SaaS Agreement Template
A Software as a Service (SaaS) agreement governs the relationship between the provider of a cloud-hosted application and its customer. Unlike traditional software licenses, SaaS agreements address ongoing service delivery, data handling, uptime commitments, and the unique risks of cloud-based infrastructure.
Key Provisions Checklist
Use this checklist when drafting or reviewing a SaaS agreement to ensure all critical provisions are addressed.
| Provision | Key Issues | Customer Priority |
|---|---|---|
| Subscription Terms | Term length, auto-renewal, pricing lock, user/usage tiers | High |
| Service Level Agreement | Uptime percentage, measurement method, service credits, exclusions | High |
| Data Processing / Privacy | Data ownership, processing scope, subprocessors, data location, DPA | Critical |
| Security Obligations | Encryption, access controls, certifications (SOC 2, ISO 27001), breach notification | Critical |
| Acceptable Use Policy | Prohibited activities, compliance responsibilities, content restrictions | Medium |
| Termination | Termination for convenience vs. cause, cure periods, data export, wind-down | High |
| IP Ownership | Customer data ownership, provider IP, feedback/suggestions, customizations | High |
| Limitation of Liability | Cap structure, consequential damages waiver, carve-outs | High |
Subscription Terms
The subscription section defines the grant of access, pricing model, and renewal mechanics.
Sample Language:
"Subject to the terms of this Agreement and payment of applicable Fees, Provider grants Customer a non-exclusive, non-transferable right to access and use the Service during the Subscription Term for Customer's internal business purposes. The initial Subscription Term is [12/24/36] months from the Effective Date. Unless either party provides written notice of non-renewal at least [30/60/90] days prior to the end of the then-current term, the Subscription Term will automatically renew for successive [12]-month periods at Provider's then-current pricing, subject to a cap of [X]% annual increase."
Drafting tip: Customers should negotiate a price increase cap on renewal (typically 3-7% annually) and a meaningful notice period for non-renewal. Providers should ensure the auto-renewal mechanism is conspicuous, as some jurisdictions have specific requirements for enforceable auto-renewal clauses.
Service Level Agreement (SLA)
The SLA quantifies the provider's uptime commitment and establishes remedies for downtime.
- Uptime target: Typically 99.5% to 99.99%. Clarify the measurement period (monthly is standard) and the definition of "downtime" (total unavailability vs. degraded performance).
- Measurement method: Specify whether uptime is measured by the provider's monitoring tools, third-party monitoring, or customer-reported incidents.
- Service credits: The standard remedy for SLA breaches. Credits are usually a percentage of monthly fees (e.g., 5% for each 0.1% below target, up to 30% of monthly fees). