I'm a Privacy, Tech, SaaS, and AI Lawyer.

(There aren't many of us.)

Software-as-a-Service (SaaS) is a complex area of law. Don’t let the plain language legal documents fool you; there’s a lot going on here. Hint: if you’re only using an End User License Agreement (EULA), you’re probably missing 80% of the story.

From Terms of Service to Service Level Agreements to API Terms of Use to Data Processing Addendums, and more, let’s get you to 100%.

 

My Experience.

I’ve worked with many SaaS companies and other tech startups, from early stage scrappy startups to scaled tech giants. Here are some examples of the types of tech companies I have worked for.

  • I’ve worked with payment processors, procurement software providers, insurance companies, and financial analytics technology companies.

  • I’ve worked with automated and smart home software and technology providers, automated property management and maintenance platforms, and real estate analytics and data mining software companies.

  • I’ve worked with several legal tech startups, including records management, deal flow management, and document automation companies. I also have my very own legal tech startup, which makes me uniquely positioned as a lawyer to understand the complexities of the privacy world.

  • I’ve worked with online course, safety, and compliance management platforms.

  • I’ve worked with various small to large e-commerce providers, including physical and digital product e-commerce platforms and retailers.

  • From cutting edge psychedelics companies to medical device and software providers, I’ve had the opportunity to jump into the fast-paced medical tech sector.

  • I’ve worked with food, grocery, and restaurant ordering aggregation and delivery platforms.

  • I’ve worked with software providers in the plant and equipment automation space.

  • I’ve worked with companies creating transformative infotainment, safety, and productivity software in the automobile industry.

  • One of my favourite spaces to work in is the clean-tech industry. I’ve worked with promising clean technology companies, including a sustainable technology innovator revolutionizing sustainable packaging with 100% compostable and affordable plant-based solutions. Read more here.

 

What Legal Documents and Topics Come Up in SaaS?

It depends on what kind of SaaS company you are. We provide a software platform to...

  • What is an Enterprise SaaS model?

    An Enterprise SaaS model is where you provide your software platform to a business, which then uses it to deliver their products or services to their own customers.

    Examples of Enterprise SaaS companies are Shopify, Mailchimp, and Stripe.

    Who are the main parties?

    The key characteristic of an Enterprise SaaS model is that there are four main parties involved:

    1. the SaaS provider;

    2. the enterprise client;

    3. the enterprise client’s authorized users; and

    4. the enterprise client’s end customer.

    What legal documents do I need?

    As an enterprise SaaS company, you may need:

    • Enterprise Terms of Service - this is the agreement between you and your enterprise client. It covers a lot - things like intellectual property rights, data ownership and use (e.g., aggregated end customer data, personally identifiable data, and end customer data rights), privacy, pricing, renewals, termination, limitations on your liability, when your enterprise client is responsible for losses (indemnity), authorized users and your enterprise client being responsible for how they use the platform, and … well, there’s more, but that’s painting the picture, right? This is your main legal agreement.

    • Service Level Agreement - if you will be guaranteeing certain uptime levels and providing technical support, this is the agreement we’ll write up for you. We add it as a schedule to your Enterprise Terms of Service.

    • Statement of Work for Professional, Consulting, Training, or Integration Services - if you provide any professional services along with access to your software platform, we cover off the legalities in a Statement of Work that is attached to your Enterprise Terms of Service.

    • End User License Agreement - if either the enterprise client or the end customer will access the platform through an app or downloaded software they host on their own device (e.g., iPhone, Android, or an application downloaded to a computer), we will need an End User License Agreement for the downloaded software or app.

    • Acceptable Use Terms for Authorized Users - your enterprise client will have authorized users, who are usually the client’s employees who will have access to your software platform. Acceptable Use Terms are the agreement between you and these authorized users. They agree to use the platform only for its intended purpose, consistently with the enterprise client’s promises in the Enterprise Terms of Service, and to follow all applicable laws when using the software (such as privacy laws).

    • API Terms of Use - if your software platform is integrated into your enterprise client’s own platform or systems through an Application Programming Interface (API), then you’ll need API Terms of Use. These legal terms make sure your client uses your API according to your documentation and protect your intellectual property rights. They also include limitations on your liability if your API is used inappropriately.

    • White Label Terms of Service - if you’re white labelling your SaaS platform, we’ll include some special terms and conditions in your Enterprise Terms of Service. For example, we’ll say that your enterprise client’s own terms of service with the end customer must be consistent with your Enterprise Terms of Service. We’ll also make sure that your enterprise customer is responsible for covering any legal claims that involve you (unless the issue is directly your fault).

    • Copyright and Trademarks Terms of Use - Your Enterprise Terms of Service will protect your trademarks, logo, and brand assets. If we need to go further, we can include your brand use guidelines, too.

    • Privacy Policy, Cookies Notice, and Data Processing Addendum - you can learn all about privacy policies, disclosure notices, cookies, and data processing addendums on our privacy page. The short story is, as a SaaS company you will need most, and maybe all, of them.

  • What is a Business-to-Business SaaS (B2B) model?

    A business-to-business SaaS model is where you provide your software platform to a business for its own internal use. The business may use the software to boost productivity, automate a process, or monitor key metrics. Unlike an Enterprise SaaS model though, the business’s own customers are not given direct access to your SaaS platform.

    There are many examples of Business-to-Business SaaS platforms. ClickUp (one of my favourite companies), FreshBooks, and Google Analytics are a few B2B SaaS platforms.

    Who are the main parties?

    The key characteristic of a Business-to-Business SaaS model is that there are three main parties involved:

    1. the SaaS provider;

    2. the business client; and

    3. the business client’s authorized users.

    What legal documents do I need?

    As a Business-to-Business SaaS company, you may need:

    • Business Terms of Service - this is the agreement between you and your business client. It covers a lot - things like intellectual property rights, data ownership and use (e.g., aggregate data about how the business client uses the software), privacy, pricing, renewals, termination, limitations on your liability, when your business client is responsible for losses (indemnity), authorized users and your business client being responsible for how they use the platform, and … well, there’s more, but that’s painting the picture, right? This is your main legal agreement.

    • Service Level Agreement - if you will be guaranteeing certain uptime levels and providing technical support, this is the agreement we’ll write up for you. We add it as a schedule to your Business Terms of Service.

    • Statement of Work for Professional, Consulting, Training, or Integration Services - if you provide any professional services along with access to your software platform, we cover off the legalities in a Statement of Work that is attached to your Business Terms of Service.

    • End User License Agreement - if the business client will access the platform through an app or downloaded software they host on their own device (e.g., iPhone, Android, or an application downloaded to a computer), we will need an End User License Agreement for the downloaded software or app.

    • Acceptable Use Terms for Authorized Users - your business client will have authorized users, who are usually the client’s employees who will have access to your software platform. Acceptable Use Terms are the agreement between you and these authorized users. They agree to use the platform only for its intended purpose, consistently with the business client’s promises in the Business Terms of Service, and to follow all applicable laws when using the software (such as privacy laws).

    • API Terms of Use - if your software platform is integrated into your business client’s own platform or systems through an Application Programming Interface (API), then you’ll need API Terms of Use. These legal terms make sure your client uses your API according to your documentation and protect your intellectual property rights. They also include limitations on your liability if your API is used inappropriately.

    • White Label Terms of Service - if you’re white labelling your SaaS platform, we’ll include some special terms and conditions in your Business Terms of Service. For example, we’ll say that your business customer may change your software platform to the business client’s branding (logo, colours, fonts, and such), but this does not take away from your intellectual property rights or ownership of the platform.

    • Copyright and Trademarks Terms of Use - Your Business Terms of Service will protect your trademarks, logo, and brand assets. If we need to go further, we can include your brand use guidelines, too.

    • Privacy Policy, Cookies Notice, and Data Processing Addendum - you can learn all about privacy policies, disclosure notices, cookies, and data processing addendums on our privacy page. The short story is, as a SaaS company you will need most, and maybe all, of them.

  • What is a Business-to-Consumer SaaS (B2C) model?

    A business-to-consumer SaaS model is where you provide your software platform to a person for their own personal use. There are many examples of Business-to-Consumer SaaS platforms. Just take a look through your phone apps and you’ll see plenty.

    Who are the main parties?

    The key characteristic of a Business-to-Consumer SaaS model is that there are just two main parties involved:

    1. the SaaS provider; and

    2. the SaaS provider’s end customer, which is a person.

    What legal documents do I need?

    As a Business-to-Consumer SaaS company, you may need:

    • Terms of Service - this is the agreement between you and your customer. It covers a lot - things like intellectual property rights, data ownership and use (e.g., aggregate data about how the person uses the software), privacy, pricing, renewals, termination, and limitations on your liability. This is your main legal agreement.

    • End User License Agreement - if your customer will access the platform through an app or downloaded software they host on their own device (e.g., iPhone, Android, or an application downloaded to a computer), we will need an End User License Agreement for the downloaded software or app.

    • Copyright and Trademarks Terms of Use - Your Terms of Service will protect your trademarks, logo, and brand assets.

    • Privacy Policy, Cookies Notice, and Data Processing Addendum - you can learn all about privacy policies, disclosure notices, cookies, and data processing addendums on our privacy page. The short story is, as a SaaS company you will need most, and maybe all, of them.

  • What is a Marketplace SaaS model?

    In a marketplace SaaS model, the SaaS company connects service providers or retailers with customers, usually charging a fee to one or both of them.

    Examples of marketplace SaaS companies include AirBnb and Fivrr.

    Who are the main parties?

    In a Marketplace SaaS model, these are the main parties:

    • the SaaS provider;

    • the business client providing goods or services;

    • the customer client buying the services or goods; and

    • the authorized users of the business client or customer client.

    What legal documents do I need?

    As a marketplace SaaS company, you may need:

    • Marketplace Terms of Service - this is the agreement between you, your business clients, and your customer clients. It covers a lot, just like the terms of service we use for the other SaaS models. We cover all the legalities of the commercial parts of the marketplace, like the fees you charge, not being responsible for the goods and services on the marketplace, restrictions on what can be sold on the platform, and promises by the businesses and customers on the platform to not go outside of your marketplace to complete their transactions and dealings. We also cover things like intellectual property rights, data ownership and use , privacy, pricing, renewals, termination, limitations on your liability, when your business or customer clients are responsible for losses (indemnity), and authorized users and who’s responsible for what they do. As you’re probably starting to appreciate, this is your main legal agreement.

    • Service Level Agreement - if you will be guaranteeing certain uptime levels and providing technical support (usually this is for the business clients on your marketplace), this is the agreement we’ll write up for you. We add it as a schedule to your Marketplace Terms of Service.

    • Statement of Work for Professional, Consulting, Training, or Integration Services - if you provide any professional services along with access to your software platform, we cover off the legalities in a Statement of Work that is attached to your Marketplace Terms of Service. Usually these services are given to the business clients on your platform, but you may also offer some side-services to your customer clients.

    • End User License Agreement - if either the business client or the customer client will access the platform through an app or downloaded software they host on their own device (e.g., iPhone, Android, or an application downloaded to a computer), we will need an End User License Agreement for the downloaded software or app.

    • Acceptable Use Terms for Authorized Users - your business clients, and maybe your customer clients too, will have authorized users, who are usually the employees who will have access to your software platform. Acceptable Use Terms are the agreement between you and these authorized users. They agree to use the platform only for its intended purpose, consistently with the Marketplace Terms of Service, and to follow all applicable laws when using the software (such as privacy laws).

    • API Terms of Use - if your software platform is integrated into your client’s own platform or systems through an Application Programming Interface (API), then you’ll need API Terms of Use. These legal terms make sure your client uses your API according to your documentation and protect your intellectual property rights. They also include limitations on your liability if your API is used inappropriately.

    • Copyright and Trademarks Terms of Use - Your Marketplace Terms of Service will protect your trademarks, logo, and brand assets. If we need to go further, we can include your brand use guidelines, too.

    • Privacy Policy, Cookies Notice, and Data Processing Addendum - you can learn all about privacy policies, disclosure notices, cookies, and data processing addendums on our privacy page. The short story is, as a SaaS company you will need most, and maybe all, of them.

  • What is a Platform-as-a-Service (PaaS) model?

    A PaaS model provides a client with on-demand access to a complete, ready-to-use, cloud-hosted platform for developing, running, maintaining and managing applications. The main distinguishing characteristic of a PaaS platform is that it allows your client to build on top of the platform you provide with the client’s own applications and solutions, which are usually very tailored to their own business.

    Examples of PaaS companies are Salesforce, Microsoft, and IBM.

    Who are the main parties?

    In a PaaS world, there can be many players. Typically though, the parties look very similar to the Enterprise SaaS model:

    • the PaaS provider;

    • the enterprise client;

    • the enterprise client’s authorized users; and

    • the enterprise client’s end customer.

    What legal documents do I need?

