Don't SaaS Me: Key Areas of Negotiation in Software as a Service Agreements
Today, most businesses use some form of software platform or other similar technology, whether as part of their core product or service offerings or internal operations or processes.
March 14, 2019 at 10:15 AM
5 minute read
Stephanie Quinones of Gunster.
Today, most businesses use some form of software platform or other similar technology, whether as part of their core product or service offerings or internal operations or processes. While the term “software” may to some imply the traditional program and operating information that one downloads onto a computer or a network, software as a service, also known as “SaaS,” has become an increasingly popular method of software delivery for technology providers and their customers. Under a typical SaaS arrangement, the provider remotely hosts and manages software applications which are made available to customers over the internet or a private network.
To many businesses, this difference between “traditional” software and SaaS is virtually (pun intended) seamless, at least at first glance. But the use of a SaaS platform over a traditional software model inserts several new layers of risk about which SaaS providers and their customers should be aware. The parties to a SaaS transaction can attempt to mitigate these issues and risks by virtue of the agreement between them regarding delivery of the SaaS. In some cases, the terms upon which a SaaS provider delivers its services are set forth in a “click-through” document to which a user agrees prior to accessing the technology. In these cases, and unless the customer has some leverage, there is typically little to no negotiation regarding the terms, which are often one-sided in favor of the provider. In other cases, however, such as those involving narrowly tailored, enterprisewide, or otherwise more complex platforms, the bargaining power between the parties is typically more even handed, and the terms upon which a SaaS provider delivers its services are often set forth in a separate SaaS agreement or something similar. Here, certain key areas of the SaaS terms can and should often be heavily negotiated. Some of these issues are described below.
- Technical Specifications. While important for any product or service offering, technical specifications in the context of SaaS are often cast by the wayside. But defining appropriate technical specifications is crucial for establishing expectations between the parties and avoiding disputes down the road. This is especially true where the SaaS will be customized to the customer's business or processes. So, the SaaS agreement should contain technical specifications that adequately (and specifically) describe the expected functionalities of the SaaS. In most instances, the technical specifications provide the measure against which performance by the SaaS will be measured, whether by virtue of the acceptance testing process (if any), or predefined warranties or service levels.
- Warranties and Service Levels. The extent of negotiations with regard to warranties and service levels is almost always a function of how critical the SaaS is to a particular customer's business operations. Essentially, if unavailability of the SaaS means significant impediment to the effective or efficient operation of a customer's business or internal processes, then the customer would likely (and reasonably) demand warranties and service level guarantees more robust than would a customer which would not be similarly affected. In either case, however, the SaaS agreement can and should address how the parties will handle unavailability or otherwise “bad” service.
- Ownership and Protection of Data. Because SaaS providers will remotely host and make the SaaS available over the internet or a private network, customer data might also be hosted remotely and transferred over the internet or across a private network. Ownership of data, including customer data, any data derived from customer data, and any data otherwise produced by the SaaS, should always be clearly defined. And depending on the sensitivity of customer data, it might also be appropriate to address storage, transmission, restrictions on access and other security requirements.
- Data Conversion and Transition. If customer data will be imported into the SaaS, the parties will need to consider whether customer data from legacy systems can be directly imported. If it cannot, then the SaaS agreement should address data conversion, including each party's responsibility for associated costs. The agreement might also address the provider's obligations (if any) on termination with respect to data, such as the obligation to return or destroy it. Where data must be returned, the agreement should also specify the format in which it will be provided.
- Indemnity and Limitation on Liability. Indemnities and limitations on liability are relevant for purposes of any significant commercial transaction, and the same is true in the context of a SaaS. Here, the most often covered issues include intellectual property infringement and, if the SaaS provider will host or otherwise store customer data that is confidential or proprietary, security breaches. Regardless of the scope of each party's indemnification obligations, these provisions can and should be read together with the agreement's limitation on liability provisions, which serve to limit one or both party's total liability under the agreement.
