For companies taking their first steps to build a business delivering services from the cloud, getting smart, protective legal terms in place between themselves and their customers can be challenging. Established companies that are new to the software-as-a-service (SaaS) model may struggle to reorient legal strategies developed for their other, more familiar product types. Emerging companies, even those whose businesses have been SaaS-centric from conception, may still be scaling up their legal teams and only beginning to shift their legal focus from typical start-up concerns like organizational structure and equity sharing to the operational complexities of shipping digital product. For most new SaaS providers, getting fully up to speed on best contracting practices will take time and some amount of trial and error. That said, there are some common contracting mistakes that SaaS providers should avoid to minimize the risk and maximize the value in their customer relationships. This article describes some of the most common.
MAKING TERMINATION TOO EASY.
Customers often request a right to terminate a SaaS agreement for convenience, and SaaS providers may not consider the potential consequences when agreeing to this request. Some inexperienced SaaS providers will even include a termination-for-convenience provision in their own template agreements simply because that sort of provision is common in their other commercial contracts. However, especially for SaaS products that require a significant amount of work to implement or in situations where a SaaS provider will incur other up-front costs, if a customer is allowed to terminate the agreement at any time, the SaaS provider will likely lose money on the transaction because customers need to pay subscription fees for some minimum period just for the SaaS provider to break even.
While providers might therefore prefer to not include any sort of termination for convenience, customers are not always willing to enter into contracts they can’t terminate. The compromises we recommend in those situations include: (a) allowing a termination-for-convenience right, but only after some initial term that, at a minimum, would give the SaaS provider enough time to recoup its initial costs in providing the service, (b) allowing a termination for convenience at any time but only if the subscription fee for the initial term is paid up-front and is non-refundable, or (c) allowing a termination for convenience but only with some predetermined termination fee or buyout fee, which again would ensure that the SaaS provider was able to recoup its up-front costs in providing the service.
FAILING TO CONSIDER PRIVACY AND SECURITY ISSUES.
The legal landscape applicable to SaaS providers is changing rapidly, especially as it applies to personally identifiable information. Some SaaS providers assume that since they don’t do business in Europe or aren’t located in California, they don’t need to worry about the various global privacy laws. What these providers don’t realize is that, given the global nature of the Internet, SaaS providers can be subject to international data privacy laws regardless of where they are physically located. Others may think they are in the clear because they don’t collect personal information of a sensitive nature, not realizing that the scope of most privacy laws is so broad that they cover nearly any information that relates to an individual. Given the number of such laws, complying with them can be challenging. In the US alone, there are hundreds of laws that regulate the privacy of personal information. That includes the laws of the five states that have adopted comprehensive privacy laws as well as the numerous sector specific laws such as HIPAA, Gramm-Leach-Bliley, the Fair Credit Reporting Act, the Children’s Online Privacy Protection Act and others.
We recommend that each of our SaaS provider clients undergo a data-mapping exercise to help them understand what personal data they collect, how that data is used, and with whom that data is shared. Once providers have that understanding, they can more accurately create the necessary privacy policies and data-protection agreements.
CONFUSING PROFESSIONAL SERVICES WITH SAAS.
Many agreements covering SaaS and other cloud-based services include the word “services” in the title. The word “services”, however, can also be used to describe a variety of other services, including support services, consulting services, development services and other professional services. This can be a problem for SaaS providers and their customers who, in an effort to save money, will go to the Internet to choose a template services agreement to cover their SaaS offering but will unknowingly select a template that has nothing to do with SaaS services. Alternatively, a SaaS provider may be dealing with an inexperienced customer who insists that the SaaS provider use the customer’s services agreement. Either way, using a template that was not designed for SaaS services can create problems. The biggest issue may be with the intellectual property provisions. Often, a professional services agreement will assign intellectual property rights to the recipient of the services while a SaaS agreement should include language to clarify that all intellectual property rights in the SaaS service are retained by the provider. Another common difference has to do with subcontracting or data-sharing. A professional services agreement will often preclude subcontracting or the sharing of data without the consent of the service recipient, while a SaaS agreement should contemplate that some aspects of the service, like the hosting of the service, will involve subcontractors or other hosting-service providers.
Our recommendation here is obvious: SaaS providers and their customers need to be careful to ensure that they are using an agreement that includes provisions that are appropriate for the services being provided.
FAILING TO EXERCISE APPROPRIATE CARE IN DRAFTING THE LICENSE GRANT SECTION.
We recommend that providers pay careful attention to the license grant provision to ensure that the scope of that provision is limited to appropriate users. If the scope appropriately includes third parties such as affiliates, vendors, subcontractors or consultants, the license grant language should also ensure that those third parties are also subject to appropriate terms and other restrictions on use.
FAILING TO INCLUDE A SUSPENSION RIGHT.
As in any business, sometimes things don’t go according to plan in a SaaS provider’s customer relationships. Some customers may miss a payment, introduce a security risk or otherwise breach an agreement. Typically, a SaaS agreement will give the parties a right to terminate for breach, but sometimes that is too drastic of a remedy and a SaaS provider just needs the ability to suspend the service for a short time in order to correct an issue. From the provider’s perspective, a good SaaS agreement will include a suspension-of-services right that will allow the provider the ability to suspend the service for a short period in order to address issues such as a customer’s failure to pay, security risks introduced by a customer, or other customer breaches of the agreement. Ideally, the provider should also be able to suspend services in the event of a cessation of the customer’s business or if any of the SaaS provider’s vendors have suspended or discontinued providing services to the SaaS provider.
ASSUMING A SAAS AGREEMENT COVERS THE ENTIRE RELATIONSHIP.
Companies that are new to the SaaS industry will often look to the Internet or to their competitors to find their first SaaS template agreement. Depending on the provider’s product offering and the agreement they use, this can be a good starting point. However, what these SaaS providers often do not realize is that a SaaS agreement may only cover a part of their business arrangement with a customer. In addition to a SaaS agreement, providers may also need a separate contact (or additional language added to their SaaS agreement) to cover things like implementation services, support services, privacy and security issues (which are often covered in a data-processing agreement or a business associate agreement), a service-level agreement, or other issues. We recommend that SaaS providers carefully think through their entire product and service offering and then review the contracts they are using to ensure that they cover every aspect of the arrangement.
INSISTING ON UNREASONABLE TERMS.
Often, in an effort to protect their business, new SaaS companies can be tempted to propose agreements and terms that are aggressive and one-sided. However, those types of agreement can lead to excessive and drawn-out negotiations with customers that can be expensive and slow down the sales cycle. Instead, SaaS providers should strive to strike a reasonable middle ground by adopting standard terms that protect their businesses without being overly one-sided. Smart SaaS providers will evolve their contracts as their products and businesses mature. They will see what provisions create concern among their customers and will look to revise those provisions to make them more acceptable. Being able to streamline and shortcut the negotiation process can be a significant help to a company’s sales efforts.
There are, of course, many other mistakes that can occur and issues that will arise. We have found that a small investment in making sure a SaaS provider has good templates from the beginning can pay huge dividends over the life of a company.