SaaS Agreements – Website Legal Requirements – for SaaS Suppliers

Below, I have set out the main legal requirements (including some optional recommendations) that you should comply with when operating your website in the UK. Even if you do not sell SaaS products or services online via your website, you will still need to comply with the following English laws when operating a website in the UK.

Mandatory Requirements

About Us/Contact Information

You must provide the following information in an easily accessible position on your website:

  • your legal name i.e. XYZ Ltd
  • your geographical address
  • contact details i.e. telephone number, fax number and email address
  • which country your business is registered in and the registration number
  • details of any supervisory body which regulates your business i.e. the FSA. For regulated bodies more detailed information is required.
  • where you are registered for VAT and your VAT number
  • clear details of prices and whether or not delivery and/or tax is included

Registration under the Data Protection Act

If you collect any personal data on your website – i.e. email address, name or address of a living individual, you will be processing personal data and must register as a data controller under the Data Protection Act (DPA). As a SaaS supplier the DPA will apply as soon as you require users to register in order to access your SaaS website or receive a newsletter or marketing information from you.

Privacy Policy

If you are collecting personal data it is a criminal offence not to register as a data controller under the Data Protection Act (DPA).

If you are collecting, storing or processing personal data you need to inform SaaS customers or website users how, what and why you are using their personal data in order to comply with the DPA. Even if you do not collect personal data on your website as a SaaS supplier you will be collecting and processing personal data on behalf of your SaaS customers.

Also, if you are sending marketing emails to potential SaaS customers you need to ensure that you have obtained specific consent, BEFORE such emails are sent. Consent should be covered in your privacy policy and the registration process on your website.

Cookie Policy

Cookies are small text files placed on a user’s computer which record online activity. Virtually all websites use cookies. Most use analytics cookies to measure visits and use of websites. Performance and functionality cookies are used to make repeated use of a website more comfortable for the user and advertising cookies are increasingly used to collect information about users for targeted marketing purposes.

You must provide users with clear and comprehensive information about the type of cookies being used on your website and the purposes for which the information is collected (subject to some exceptions). Users must give consent to the use of cookies. Consent can be obtained, by specifically making users aware of their acceptance of the terms of your cookie policy (or the relevant section of your privacy policy) by virtue of continuing to use your website.

Disabled Access to your Web Site

If you offer SaaS goods or services on your website you need to make your website accessible to disabled users. Level 1 compliance with the WC3 standard will usually suffice.

Trademarks and Logos

Do not use other people’s trademarks or logos without their consent on your website or you could be liable to pay damages for trademark infringements.


Do not use other people’s content without their consent on your website, or you could be liable to pay damages for copyright infringements. If you have links to other people’s content, make sure that this is permitted in their terms of use and ensure that the information opens in a new frame.

Online Payment

If you accept online payment for your SaaS goods or services you must provide SaaS customers with specific information about their right to cancel, VAT and prices, refunds and defective goods PRIOR to the sale being concluded.

Recommended Requirements

In addition to the above mandatory rules it is advisable to include the following information on your website.

Terms of Use/Disclaimer

You should set out the rules applicable to visitors using and accessing SaaS goods and services on your website. For example, state who may access the website i.e. consumers, businesses, over 18s. You should also aim to limit your liability for information on your website. For example, state which law applies and your limits on liability. However, please note that you cannot exclude or limit certain liabilities in particular circumstances  – particularly in relation to consumers, injuries caused by goods and services, or defects in your goods and SaaS services.

Copyright Notice

Protect the information on your SaaS website by inserting a copyright notice “© company name 2013.  All rights reserved.” Without this notice, it may be difficult in some countries to take legal action against any copyright infringement.


The above are examples of the main legal requirements for UK websites. This is a very complicated area of law and the specific rules that apply to you will depend on what goods and SaaS services you are offering, whether you are acting BTB (business to business) or BTC (business to customer), where you are based, where your customers are located and many other factors.


Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

To register for my newsletter click here


Other related articles: