Many, if not all, businesses need to utilize software in order to function. The software might take the form of an inventory ordering system, a payment processing system, or a smartphone app for the company. Software is everywhere and it is rapidly moving to cloud based platforms, but rarely is a company capable of developing its own cloud-based software applications in-house. Normally, a company must rely on someone else to develop or supply the software that the business uses in its day-to-day operations.
What is Software as a Service?
Software as a service (also known as SaaS), are software products that are available to users via the internet and many businesses use SaaS to help run their companies smoothly. Businesses get the software that they need by licensing it via SaaS agreements. This is a contract between the software provider and the software user that lays out the terms of use of the software. What is unique about SaaS is that the software is accessed over the internet, i.e., the user never obtains a copy of the software. Rather, the SaaS agreement grants the user access to the software.
Through a SaaS agreement, the user gets access to software applications and data storage that is in the cloud for a limited amount of time. This means that the provider houses the servers, owns the software and stores and/or processes the data for the user per the terms of the agreement.
Why You Need a Lawyer to Help Review SaaS Agreements
SaaS agreements are often complicated, dense and difficult to read because they are packed full of technical terms, legal jargon, as well as software and computer lingo. These unique agreements need to be reviewed by a qualified lawyer to ensure that your are getting terms that are fair and reasonable.
It will be important for you as a business owner to understand your rights and obligations under the SaaS agreement, such as:
Contact an Experienced New York Business Lawyer
SaaS agreements are an important part of doing business when a company uses the cloud. Having an experienced and qualified business lawyer review your SaaS agreement can ensure that your rights are protected. The professionals at Revision Legal have helped countless businesses develop and enter into SaaS agreements and we can help you too. Contact us using the form on this page or call us at 855-473-8474.
SaaS agreements are not one-size-fits-all contracts. The terms that matter most depend on whether you are the SaaS provider or the customer, what kind of data you are handling, and what the business consequences are if the software is unavailable. Here are the provisions that receive the most attention in negotiations—and the ones that are most likely to create problems if they are not addressed carefully.
A service level agreement (SLA) defines the performance standard the provider commits to meet and the remedies available if it fails. “99.9% uptime” sounds impressive until you calculate that it allows 8.7 hours of downtime per year. “99.99% uptime” allows approximately 52 minutes. The specific calculation methodology—whether scheduled maintenance counts as downtime, how downtime is measured, and whether “monthly” or “annual” calculations apply—can dramatically affect what the SLA actually provides.
The remedies for SLA failure are equally important. Most SaaS providers offer service credits—a reduction in future invoices—rather than actual damages for downtime. If your business suffers $100,000 in losses because a critical SaaS platform was unavailable during a peak business period, a credit of $500 off next month’s invoice does not make you whole. Review the SLA remedies carefully and consider negotiating for more meaningful breach remedies if the software is critical to your operations.
One of the most significant provisions in any SaaS agreement is the data ownership clause—and most SaaS agreements are silent on it or ambiguous in ways that favor the provider. As a customer, you should ensure that your agreement explicitly states: (1) all data you upload or generate through the platform remains your property; (2) the provider has no right to use your data for any purpose other than delivering the contracted services; (3) you can export your data in a usable, industry-standard format at any time during the contract; and (4) upon termination, the provider must deliver all of your data to you within a specified period and then certify its deletion from provider systems.
Without these protections, you may find yourself locked into a SaaS relationship by the practical difficulty of extracting your own data—a situation called “data hostage.” Some providers intentionally make data export difficult to reduce customer churn. A well-drafted agreement that guarantees data portability gives you the leverage to switch providers if the relationship deteriorates.
When you store customer or employee data through a SaaS platform, you remain legally responsible for the security of that data under applicable privacy laws—including GDPR, CCPA, HIPAA if applicable, and state breach notification statutes. The SaaS provider is typically a “data processor” or “service provider” under these frameworks, and your agreement with them must include a data processing agreement (DPA) or business associate agreement (BAA) that establishes their security obligations and your rights to audit their compliance.
At minimum, your SaaS vendor contract should require the provider to: (1) implement and maintain security measures meeting or exceeding industry standards; (2) notify you of any security breach affecting your data within a specific timeframe (typically 24–72 hours); (3) cooperate with your breach investigation and notification obligations; and (4) indemnify you for losses arising from their security failures. Providers often push back on indemnification—this is one of the most heavily negotiated terms in enterprise SaaS agreements.
Many SaaS agreements contain provisions addressing intellectual property ownership of customizations, integrations, and configurations that the customer develops. In a default posture, many agreements assign ownership of customer-developed improvements to the provider. Negotiate to ensure that any work product your company creates in connection with the platform—custom integrations, data models, workflows—remains your property. This is particularly important for businesses with significant technical development capabilities that may build substantial value on top of a SaaS platform.
The agreement should also address what happens to your intellectual property if the SaaS provider is acquired. An acquirer may have different business interests, pricing strategies, or competitive relationships with your company. Consider negotiating a change of control provision that gives you termination rights if the provider is acquired by a competitor.
Every SaaS agreement will eventually end—by expiration, mutual agreement, or cause. The termination provisions determine how much risk you are accepting. Key questions: How long is the notice period required to terminate for convenience? What constitutes a material breach that permits termination for cause? Does the provider have termination-for-convenience rights that could leave your business stranded? Is there an escrow arrangement for source code in the event the provider ceases operations?
Building a transition plan into your vendor management process—including maintaining data exports, documenting configurations, and identifying alternative providers—reduces the business risk of a sudden or adversarial termination. Contact the business law attorneys at Revision Legal to review your SaaS agreements before you sign. Reach out today.
Telemedicine platforms need carefully drafted terms of service to address patient consent, liability, and regulatory compliance. Here’s what telehealth terms of service must cover.
Read more about Telemedicine Terms of Service Agreements
Non-compete agreements protect businesses from losing clients and trade secrets to departing employees. Here’s why non-competes matter and how to draft enforceable restrictions.
Read more about Non-Compete Agreements and Their Importance
An EULA protects mobile app developers from liability and sets the legal terms for app use. Here’s what every mobile application end user license agreement must include.
Read more about Every Mobile App Needs an End User License Agreement