This article is written by Aditi Katyan, a lawyer who has extensive experience of working with startups and SMEs regarding their legal needs, founder of LittleLawBook.com, a law blog, and a former student of ours. We are proud to present a wonderful and very relevant article by our alumni.
Fast and inexpensive Internet, ubiquitous mobile phones, and entrepreneurial zeal have opened up many new business opportunities.
Today, I am going to talk about the companies offering a new type of technology service called Software as a Service (SaaS).
But why should you care?
Because your career success as a lawyer depends on understanding and adapting to changes.
As companies are launching new business models, you need to understand legal implications in terms of obligations, liabilities, confidentiality, data privacy, and data usage.
So that you can give sound advice to hundreds of companies offering SaaS and thousands of companies buying SaaS.
Let’s have a closer look at SaaS.
What is SaaS?
A quick look at Indian SaaS market, as per a 2018 report prepared jointly by Nasscom and Zinnov:
- Worth $407 million in FY 16
- Expected to grow 3x by 2020
As the Indian SaaS industry aspires to reach $1 trillion in revenue, it foresees nearly 1,000 such SaaS and software product firms in India, each with $10 million in revenue and 66 firms with revenues of at least $1 billion. [source: Economic Times]
Some examples of successful Indian SaaS companies are Zoho, Freshworks, Vymo, Exotel, CloudCherry, and Capillary.
SaaS is changing the way companies work.
SaaS provider (the Provider) distributes its product online that could be accessed over any laptop or, in many cases, on mobile. The Provider continues to host the software and provide IT support on an on-going basis. This allows for stronger network security, greater collaboration, additional features, and straight-forward, upfront prices.
The customer no longer needs to incur upfront costs or worry about security or upgrades.
Let’s have a quick look at the key differences between SaaS and traditional software business models.
SaaS by Example
A SaaS company is different from a traditional software company in the same way as Ola, a car-hailing service through a mobile app is different from meru, a car rental company owning a fleet of cars.
Meru has to buy its cars, which is expensive, to begin with. Meru has to incur the costs of maintenance and insurance. Its costs further increase, when it employs drivers for those cars. On the other hand, Ola has built a mobile app to connect users with drivers. With regular rides coupled with the right incentives on driver’s side and convenience coupled with low cost on the user side, Ola has built a business far more valuable than Meru.
With this background, let’s look at two types of technology companies selling software applications: (1) a traditional software company, and (2) a SaaS company.
Say a bank, needs a CRM application. Under the 1st option of working with a traditional software company, the bank can either get the CRM application built by outsourcing to companies like Infosys or TCS or buy off-the-shelf CRM from Microsoft and get an independent service provider to customize the CRM for its own business. Both options require the bank to make upfront investment apart from incurring regular expenses of maintaining and upgrading the application.
Under the 2nd option, the bank can buy the CRM application from a SaaS company such as Zoho and get it customized by an independent service provider with the least of efforts. The CRM application is hosted by Zoho, which also takes care of its maintenance, security, and upgrades. The bank needs to pay a monthly subscription fee based on the number of active users of the CRM application. At any time, the bank can buy more user licenses or cancel the subscription and shift to a competitor’s CRM, such as that from SalesForce.
The bank has converted most of its capital expenditure of building a CRM application into operating expenses of renting a CRM application. Not only is this much cheaper solution for the bank, but it also offers lots of flexibility in terms of upgrade/downgrade usage, security, maintenance, and upgrade.
Zoho benefits from a predictable revenue coming from the bank. As it has pretty much standardized CRM application, the cost of customization per customer is almost zero. It is hosting its CRM on shared technology infrastructure, so the cost is shared by all the customers. Rolling-out bug fixes, new features, and security updates become far more manageable.
SaaS as a Business Model
Over the last couple of years, as technologies related to cloud computing have evolved, many companies, like Zoho, have started offering their software applications as a service (SaaS).
A SaaS company (the Provider) hosts software applications on its technology infrastructure and make those available to customers (the Customers) over the internet.
In the regular Software licensing model, customers need to purchase the complete Software, which is very expensive. Then they need to host it on their technology infrastructure and have at least a couple of software developers to customize and maintain the Software on an on-going basis. All this adds to the total cost of ownership of the Software.
Under the SaaS model, all customers share the same technology infrastructure to access the software application. The application source code remains the same for all customers. Bug fixes, security updates, and new features are rolled out to all customers.
To be clear, all customers get their specific instance of the software application, which can be customized and rebranded to suit their needs. But underlying software code remains the same.
Rather than owning the software application, customers pay for SaaS applications on a monthly or yearly subscription basis. Customers are free to take as many user licenses as they need and cancel anytime. Not only does this significantly reduces the cost of software ownership for customers, but it also gives them lots of flexibility in terms of paying for only as much as they need.
A SaaS provider benefits from a predictable revenue source from customers taking monthly or yearly subscriptions. By standardizing features and functionalities, the cost of software development and maintenance also goes down.
With approval from customers, the Provider can also analyze anonymized customer data to improve his Software, making it more robust and introduce new features.
