SaaS Agreements – FAQs – What is SaaS and Essential Terms to include in a SaaS Agreement

SaaS is the abbreviation for “software as a service”. You may know this under another name, for example subscription agreement, SaaS contract, software on demand, software subscription agreement, cloud computing or ASP services (application service provider). These names all refer to the same thing – hosted software being made available via the Internet to users.

What is a SaaS Agreement

A SaaS agreement is simply the name used for the agreement between a SaaS supplier and a SaaS customer which sets out the terms under which the SaaS software may be accessed. This will usually include a service level agreement (SLA) and a data processing agreement (DPA).

Differences between a SaaS Agreement and a Standard Software Licence

A SaaS agreement differs from a standard software licence in that:

  • The SaaS customer will not receive a physical or installed copy of the software;
  • No ownership in the SaaS software will be transferred to the SaaS customer;
  • The SaaS customer‘s right to use SaaS software will end upon termination of the SaaS contract.

Essential Terms to Include in a SaaS Agreement

The following legal issues should be included in any SaaS agreement, whether you are a SaaS supplier or a SaaS customer.

Software Licence

Access to the SaaS software should be limited to the term of the SaaS agreement. Once the SaaS agreement expires or terminates the software licence should automatically terminate.

If the SaaS customer is a global entity, you should specify:

  • Which companies or entities may access the SaaS software;
  • In which territories the software may be used; and
  • The number of authorised users;
  • Identify the specific purposes for which the SaaS software may be accessed; and
  • Name any third parties who will be permitted access to the SaaS software i.e. outsourcing providers or clients of the SaaS customer.

Intellectual Property Rights – IPR

The SaaS supplier should retain ownership of all IPR in the SaaS software and services it provides. The SaaS customer should retain ownership of all IPR in its systems, content and data. You should specifically state that the source code remains owned by the SaaS supplier. The SaaS customer should grant the SaaS supplier the right to use its IPRs for the term of the SaaS agreement i.e. to display the SaaS customer’s logos and copyrighted information.

Applicable Law, Jurisdiction & Language

A SaaS supplier should specify which law applies to the SaaS agreement and which courts will deal with any disputes arising from it. In international SaaS agreements make sure that you specify in which language the dispute will be dealt with, and if the SaaS agreement is in more than one language, which language prevails if there is a discrepancy between the two versions.

Return of Data

At the end of the SaaS agreement the SaaS customer’s data should be returned and to compy with the GDPR and other data protection laws all personal data must be returned and deleted. The format in which the data is to be returned and any payment for this service should be agreed in advance. Additionally, the parties can agree that the SaaS supplier will provide assistance in transferring SaaS customer data to a new supplier – in return for payment for this data migration service.

Data Processing Agreement (DPA)

The SaaS supplier is the data processor and the SaaS customer is the data controller. Under data protection law different rules apply to the data controller and the data processor. In compliance with the General Data Protection Regulation (GDPR) The SaaS supplier is obliged to process data in accordance with the SaaS customer’s written instructions and should protect itself against claims from third parties that such processing was illegal. Likewise, the SaaS customer will also need to protect itself against claims from third parties caused by the SaaS supplier not processing data in accordance with its instructions or the terms of the data processing agreement.

Both the SaaS supplier and the SaaS customer’s data protections obligations must be set out in a written data processing agreement (DPA) which forms a schedule to the SaaS agreement. In addition where any international transfers of EU, UK or Swiss personal data are made, Standard Contractual Clauses must be used and the SaaS customer and SaaS supplier must carry out Schrems II Data Transfer Assessments. The SaaS supplier must also provide a list of the sub-processors that it uses to provide the SaaS services and a security policy.

Service Level Agreement (SLA)

This sets out the hosting, support and maintenance services being provided to the SaaS customer by the SaaS supplier. The SLA should specify where the data centre is located, who is operating it, what security, backup and disaster recovery procedures are in place. Support hours and support services for dealing with hosting problems and software problems should be identified and documented and the procedure for dealing with upgrades and maintenance to the software should be specified. The particular details will depend on the amount being paid for the hosting, support and maintenance and the purpose for which the SaaS software is being used.

Summary

Due to the unique nature of SaaS agreements you will need to seek specialist legal advice on the content of a SaaS agreement whether you are a SaaS supplier or a SaaS customer to ensure that your rights are adequately protected and that you are fully complying with all applicable laws.

Help

Irene Bodle is an IT lawyer specialising in SaaS agreements, GDPR and cloud computing with over 15 years experience in the IT sector. If you require assistance with any SaaS or cloud computing contracts, GDPR or any other IT legal issues please contact me:

irene.bodle@bodlelaw.com
www.bodlelaw.com

To register for my newsletter click here

______________________________________________________

Other related articles: