Partner
Companies that provide Software-as-a-Service (“SaaS”) are engaged in a legally complex business where getting the details right is crucial to success. Getting the legal details right the FIRST TIME is just as important. To accomplish this, SaaS companies need to retain attorneys with deep knowledge of SasS business models and agreements. In this article, we will briefly discuss two of the most important requirements for SaaS service agreements and touch on a few others. The goal of crafting a good SaaS service agreement is to avoid legal pitfalls and to minimize the chances of contractual disputes.
Defining the service and what is not being provided
In our experience as SaaS contract attorneys, disputes over SaaS service agreements between providers and customers often flow from the customer’s mistaken understanding of the breadth of what is being provided. To avoid this, it is important to delineate and detail the service that is being provided AND to specify what is NOT being provided. Always, a SaaS service agreement will provide the customer with access to the applicable software application(s), updates and user support. But what about storage, back-up and security? If these aspects of the SaaS are not being provided, the service agreement must make that clear to avoid contract disputes. Indeed, specifying such matters is additionally useful since some customers may be concerned with the privacy and confidentiality of their data and, therefore, do not want storage or back-up.
SaaS contract requirement concerning data and information
This brings us to the next issue that is often a source of intense negotiation and disputes between providers and customers: contractual constraints on data/information use. We have already mentioned questions with respect to data storage, back-up and security. Other issues include:
Both the SaaS provider and the customer will need to have all of these issues fully negotiated and understood. The SaaS provider, for example, is just as legally liable to protect the privacy and security of consumer data as the company that is using the SaaS products.
Other SaaS contract legal issues
In addition to these two most important provisions in an SaaS service agreement, here are a number of other key provisions to be negotiated:
Contact SaaS Law Firm Revision Legal
For more information, contact a top-tier SaaS attorney at Revision Legal at 231-714-0100. We are an SaaS law firm with deep knowledge of SasS business models and agreements. We can help with SaaS service agreements, SaaS developer, employment and contractor agreements and can provide legal services for protecting inventions, trade secrets and other IP. We also provide a full range of litigation services.
Among the most commercially important provisions in any SaaS agreement are the limitation of liability and indemnification clauses. These provisions directly allocate financial risk between the provider and the customer in the event something goes wrong. A well-drafted limitation of liability clause will cap the provider’s total aggregate liability to the customer — typically at the amount paid by the customer to the provider in the preceding 12 months — and will exclude consequential, incidental, punitive, and indirect damages entirely. Without these caps, a SaaS provider could face catastrophic liability exposure if its platform experiences downtime or a data breach that causes the customer to lose significant revenue.
The indemnification clause specifies which party will bear the cost of third-party claims. Standard SaaS agreements include mutual indemnification obligations. The provider indemnifies the customer against third-party claims that the SaaS platform itself infringes a third-party’s intellectual property rights. The customer indemnifies the provider against claims arising from the customer’s use of the platform, the data the customer loads into the platform, and the customer’s violation of law or the terms of service. Indemnification obligations — particularly the IP indemnification from the provider — are heavily negotiated in enterprise SaaS deals and can significantly affect the commercial risk allocation.
SaaS customers that depend on a platform for business-critical operations will insist on a Service Level Agreement (SLA) defining the provider’s uptime commitments and the remedies available when those commitments are not met. Uptime commitments are typically expressed as a percentage of time during which the service is available (e.g., 99.9% uptime). Calculating what that means in practice is important: 99.9% uptime allows approximately 8.7 hours of downtime per year; 99.99% uptime allows approximately 52 minutes per year. Customers in industries where downtime is extremely costly — financial services, healthcare, e-commerce — should negotiate for the highest feasible uptime commitment.
SLAs must also specify remedies for SLA violations. Typical remedies include service credits — account credits applied to future invoices — calculated as a percentage of monthly fees proportional to the duration and severity of the outage. Critically, service credits are not cash remedies and do not compensate for actual business losses caused by downtime. Customers with significant downtime risk exposure should negotiate for meaningful credit percentages (up to 100% of monthly fees for severe outages) and should ensure the SLA’s exclusions and carve-outs do not swallow the guarantee entirely.
SaaS agreements must clearly address IP ownership in two critical areas. First, the agreement must confirm that the provider retains all rights in the SaaS platform, underlying software, and any improvements or modifications — even if developed in response to customer requests or feedback. Without this clause, a customer that contributed to the development of a feature might assert an IP ownership interest in the resulting software. Second, the agreement must confirm that the customer retains all rights in its data and content loaded into the platform. The provider should have a limited license to use the customer’s data solely for the purpose of providing the contracted services — not for product development, not for training AI systems, and not for sharing with third parties without consent.
These IP provisions intersect with data privacy and security obligations. If the agreement permits the provider to use de-identified or aggregated customer data for analytics or benchmarking, those permissions must be clearly defined and limited. Particularly in light of the CCPA/CPRA and other state privacy laws, SaaS agreements must carefully delineate what the provider may do with data received from a business customer and its end users.
At Revision Legal, our SaaS contract attorneys have extensive experience drafting and negotiating SaaS service agreements for both providers and customers. Contact us to ensure your SaaS agreement protects your interests.
Artificial intelligence has become part of nearly every business operation. Businesses now use AI tools to write marketing copy, generate product images, compose emails, draft social media posts, and produce video and audio content at a scale that was not possible a few years ago. The efficiency gains are real. But so are the legal […]
Read more about The Risks of Using AI-Generated Content in Your Business
Receiving a cease and desist letter can feel alarming. One minute you are running your business as usual, and the next you are staring at a legal demand accusing you of trademark infringement, copyright violation, breach of contract, or some other wrong. The situation can escalate quickly if not handled properly. But receiving a cease […]
Read more about How to Respond to a Cease and Desist Letter
Learn what counts as deceptive pricing in e-commerce, including false discounts, hidden fees, drip pricing, and fake urgency. Revision Legal’s internet law attorneys help online retailers stay compliant with FTC rules.
Read more about What Counts as Deceptive Pricing in E-Commerce?