a right to pursue remedies against customer.
InsuranceVendor insurance requirements match scope of vendor’s current policies and would not require to you obtain incremental or custom insurance for this transaction.Vendor insured for general liability, errors & omissions/professional liability, cyber liability, and workmen’s comp. Plus, an umbrella policy and other applicable coverage based on circumstances (car, shipping, air, etc.).  
PublicityRight to use customer’s name, and possibly logo, in vendor marketing, or at least in list of customers.Right to approve any use of customer name or logos, including prior approval of use in lists of clients.  
AssignmentVendor assignment rights only; customer cannot assign.Mutual restriction of assignment, with a mutual  exception for M&A activity or reorganizations.  
OtherIf asked to sign customer template contract, review for non-standard terms such as:
·   Custom SLAs
·   Unreasonable reps and warranties
·   Excessive data security requirements  
If asked to sign vendor template contract, review for non-standard terms to avoid, such as:
·  Exclusivity – read more
·  Non-solicitation clauses – read more
·  Liens and security interests
·  Anything else unusual or non-standard.  

If you would like assistance with a SaaS agreement or other commercial contract, please reach out to Brian Heller at (202) 365-3940 or [email protected].

Brian Heller is a Member of Outside GC’s Washington D.C.-based team, and is an experienced technology and deal attorney, specializing in SaaS licensing, digital and social media, online advertising, mobile apps, cloud services, terms of use, data use and protection, content licensing and other technology deals. Brian has represented both vendors and customers and uses this experience to present reasonable positions on behalf of his clients. Brian can be reached at [email protected].

This publication should not be construed as legal advice or a legal opinion on any specific facts or circumstances not an offer to represent you. It is not intended to create, and receipt does not constitute, an attorney-client relationship. The contents are intended for general informational purposes only, and you are urged to consult your attorney concerning any particular situation and any specific legal questions you may have. Pursuant to applicable rules of professional conduct, portions of this publication may constitute Attorney Advertising.

Subscribe to Our Blog