Reviewing SaaS Agreements – 6 Key Issues to Consider
27 July 2018
At Lighthouse Law, we have watched Software-As-A-Service (“SaaS”) terms evolve in the market place over the last five years.
We are still learning but we’ve noticed a few things to look out for. Here are six of them:
Hyperlinks to Online Terms and Conditions and Policies (e.g. Acceptable Use Policy)
Suspension Rights
No Liability for Loss of Actual Data
Uncapped liability for the customer coupled with wide indemnities for losses caused by the customer
Sole and exclusive remedies
No meaningful service level or service level remedies
SaaS continues to grow with ease of use and friendly subscription-based pricing models being obvious benefits. While this form of cloud-based software delivery may tick many boxes with the procurement and business functions, SaaS Agreements can be tricky when it comes to risk.
SaaS is generally referred to as a “one to many” model which allows the SaaS provider to host and provide the same software for multiple users. SaaS providers are, therefore, generally reluctant to deviate from their standard terms, and your ability to negotiate these terms will depend on various factors including the size of the Customer, the potential spend, bargaining power and the size of the SaaS provider.
The potential cost savings are a huge advantage, but the legal risks need to be carefully managed to ensure that the benefit justifies the risk. Our six key issues will help you navigate these:
1. Hyperlinks to Online Terms and Conditions and Policies (e.g. Acceptable Use Policy)
It’s common for SaaS providers to refer to additional terms and documents by inserting a reference or hyperlink to these terms. These terms, documents and/or policies are incorporated ‘by reference’, and in turn are binding on the parties. This means that they will apply automatically in addition to the terms set out in the SaaS agreement itself. For this reason, it’s important that each of these other documents is carefully reviewed individually. Although there are many variations of this type of clause, most SaaS providers tend to reserve the right to change and vary these terms unilaterally by simply publishing amended terms on their website and stating that the continued use of the SaaS will be considered deemed acceptance by the Customer.
2. Suspension Rights
SaaS providers will generally try to suspend the services they provide where there is non-compliance by the Customer with its standard terms or the Acceptable Use Policy. While it is unlikely that a Customer will succeed in removing such rights, there may be a significant operational risk to the Customer if the SaaS provider can unilaterally switch-off the services. If the service is a business-critical service, then consider carefully the ways to limit the impact of a suspension right on your operations.
3. No Liability for Loss of Actual Data
Most SaaS providers, to varying degrees, attempt to exclude their liability if they lose any Customer data. Loss of data could have a material and adverse impact on the Customer’s business.
4. Uncapped liability for the customer coupled with wide indemnities for losses caused by the customer
Liability caps are designed to both limit and provide predictability around potential exposure for both parties under the SaaS agreement. But in a SaaS agreement drafted by the SaaS provider, it is common for the agreement to seek to limit and cap the liability of the SaaS provider but to have uncapped liability for the Customer, coupled with widely drafted uncapped indemnities for losses caused by the Customer. This should not be the risk profile that a Customer should accept, and it’s very unlikely that you as the Customer would accept this risk in other commercial contracts.
5. Sole and exclusive remedies
In general, the remedies available to a Customer are often weak and SaaS providers commonly include provisions stating that the remedies available to the Customer are the “sole and exclusive” remedy. This means the Customer has weak remedies for non-performance or breach of the SaaS agreement, and no rights to do anything about it because the Customer is limited to the remedies set out in the SaaS agreement only. This includes the Customer’s rights to claim for all of the damages it may incur. An example of this is where a SaaS provider confirms that the payment of service credits is the Customer’s sole and exclusive remedy for non-performance.
6. No meaningful service level or service level remedies
The service levels and service credit mechanism typically proposed by SaaS providers, if proposed at all, are often not sufficient and do not incentivise the right type of performance by the SaaS provider. At a minimum, the SaaS agreement should contain service levels for availability, capacity, response and resolution times, capability, support and service reliability. It is important for the Customer to ensure that the service levels are clearly defined, and that there are clear consequences for the failure to achieve these service levels. Customers should also be wary of the performance standards that are incorporated in a hyperlink or URL as these are often unilaterally amended by the SaaS provider and therefore do not give the Customer scope and performance certainty.
The information and views contained in this article does not constitute legal advice. If you do require legal advice, please contact us on hello@lighthouse.law.
