Putting the Pieces (Terms) of a SaaS Contract Together
A software-as-a-service (SaaS) contract is inherently a hybrid of traditional software licensing and services terms. The term Sheet, while not legally binding, is an outline of services proposed by the software vendor. The Terms and Conditions provide a general framework for the relationship, including obligations regarding fees, licenses, warranties and confidentiality. Schedules/Attachments/Exhibits include specific information about service(s), support and pricing and are often incorporated by reference into the Terms and Conditions.
The basics of a SaaS contract are similar to the following components of a software licensing agreement:
Paid By? How, When and How Much?
Length of Agreement. SaaS contracts vary in their terms, especially regarding the initial term and renewal terms. The standard seems to be an initial term of one year, with renewal terms ranging from one year to three years . Termination is generally based upon a party’s failure to comply with a material aspect of the terms of the contract. Many SaaS contracts also provide for an "out" where an SaaS vendor can terminate the contract if it stops developing a service or no longer has the rights to the service (often resulting from a third-party acquisition of the vendor).
When You Have a Claim. A claim is usually defined as any dispute or claim arising out of, or relating to, interpretations or the performance of the agreement. A typical notice of claims provision includes timely written notification of a claim within a certain number of days. A mediation process is often used to facilitate problem-solving. If the parties are unable to resolve the issue, an arbitration process is set forth that often includes a limitation on damages. In these provisions, the venue is often the home state of the SaaS vendor and controlling law is often the laws of the home state.
Negotiating Points of a SaaS Contract
There are several key contractual terms that are key to successful contract negotiation and can ultimately have a significant impact on the overall value of the agreement. When negotiating, these terms should be viewed as the levers to drive meaningful business and legal value. The following are a few of the key terms to consider:
Pricing Model. While a subscription model has become the standard for SaaS agreements, the parties will need to determine the appropriate pricing model for a given situation. For example, will the price be based on usage, annual license fees based on the number of users or some other factors? The parties should also determine whether there will be any limits on the client’s use and the allocation of fees based on the volume of data storage and transfer. In addition, parties should agree on the invoicing dates and payment terms.
Term and Termination. The parties must establish an appropriate term for the SaaS Agreement and the commencement date. Similarly, the parties must also determine the appropriate renewal terms for the SaaS Agreement. For example, if the Agreement contains initial and renewal terms, should the initial term be for a year and the renewal for a period of 90 days? Another consideration is whether the SaaS Agreement should include an automatic renewal (for example, the SaaS Agreement automatically renews for one additional year unless either party provides at least thirty days’ notice of its intention not to renew).
Indemnification. Indemnification is another major area of negotiation in a SaaS agreement. For example, should the indemnitor indemnify, hold harmless, and defend the indemnitee from and against any losses, damages, costs, and expenses suffered or incurred (including reasonable attorneys’ fees and costs) arising out of, but not limited to, any third-party actions, suits, proceedings, or claims (each a "Claim") based upon (i) the breach of the indemnifying party’s obligations under the agreement; (ii) a Claim that the deliverables infringe or misappropriate a third-party’s patent, copyright or trade secret rights; or (iii) any negligence, gross negligence, misrepresentation, or misconduct of the indemnifying party?
Data Ownership. What rights do the parties have to use the data during the term of the agreement or upon termination of the agreement? Should the agreement contain restrictions with respect to the Client deleting data upon termination of the SaaS Agreement? Will usage of the data be permitted by the SaaS provider? For example, if the Client’s data is used to make statistical inferences on other customers of the SaaS provider, should the Client receive some benefit from this use?
These are just a few of the key contractual terms to consider during SaaS contract negotiations.
Pricing and Payment Terms
Determining a fair pricing model is one of the most challenging aspects of negotiating a SaaS contract. This is largely because the vast majority of SaaS services are predicated on a monthly or annual subscription within which the pricing is subject to change and is based on a number of factors that may be unknown at the time a deal is negotiated, including: the market demand, rate of growth (in terms of users, number of products/services offered, revenue and the type of customers the current user base represents) and competitive market analysis. So how can you determine a fair pricing model?
It all starts with identifying the factors to apply in determining a fair and equitable pricing model for both the SaaS provider and the customer. You will want to identify factors such as: Once you have a general pricing model identified you will have a rough idea of what that pricing will be over the term of the license or subscription. Now it’s time put your negotiator’s hat on and negotiate from there. The good news regarding SaaS agreements (and other software contracts) is the pricing is typically tiered based on usage. It’s easiest to start with the middle tier of the pricing model to find out how far the SaaS provider is willing to move up or down on price from there. For example, if the pricing tiers are as follows: Then you can determine whether the high or low end of the pricing model is more applicable to the company you are negotiating with. Let’s say you determine that the first pricing tier is the best for your expectations of company growth, you can then negotiate the pricing to reflect the number of users and understand from the SaaS provider exactly the rate of growth they are expecting. If your expectations fall between the middle and high end of the pricing model, you can more easily negotiate from the middle. This is typically the easiest way to determine value as you are looking to determine the upper and/or lower breakout rates. Additionally, the SaaS provider is in the best position to identify the rate of growth they are anticipating.
Another big hook for SaaS companies is payment flexibility – offering annual versus monthly payments with an auto-cancellation provision. Although it sounds like only a benefit for the SaaS provider, this really does protect both parties. From a SaaS provider’s position, you receive the entire annual fee upfront or the right to terminate for non-payment of the next monthly fee. If you only charge monthly the concern is cash flow and the SaaS provider’s ability to terminate the contract on a month-to-month basis at the end of the trial period or after thirty (30) days’ notice. From a customer’s perspective it ensures that if a SaaS provider is offering services at a discounted annual rate up front, they have an incentive to provide those services to maximize their profits for twelve (12) months versus three (3) months. In other words, you may essentially be giving them thirteen (13) months of service, but you will receive a higher return on your investment. Additionally, if you only offer monthly pricing and a customer wishes to have the option of cancellation without notice, you are setting yourself up to have to provide a complete refund for the upcoming month. Although these scenarios may not occur, they do illustrate the potential challenges with monthly subscriptions without the option for cancellation.
Data Security and Privacy Implications
Data security and vendor privacy are two other areas that rank high on the list of must-negotiate items within a subscription (SaaS) contract. SaaS vendors can be particularly susceptible to data breaches, which typically entail privacy violations as well, and a company can face liability if it does not have strong contractual protections in place to protect its data and/or the data of its customers, clients, employees, shareholders or partners.
Standard in many SaaS contracts are repeated assurances about data protection, certifications of compliance with data protection regulations or standards, detailed processes for notifying customers of data breaches and for investigating or remediating data breaches, and indemnification provisions for data breaches, security breaches and regulatory fines.
SaaS companies concerned about data security and privacy should be familiar with some of the data security and privacy regulations that apply in Europe and the US. The evolving EU General Data Privacy Regulation (GDPR) generally requires companies collecting and processing personal data of EU-based customers to safeguard that data, and imposes steep fines for non-compliance – 4% of annual worldwide revenue and penalties up to approximately $25,000,000 (USD), whichever is higher. There are also statutes such as the EU Cybersecurity Act and CISA, as well as the California Consumer Privacy Act (CCPA) and various state-level data breach notification laws, that impose high stakes for non-compliance.
Service Levels and Warranties
If your organization decides to purchase a SaaS solution that’s critical to business operations, it’s essential for you to define performance standards in an SLA. The majority of SaaS providers will include an SLA in their standard form agreement, but larger organizations often have the leverage to negotiate these terms to their advantage. SLAs are also sometimes referred to as Performance Metrics or Schedules. SLAs help set expectations for quality of service, support, delivery, uptime, and performance. SLAs can be critical to achieving value from your SaaS implementation, so this section should be reviewed, vetted, and negotiated if necessary. While many industry standards exist for measuring key performance factors such as uptime, the details of those standards should be explicitly called out in your proposed agreement.
SLA consideration should include: Warranties describe the obligations and responsibilities of vendors to deliver the services promised. They typically provide certain guarantees that certain results and performance will be delivered . Warranties also typically include disclaimers so that the service provider does not guarantee that all problems and issues will be fixed if requested. There are limits on the warranties, typically based on statutory time limits in various states. Warranties don’t mean that no problems will occur during the implementation, but they can push the vendor to resolve them. It’s also important to note the use of "Warranty Disclaimer" provisions that appear throughout all SaaS contracts. These provisions attempt to exclude all implied warranties beyond those provided in the agreement. If an item is not specifically included in the agreement there is a potential of being liable for unintended consequences. SaaS providers generally disclaim all warranties (other than those expressly set forth in the agreement) and provide that they assume no liability for warranties except to the extent provided in the agreement. These provisions should be closely examined to understand your risk.
Termination and Transition Terms
With a SaaS product, your SaaS vendor is providing you with a service so you need to determine when and how termination will occur. There should be provisions in the contract that grant you the right to terminate for failure to meet contractual obligations. Clarify what happens upon termination or expiration of the agreement. When does the arrangement end? At the end of the term or upon some other date specified in the contract? Will you have to renew or sign a new contract to continue using the service? For some websites, if they don’t collect payments from you, their service is terminated after one year, but they still have your data. It’s a good idea to have some flexibility built in for your exit strategy.
In addition to determining the end of the arrangement, you need to think about your next steps. If the vendor goes out of business and if they haven’t built in a way for you to migrate to another vendor, it may hold you hostage as you try to extract your data from its server and import it into the server of your new vendor. You may need to negotiate a period of co-hosting. For example, the vendor might host your service free-of-charge for X months after termination, plus provide you with certain assistance in exporting your data to your new vendor’s cloud.
Common Terms To Negotiate Around
The primary reason most companies fail in negotiating SaaS contracts can be boiled down to two things: (1) a lack of strategy and (2) a lack of experience. Here are some of the most common mistakes we see companies make when negotiating SaaS contracts.
Waiting to Negotiate Until After Contracts are Signed
The vast majority of SaaS vendors simply refuse to negotiate contracts after they have been signed. This policy can create significant obstacles to your business down the line. Many SaaS vendors will market to new customers using terms and conditions that favor the vendor. But once your company gets past the customer onboarding process, vendors are often willing to negotiate over contract terms. However, once it turns out that your company has contracted with the client using "adhesion" contracts to bestow benefits on themselves, the company will be less willing to offer amendments. The employee most likely to talk to the vendor about a contract amendment is not in the position of power necessary to convince the vendor to change its contract terms.
Not Having Forward-Looking Standards for Assessing SaaS Contracts
It is important to set a company-wide standard as to which SaaS contracts the company should sign. Your company should have an internal policy for assessing the importance of the data that your company would potentially give to a vendor. For example, companies that store sensitive personal data (like social security numbers) or confidential health data (like HIPAA data) should have a very high standard for assessing a SaaS vendor’s security practices. In contrast, companies that merely store encrypted business data or non-sensitive health data may have much lower standards.
In this way, implementing a company-wide standard for assessing SaaS contracts can save valuable resources for a company. This is especially important for resource-constraints companies that cannot afford to spend hours negotiating every term and condition of a proposed contract.
Hoarding the Power
Some companies go to great lengths to ensure that their employees can only view the company’s contracts and contract templates in a supervisory role. This practice can reduce the amount of time that employees spend going through legacy contracts, and minimize the chances that employees will make mistakes when drafting a company’s contracts. However, this practice also has the clear drawback of reducing the company’s capacity to negotiate new contracts, because the knowledge of the company’s deal structure, bargaining chips, and strategy to go back to a previous client all reside solely in one individual.
In effect, this makes the company hostage to the knowledge of one employee. If that employee leaves the company, it may be difficult, if not impossible, to reconstruct the company’s previous negotiations with clients.
Using an Attorney in Negotiations
Having legal counsel involved in the negotiation process can help ensure that the parties understand the terms and conditions of the agreement before ever being signed and avoid costly mistakes of not knowing what you are giving up (or getting). Companies here in the United States are going through significant changes with respect to the protection of its citizens’ privacy online and offline. Attorneys that practice privacy law will help to ensure that the agreement is compliant with the new laws that come into effect. Throughout 2018, the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) make it necessary to have legal counsel review how you are using an individual’s private information and advise your company on how to comply with the new laws . A company’s privacy policy should comply with the terms of the SaaS agreement, but in many situations, the SaaS provider’s terms requires a company to consent to changes in the policy. Having legal counsel review the agreement, compliance requirements, and the privacy policy will help protect your company from possible litigation brought by your customers for failing to abide by your policies.
Other benefits include, but are not limited to:
Having legal counsel involved in the negotiation and review of the SaaS contract protects your company and protects your customers’ information, which in turn protects your company’s reputation.