To offer Software as a Service, a provider needs a specific type of agreement called the Saas Agreement.
Essentials of a SaaS Agreement
We are going to look at the essentials of a SaaS Agreement between a SaaS company (the Provider) and a customer (the Customer).
SaaS agreement regulates the provisioning of software-as-a-service (SaaS) over the internet to customers.
The agreement primarily covers:
- the Customer’s rights to use the services and the limitations upon that usage.
- the Provider’s obligation to make its software accessible to the Customer over the internet as a service.
The agreement grants the Customer a license to use the software subjected to a set of conditions, which may be tweaked on a case by case basis.
The Provider may also need to provide support and maintenance services.
The Customer owns data that it has supplied and may require the data to be kept confidential. For example, all lead details in a CRM SaaS are owned by the Customer. Provider
The Customer agrees to pay the Provider the relevant charges to provide the services.
The Customer also has to ensure that the customer data will not create any liability on the part of the Provider.
SaaS Agreement Template
You may consider using a simpler SaaS agreement for your clients.
A simpler agreement with fewer points of contentions would avoid unnecessary back-and-forth of negotiations about every minute details of the agreement.
Less time spent on negotiations means your clients would be able to sign their contracts faster. Faster contract executions would result in a quicker sales cycle, which means your clients would start getting paid sooner.
Who would not be happy getting paid quickly!
So you should use a simpler SaaS agreement.
As a starting point, you can use this SaaS agreement provided by Y-Combinator, one of the most prominent startup accelerators in the world.
Though the above SaaS agreement from Y-Combinator is solid, you may want to be aware of its limitations:
- It doesn’t include SaaS services being provided, as that would depend on the specific instances of the use of this agreement. However, an agreement that doesn’t reflect the services provided cannot accurately capture the intent of the parties and is thus more susceptible to dispute, which is the last thing you want.
- It is more favorable to the Provider and, hence, it is likely to create more friction with customers during the negotiation process. This may slow down the contracting process, increase the cost of closing deals, and could result in losing deals altogether.
Hence, use the Y-Combinator agreement as a starting point and customize it on a case-by-case basis.
Key Clauses & Checklist
Let’s focus on key clauses and corresponding checklists in a SaaS agreement.
The Customer (Other Party)
Is the Customer:
- An individual,
- What is the full name?
- What is the postal address?
- A company,
- What is the full company name?
- In which jurisdiction is the company incorporated?
- What is the company registration number (CIN)?
- What is the registered office address?
- Or a partnership?
- What is the name of the partnership?
- In which jurisdiction is the partnership established?
- Where is the principal place of business?
You may want to include auto-renewal as a default provision for the Provider to avoid the cases where a contract has expired, but the services continue as no one is paying attention to the expiry date.
However, some customers may not agree to auto-renewal and want it to be deleted. So you may draft an auto-renewal clause to include “Initial Term” and “Renewal Terms,” which are defined together are the “Term.” Check-out the Y-Combinator SaaS agreement for an example.
Here is the checklist of Term clause:
- When will the contract come into force (Effective Date)?
- What is the term of the contract
- indefinite, or
- will it come to an end upon some agreed date, or
- Upon what date will the contract terminate?
- upon the occurrence of a defined event?
- What event?
- What sort of license to use the SaaS services is being granted?
- The license could be worldwide, non-exclusive, or better
- You may avoid mentioning the license. For the duration of the Term, The Provider gives the Customer a subscription rather than a software license, which allows the Customer to access the service. Hence, there is no software licensing. This would avoid any confusion regarding intellectual property rights disputes in the future on the software.
- Should the hosted services be accessed by some particular means (for example, a web browser or a mobile app)?
- Can the service be used for any purpose or for some specific purpose?
- Who all are eligible to use the SaaS services (example: the officers, employees, agents, and subcontractors of the Customer)?
- Is the license granted to named users? What is the process to change, add or remove a named user (example: a new employee joins at customer’s company, or an employee leaves. How will the named user licenses change?)
- Is the number of concurrent users capped to a limit (example: If the same named user license is shared by two people, then the number of concurrent users is two, whereas the number of named license is 1. Is this allowed?)
- What restrictions apply to the access of the hosted services? (example: no sub-license, unauthorized person not allowed to access SaaS service, don’t use SaaS service to provide services to the third party, do not republish or redistribute any content, do not make any alteration to the Platform, and do not conduct any load testing or security testing)
Pricing for a SaaS service could be based on determining usage of service in terms of the number of user licenses, volume-based, or performance-based and may have tier-based pricing.
Here is a checklist for payment terms:
- Are payments inclusive or exclusive of GST?
- Will the Provider be permitted to change the payment amount, or any element of the payment, in any circumstances?
- Which elements of the payment may be changed? What notice period should apply to the change of payment amount or terms?
- When should invoices be issued?
- What is the timeline for making payment of invoices?
- Is the invoice raised in advance or after the use of services?
- Using what methods should payments be made?
- What interest rate should apply to late payments?
Maintenance, Support & Upgrade
As the Customer is accessing SaaS services hosted by the Provider and doesn’t install the software on its own computer.
