Software as a Service (“SaaS”) agreements are entered into between a provider and a customer, and the agreement allows for the customer to utilize the service that is offered by the provider. Some of the more important aspects that a provider should be sure to address in a SaaS agreement are detailed below.
- Data Backup
Generally, a provider will want to include a section that explains how their service backs up data. A common section will include an explanation that while the provider will perform routine data backups, the consumer is still the one responsible for performing regular backups of their own to ensure that no customer data is lost or damaged. In short, this section will help to protect a provider from liability for customer data that is not properly backed up, and therefore is damaged, lost, or otherwise altered.
- Intellectual Property Rights
An intellectual property rights section is present in nearly all SaaS agreements. This section clarifies who owns the information that is generated within the service that is being offered by the provider. Typically, the provider will own all of the intellectual property rights in the actual service, and the customer will own any of the specific data that they place into the service.
Without a clearly defined intellectual property rights section a provider could open themselves up to future issues over use of information within the service. It is also common for this section to include a consent by the customer which allows the provider to use the customer’s data in ways that are useful or necessary to perform the service that is being provided.
- Authorization Limitations and Restrictions
The SaaS agreement allows the customer to access and use the provider’s service. However, there are common limits and restrictions on the ways in which the customer can use the service, as well as the ways in which the customer can access the data underlying the service. Typically, an authorization limitations and restrictions section will explicitly list ways in which the customer shall not access or use the service, and its underlying data.
Some commonly prohibited behaviors include: copying or modifying any aspect of the service; renting, leasing, selling, sublicensing, or assigning any aspect of the service; reverse engineering, decoding, or attempting to gain access to the source code of the service; breaching any security device or protections used by the service or the provider; inputting, uploading or providing to or through the service any information or materials that are unlawful or contain or activate any harmful code.
- Service Levels
Providers typically include a section in the SaaS agreement that protects them if their service is briefly inaccessible or unavailable to the customer. A service levels section protects the provider from unforeseen circumstances that may impact the availability of their service to the customer. This section will typically list out some exceptions to the availability of the service, things such as failure of the customer to comply with the agreement, customer failure, issues with the internet access of the customer, force majeure events (essentially forces of nature such as a large storm, or other similar event), failure of other service or hardware that is not provided by the provider, and scheduled downtime are all commonly listed. This section of the SaaS agreement allows for brief periods of inaccessibility of the service, thus protecting the provider from unforeseen circumstances, and customer use errors or issues that prevent the customer from continuous access to the service.
- Termination and Suspension or Termination of Services
The typical SaaS agreement will have a section on termination of the contract, as well as a section that allows for the provider to suspend or terminate the services. The termination section allows the provider to lay out specific instances where the contract, and thus access to the service, can be stopped.
This section typically makes it clear what a customer should do with the data, intellectual property rights or other information that the customer has learned, or had access to, through the use of the service from the provider. The termination section also allows for the provider to disable all customer access to the services. Typically both the provider and the customer have the ability to terminate the agreement upon 30 days notice.
Generally, the suspension and termination section gives the provider the ability to suspend or terminate customer access or ability to use any part of, of the all aspects of, the service. The section enumerates instances that would allow for suspension or termination of the service, common instances are as follows: judicial or governmental order or law enforcement request that requires provider to do so; good faith and reasonable belief on the part of provider that the customer has – failed to comply with material terms of the contract; accessed or used the service beyond the scope of the agreement; been, or is, likely involved in fraudulent, misleading, or unlawful activities in connection with the services; or the agreement expires or is terminated.