    As a PaaS company, you may need:

    • Platform Terms of Service - this is the agreement between you and your enterprise client. It covers a lot - things like intellectual property rights, data ownership and use (e.g., aggregated end customer data, personally identifiable data, and end customer data rights), privacy, pricing, renewals, termination, limitations on your liability, when your enterprise client is responsible for losses (indemnity), authorized users and your enterprise client being responsible for how they use the platform. Given you’re a PaaS company, we also cover topics like who owns the apps and other systems developed on top of your platform, whether these additional apps can be resold, and who is responsible for maintaining them. As you can see, your Platform Terms of Service is your main legal agreement. It’s also a highly customized document given how unique a PaaS platform may be.

    • Service Level Agreement - if you will be guaranteeing certain uptime levels and providing technical support, this is the agreement we’ll write up for you. We add it as a schedule to your Platform Terms of Service.

    • Statement of Work for Professional, Consulting, Training, or Integration Services - if you provide any professional services along with access to your platform, we cover off the legalities in a Statement of Work that is attached to your Platform Terms of Service.

    • End User License Agreement - if either the enterprise client or the end customer will access the platform through an app or downloaded software they host on their own device (e.g., iPhone, Android, or an application downloaded to a computer or server), we will need an End User License Agreement for the downloaded software or app.

    • Acceptable Use Terms for Authorized Users - your enterprise client will have authorized users, who are usually the client’s employees who will have access to your platform. Acceptable Use Terms are the agreement between you and these authorized users. They agree to use the platform only for its intended purpose, consistently with the enterprise client’s promises in the Platform Terms of Service, and to follow all applicable laws when using the software (such as privacy laws).

    • API Terms of Use - if your software platform is integrated into your client’s own platform or systems through an Application Programming Interface (API), then you’ll need API Terms of Use. These legal terms make sure your client uses your API according to your documentation and protect your intellectual property rights. They also include limitations on your liability if your API is used inappropriately.

    • White Label Terms of Service - white labelling is often a feature of PaaS models, since the enterprise client is building their own software on top of the platform. We’ll include some special terms and conditions in your Platform Terms of Service, such as your enterprise client’s own terms of service with its end customer must be consistent with your Platform Terms of Service. We’ll also make sure that your enterprise client is responsible for covering any legal claims that involve you (unless the issue is directly your fault).

    • Copyright and Trademarks Terms of Use - Your Platform Terms of Service will protect your trademarks, logo, and brand assets. If we need to go further, we can include your brand use guidelines, too.

    • Privacy Policy, Cookies Notice, and Data Processing Addendum - you can learn all about privacy policies, disclosure notices, cookies, and data processing addendums on our privacy page. The short story is, as a PaaS company you will need most, and maybe all, of them.

  • If you combine some of all the above into your platform, then you’ll be one of our favourite clients. Creative legal documents and solutions for creative clients is our specialty.

    It’s not at all uncommon for mid-sized to large companies (or even very ambitious tech startups) to have more than one model.

 

What Other Contracts and Legal Documents Should We Be Thinking About?

  • SaaS companies often hire resellers to market and sell their subscriptions and services. A Reseller Agreement covers things like the commission, revenue share, or profit participation earned by the reseller and when it is paid, who collects payments from clients, pricing, territory limits, and any client support or account management services the reseller will provide. We also include other typical legal topics, like limitations on liability, paying for losses (indemnity), and confidentiality.

  • Many platforms and apps include advertisements. When the SaaS company provides advertising space to a third-party retailer or service provider, that’s a service that needs to be covered by an agreement.

    In this case, we make terms of service applicable to advertisers to document that agreement. Nothing too mysterious in the name here, we call them “Advertiser Terms of Service”. These are separate from your terms of service for your clients and customers.

    Your Advertiser Terms of Service cover the types of ads that can be placed, how they will be displayed, the fee for the ads (e.g., pay-per-click, flat rate, or revenue share), and the duration of the contract. We also cover standard legal topics, like limiting your liability for the advertiser’s products and services.

    Also, if you do have ads displayed on your platform or in your app, we need to make sure we include some disclaimers in your terms of service with your own clients and customers to make it clear you’re not responsible for the ads or anything bought from third parties.

  • It’s very common to use integrations from third-party software providers in your tech stack. For example, you may have a payment processor (e.g., Stripe) integrated into your platform for payments, or you could use open source components in your platform.

    There are two things we need to consider when using integrations. First, we will need to make sure your terms of service cover integrations. Your customer will consent to third-party integrations and accept that your liability is limited when it comes to third-party software.

    Second, we need to take a look at the license terms you accept to use the third-party integrations. For example, if you’re using Stripe as your payment processor, we will review your license terms with Stripe to make sure everything looks okay for your business.

  • SaaS companies, like many businesses, rely on outsourced services. Maybe you have an outsourced software developer, marketing agency, or cloud hosting provider (e.g., Azure or AWS). Whenever you’ve hired an outside party to provide services to your business, there should be a contract in place. We can write that contract for you or we can review the contract the service provider has asked you to sign and negotiate any terms that should be changed for your business.

  • What’s a company without its people? Employment law and contracts are important for SaaS companies too. If you need help creating your employment contracts, code of conduct, stock option plans, and more, we can help with that too.

 

Frequently Asked Questions.

  • SaaS companies use the internet to deliver software to their customers. Usually revenue is subscription-based, with a monthly or annual fee.

    SaaS customers typically get a ready-to-use solution with some ability to choose between features and options, but generally don’t have to upgrade or develop the platform with their own code (although there could be a little work that way through API integrations).

    Since SaaS platforms are cloud-based and hosted by the SaaS provider or through its cloud service provider (e.g., Azure, AWS, Google Cloud), SaaS upgrades are managed by the SaaS provider rather than the customer.

  • Hosting

    • Traditional software licensing involves the customer downloading and hosting the software on their own information technology systems or a device.

    • SaaS is cloud based and hosted or managed by the SaaS provider. However, SaaS providers often have an App, which is downloaded onto a customer’s device and subject to an End User Licensing Agreement (EULA).

    Updates and maintenance

    • In software licensing, updates are usually subject to a fee.

    • Updates to the SaaS platform are included in the subscription fee.

    Backups

    • In software licensing, usually the customer is responsible for all backup.

    • In SaaS, the SaaS provider provides data backup services, which vary from limited data backup to extensive backup and retrieval.

    Accessibility

    • In software licensing, the files and data are accessible only from the device where the software is installed.

    • SaaS is web-based or app-based, so the files and data are available from any internet-connected device.

  • SaaS is cloud based and hosted or managed by the SaaS provider.

    However, SaaS providers often have an App, which is downloaded onto a customer’s device and subject to an End User Licensing Agreement (EULA) applicable to the App.

    So, SaaS and Apps are part of the same software service and delivery system.

  • Authorized Users are the employees and (sometimes) the contractors of the SaaS company’s customer. These individuals are authorized by the SaaS customer to access their subscription to the software. The SaaS company’s Terms of Service make the customer liable for the actions of their Authorized Users.

    Authorized Users also accept terms and conditions when they log into the software platform (we call these terms Acceptable Use Terms).

  • API is the acronym for Application Programming Interface.

    An API is an intermediary program that allows two applications to talk to each other.

    If your platform uses APIs to integrate with other systems, including your customers’ software, we will create API Terms of Use to cover off the legal topics that come up with API use.

  • Sometimes the end customer doesn’t know that the software platform is provided by a third-party. We call this a white label solution.

    Stripe and Mailchimp are examples of white labelled SaaS platforms - the customer may not know that their payment is being processed through an integration with Stripe, or that the automated emails they get from you come through the Mailchimp platform.

    Typically, the customer customizes the SaaS platform with their own branding and logo.

    When it comes to the legal side of white labelling, even though the end customer doesn’t know (or it’s not completely obvious) that the SaaS company is in the mix, there are still lots of legalities to think about. For example, privacy and data ownership.

    When you provide a white labelled solution, you also need to make sure that your enterprise client’s terms of service for their own end customer cover off all the legal concerns that can come up for you. For example, terms that limit your liability for the data the end customer may put on the platform, or only using the software as intended and not reverse engineering by accessing your code.

    We also need to make sure that the terms of service between you as the SaaS company and your enterprise client cover all the commercial terms (e.g., payment, authorized users, confidentiality, termination, and more), limit your liability, and cover data ownership, and more.

  • They do! But many of the same topics apply to each SaaS model, so there are some “standard” terms and topics that you will see across SaaS models. But there are many terms, conditions, and complexities that are different between the models. Carefully written and tailored legal documents and advice are very important.

 

Let's Work Together.

Book a free consult or ask me to get in touch with you.

 

Not wanting to book a meeting? No problem.
Send me a message and I’ll get in touch.