Of course, the above list is nonexhaustive, and it is important to remember that each situation is different and will require its own, unique approach. In any event, when providing or procuring SaaS services, all business owners should be sure to consider the above-listed issues, among others. Without doing so, a party to a SaaS transaction could find itself locked into a unfavorable arrangement or, in the worst case scenario, subject to an unreasonable degree of risk or liability.
Stephanie Quiñones is a member of Gunster's corporate and technology & entrepreneurial companies practice group. She regularly counsels entrepreneurs and in-house counsel with business, technology, IP licensing, internet/social media and privacy issues. Contact her at [email protected].
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
Leveraging the Power of Local Chambers of Commerce: A Second-Career Lawyer’s Guide to Building a Thriving Practice
5 minute read
CFPB Proposes Rule to Regulate Data Brokers Selling Sensitive Information
5 minute read
Essential Labor Shifts: Navigating Noncompetes, Workplace Politics and the AI Revolution
Trending Stories
Who Got The Work
J. Brugh Lower of Gibbons has entered an appearance for industrial equipment supplier Devco Corporation in a pending trademark infringement lawsuit. The suit, accusing the defendant of selling knock-off Graco products, was filed Dec. 18 in New Jersey District Court by Rivkin Radler on behalf of Graco Inc. and Graco Minnesota. The case, assigned to U.S. District Judge Zahid N. Quraishi, is 3:24-cv-11294, Graco Inc. et al v. Devco Corporation.
Who Got The Work
Rebecca Maller-Stein and Kent A. Yalowitz of Arnold & Porter Kaye Scholer have entered their appearances for Hanaco Venture Capital and its executives, Lior Prosor and David Frankel, in a pending securities lawsuit. The action, filed on Dec. 24 in New York Southern District Court by Zell, Aron & Co. on behalf of Goldeneye Advisors, accuses the defendants of negligently and fraudulently managing the plaintiff's $1 million investment. The case, assigned to U.S. District Judge Vernon S. Broderick, is 1:24-cv-09918, Goldeneye Advisors, LLC v. Hanaco Venture Capital, Ltd. et al.
Who Got The Work
Attorneys from A&O Shearman has stepped in as defense counsel for Toronto-Dominion Bank and other defendants in a pending securities class action. The suit, filed Dec. 11 in New York Southern District Court by Bleichmar Fonti & Auld, accuses the defendants of concealing the bank's 'pervasive' deficiencies in regards to its compliance with the Bank Secrecy Act and the quality of its anti-money laundering controls. The case, assigned to U.S. District Judge Arun Subramanian, is 1:24-cv-09445, Gonzalez v. The Toronto-Dominion Bank et al.
Who Got The Work
Crown Castle International, a Pennsylvania company providing shared communications infrastructure, has turned to Luke D. Wolf of Gordon Rees Scully Mansukhani to fend off a pending breach-of-contract lawsuit. The court action, filed Nov. 25 in Michigan Eastern District Court by Hooper Hathaway PC on behalf of The Town Residences LLC, accuses Crown Castle of failing to transfer approximately $30,000 in utility payments from T-Mobile in breach of a roof-top lease and assignment agreement. The case, assigned to U.S. District Judge Susan K. Declercq, is 2:24-cv-13131, The Town Residences LLC v. T-Mobile US, Inc. et al.
Who Got The Work
Wilfred P. Coronato and Daniel M. Schwartz of McCarter & English have stepped in as defense counsel to Electrolux Home Products Inc. in a pending product liability lawsuit. The court action, filed Nov. 26 in New York Eastern District Court by Poulos Lopiccolo PC and Nagel Rice LLP on behalf of David Stern, alleges that the defendant's refrigerators’ drawers and shelving repeatedly break and fall apart within months after purchase. The case, assigned to U.S. District Judge Joan M. Azrack, is 2:24-cv-08204, Stern v. Electrolux Home Products, Inc.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
