SaaS Agreements – Website Legal Requirements

Does your website comply with the various legal requirements applicable to SaaS suppliers who opeate a UK website?

Below, I have set out the main legal requirements (including some optional recommendations) that apply to a SaaS supplier’s website.

Mandatory Requirements

SaaS suppliers must provide the following information in an easily accessible position on their website:

About Us/Contact Information

  • Legal name of the company i.e. XYZ Ltd;
  • Geographical address of the company;
  • Contact details i.e. telephone number and email address;
  • The country in which the company is registered and the company registration number;
  • Details of any supervisory body who regulates the company i.e. the FSA. For regulated bodies more detailed information is required;
  • If the SaaS supplier is registered for VAT and the VAT number;
  • Clear details of prices and whether or not delivery and/or tax is included (where online sales can be made);

Registration under the Data Protection Act

If a SaaS supplier collects any personal data in the operation of its business, including when visitors use its website such as, email address, name, telephone number or address of a living person, the SaaS supplier is collecting and processing personal data and must register as a data controller under the UK Data Protection Act. It is a criminal offence not to register.

Privacy Policy

If a SaaS supplier collects, stores or processes personal data as a data controller, they must set out how and why personal data is being collected and used in order to comply with the provisions of the UK Data Protection Act and the GDPR. The privacy policy must include:

  • Detailed information about the SaaS supplier;
  • The data being collected and processed; and
  • All mandatory information set out in applicable data protection laws that a data controller is required to provide to a data subject.

Cookie Banner and Cookie Notice

Before any cookie or similar technology used to track use of a website (such a web beacon, pixel etc.) can be placed on a user’s device explicit “opt in” consent must be obtained from the visitor. Consent is obtained via a cookie banner. If no consent is obtained from users no cookies other than essential cookies may be set.

The Privacy and Electronic Communications (Amendment) Regulations and the GDPR set out the obligations of website operators to provide users with information about cookies and any other similar technology that tracks the use of a website and the need to obtain a user’s prior consent to the use of cookies. Failure to comply with the rules can result in GDPR fines. SaaS suppliers must have a cookie banner on their website, they track use of the website and this should contain a direct link to the SaaS supplier’s cookie policy.

Trademarks and Logos

Do not use any third party’s trademarks or logos on your website without the third party’s consent or you could be liable to pay damages for trademark infringement. This includes displaying logos of your SaaS customers, where you do not have their specific consent to use their logos for this purpose.


Do not use any third party’s content on your website without the third party’s consent or you could be liable to pay damages for copyright infringements. If you have links to any third party’s content, make sure that this is permitted by the third party’s terms of use and ensure that the information opens in a new frame.

Recommended Requirements

In addition to the above mandatory rules it is advisable for SaaS suppliers to have the following, in addition.

Terms of Use/Disclaimer

SaaS suppliers should set out the rules applicable to persons using and accessing the free goods and services available on their website. For example: state who may access the website i.e. businesses, persons over 18 years old. SaaS suppliers should also aim to limit their liability for information provided on their website. For example: state which law applies and limits on liability.

Copyright Notice

Protect your information on your website by inserting a copyright notice “© company name 2022.  All rights reserved.” Without this notice,  it may be difficult in some countries to take any action against a copyright infringement.

The above are examples of the main legal requirements for SaaS supplier websites. However, this is a very complicated area of law and the specific rules that apply to you will depend on what goods and services you are offering, whether you are acting BTB (business to business) or BTC (business to customer), where your SaaS business is physically located, where your customers are located and many other factors.


If you would like to have your website reviewed for compliance with English law or have any queries about compliance please contact:

To register for my newsletter click here