When the Provider fixes a bug in the software or upgrades to a new version, the Customer automatically benefits in most of the cases. This also depends on the terms of the agreement. For example, the new upgrade may add new features, which would cost extra to the Customer.
Hence, a maintenance or support services clause doesn’t make sense in a SaaS agreement.
Rather, a SaaS agreement is a service level agreement (SLA). So it should address:
- Guaranteed uptime of services (For example, 99.9% uptime that is typically offered by AWS and other cloud service providers)
- Approved time frame to fix bugs and errors
- Approved time frame to resolve speed and latency related performance issues
Still, if your specific SaaS model or client requires you to put maintenance and support clauses, you may refer to the checklist below:
- During what period will the maintenance/support services be provided?
- How long in advance written notice should be given before the release of an update must be given to the Customer?
- How long in advance written notice should be given to suspending the maintenance/support services must the Provider give to the Customer?
- How much notice must be given to the Customer of a suspension of maintenance/support services following non-payment?
Customers may customize a SaaS service as per its business process. For example, a customer licensing CRM SaaS solution, may configure the workflow to handle leads or customize reports and dashboards, reflecting its own business process.
Such configurations and customizations may be proprietary and business-sensitive to the customer. The Customer may want the Provider to agree that such customer-driven configurations and customizations are confidential into the Customer.
You, as the lawyer of the Provider, may take a position that other customers cannot be prevented from using similar configurations and customizations but that the Provider will not disclose the confidential information of the Customer and that any similar usage must be made independently by other customers.
The Customer may want to own the following data for these data offer valuable insights and analytics into the Customer’s operations and about its users.
- Data that it enters into the system (example – lead details into a CRM SaaS service),
- Data generated by or through SaaS service (example – workflow rules to assign leads to customer’s sales executives), and
- Data outputs (May also include service usage data by the Customer’s users such as click-through rate, session data, profile data, etc.)
The Provider may want to differentiate between the Customer’s business data and the performance data of the SaaS service. For example, the availability and response time of the SaaS service will be performance data. Transaction volume may be another performance data. For example, how many food orders the Customer is getting from a particular geography. Such data may be a business-sensitive for the Customer, which it may want to keep confidential.
Overall, how performance data is defined is critical and would determine ownership and usage rights. You may be aware that the use of customer data is a contentious topic — search for data privacy issues being faced by Google, Facebook, and other internet companies.
You, as the lawyer of the Provider, may want to obtain the right to use aggregated, anonymized data derived from the customer data. The Customer may review these terms closely to consider where it has the authority to share data about its users, or it wants to use such rights for its own business purpose.
Here is a checklist for customer data:
- What may the Provider do with customer data?
- Will the Provider has the right to sub-license its rights on customer data? To whom?
- Will the Provider create a back-up of customer data? How often?
- In case of a disclosure of confidential information by the Provider with the prior written consent of the Customer, should the Provider be bound to place confidentiality obligations upon the recipient of the information?
- Will the Customer have to give its written approval for the Provider to disclose the confidential information to a third party? Alternatively, is it sufficient that such disclosures are made under conditions of confidentiality no less onerous than those set out in this agreement?
- Is the Provider required to act in good faith in relation to confidential information?
- Is the Provider under an obligation to only use the information disclosed for a defined purpose?
- To whom may the Provider disclose confidential information supplied by the Customer?
- Will the confidentiality obligations continue indefinitely, or will they come to an end at some point following termination of the agreement?
- What are the general warranties given by the Provider to the Customer?
- What is the scope of this warranty?
Limitations and exclusions of liability
- Which of the parties (the Provider or the Customer or no one) will be the beneficiary of any limitation of liability?
- Is there any liability cap? How much? Who will be beneficiary?
Force Majeure Event
- Will obligations to make payments be excluded in the case of the force majeure event?
Termination & Effects of Termination
- What will be the notice period for termination without cause by either party?
- Will the winding up of a party give rise to a right of termination for the other party?
- Within what period following termination must outstanding payment be settled?
- Where should notices from the customer be sent?
- Will the Provider be required to notify the Customer of any subcontracting arrangements? For example, the Provider may host the services on AWS and may want to change to Google. Will the Provider be required to notify the Customer?
- Describe what may be subcontracted, and if necessary, to whom subcontracting is permitted.
- The court of which jurisdiction will have the exclusive right to adjudicate disputes relating to the document (subject to applicable law)?
- What is the full name of the Provider signatory?
- On what date is the Provider signing the agreement?
- Add the full name of the person signing the agreement on behalf of the Provider.
- On what date is the agreement being signed on behalf of the first party?
- What is the full name of the Customer signatory?
- On what date is the Customer signing the agreement?
- Add the full name of the person signing the agreement on behalf of the Customer.
- On what date is the agreement being signed on behalf of the Customer?
If you are looking for insights on more contracts, check-out my blog at LittleLawBook.com.
Now I’d like to hear from you:
Which insights from today’s post are you going to use in your review of SaaS agreements?
Are you drafting or reviewing any other contracts for new-age technology companies?
Either way, let me know by leaving a comment below right now.
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skill.