5 Key Pointers required in a SaaS Agreement

In the previous article on Software as a Service (“SaaS”) Products, we understood the meaning of SaaS Products and how SaaS Agreements are different from End User License Agreements. In this blog, we will discuss the key points that should be included in any Software as a Service (SaaS) Agreement.

1. Software Subscription Model and Rights of Users:

The SaaS agreement is a software service provided over the internet. The agreement should define the scope of services accessible to the user and should specify how the SaaS product shall be accessible to the users. Such clauses should enlist all major restrictions that the users shall be subjected to and should also highlight the fact that the SaaS product shall be used only by the users and the authorized personnel appointed by such users.The Agreement should also provide for maintenance and support services that shall be provided by the service provider, and the agreement should provide that the users shall be eligible to receive all software updates and upgrades.

2. Intellectual Property Rights (“IPR”): 

The SaaS service provider should retain ownership of all IPR in the software, technology, and services it provides. The SaaS customer should retain ownership of all IPR in the data transmitted by it to the service provider during provision of services. The agreement should specifically mention that all the source code remains owned by the SaaS service provider.  The SaaS customers should also grant the SaaS service provider the right to use their testimonials for the duration of the SaaS agreement, for which purpose, the service provider may display the customer’s logos and other copyrighted information on its platform.

3. Subscription Plan, Model, and Pricing Clause:

The agreement should provide what exactly the subscription plan includes and how the provider will provide the services. The agreement should clearly specify regarding pricing, how and when the detailed costs would be charged. As SaaS agreements typically practice a subscription model, customers shall pay the provider on a regular basis for continued use of the service.

There are several pricing models, viz:

  • Flat-rate pricing, wherein the customers may avail a single product, a single set of features, and at a single price.
  • Usage-based pricing, which is a pay-as-you-go model
  • Tiered pricing, wherein the customers may avail multiple “packages,” with different combinations of the features provided at different price points
  • Per-user pricing, wherein a single user pays a fixed monthly price; if another user is added, the price doubles, and so on
  • Per-active-user pricing, wherein it does not matter how many users are registered, only those who actually use the platform will be charged.

4. Data Security Provisions

The degree to which any particular data security provision, laid down in a SaaS agreement, is appropriate or realistic depends on the specific type of information to which it applies, the definition of “data security incident,” the specific obligations that arise in the event of a data security breach. SaaS agreements should include a privacy policy that details how the provider is using the customer’s data, including the information it collects and shares internally or with third parties. This section shall also include information on data encryption, how data is backed up, and the provider’s roles and responsibilities in the event of a data breach or a security issue. Data security terms should also cover systems, procedures, and consequences relating to data breaches by way of a commitment to data protection through the service provider.

In India, Rule 4 of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 requires every body corporate which collects, receives, possess, stores, deals or handle information of provider of information, to provide a privacy policy for handling of or dealing in personal information including sensitive personal data or information and to also ensure that the same are available for view by such users who has provided such information under lawful contract.

The policy shall be published on website of body corporate or any person on its behalf and shall provide for:

  • Clear and easily accessible statements of its practices and policies; 
  • type of personal or sensitive personal data or information collected under Rule 3 of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011;
  • purpose of collection and usage of such information; 
  • disclosure of information including sensitive personal data or information as provided in Rule 6 of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011; 
  • reasonable security practices and procedures as provided under Rule 8 of Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.

5. Limitation of Liability and Indemnification Clause

SaaS agreements should include a limitation of liability clause that limits the liability of the service provider in the event of damages or losses incurred by the customer. Indemnity provisions, which usually accompany provisions relating to limitation of liability, are a contractual promise by one party to compensate and/or defend the other party from the risk of harm, liability or loss.The agreement should also include an indemnity clause that requires the customer to indemnify the service provider for any losses or damages resulting from the customer’s use of the service. In SaaS agreements, the Indemnity clause shall apply in case of claims, damages, liabilities, costs and expenses, including reasonable attorneys’ fees, arising out of:

  • any breach of representation and warranties by the other party;
  • an act of gross negligence, fraud or for infringement of IPR by the other party.

In conclusion, SaaS agreements are crucial for establishing a relationship between a service provider and a customer. It is essential to ensure that all these key points are included in any SaaS agreement to avoid any future legal disputes and to establish a strong business relationship. plan, model and pricing clause, and data security provisions. These clauses help protect both the provider and the customer and ensure that the SaaS product is used legally and securely.

 

About the Author
Treelife

Treelife provides legal and financial support to startups, small business, companies and entrepreneurs with access to a team of professionals.

We Are Problem Solvers. And Take Accountability.

Related Posts

Quick Commerce in India: Disruption, Challenges, and Regulatory Crossroad
Quick Commerce in India: Disruption, Challenges, and Regulatory Crossroad

Blog Content Overview1 How does Quick Commerce work?2 Impact of…

Learn MoreLearn More
“JioHotstar” – An enterprising case of Cybersquatting
“JioHotstar” – An enterprising case of Cybersquatting

Blog Content Overview1 Introduction2 Timeline3 Legal Backdrop: Intellectual Property Rights4…

Learn MoreLearn More
Treelife featured and authored a chapter in a report, “Funds in GIFT City- Scaling New Heights” by Eleveight
Treelife featured and authored a chapter in a report, “Funds in GIFT City- Scaling New Heights” by Eleveight

Related posts: Government Policies Lead Indian Startups to Thrive Demystifying…

Learn MoreLearn More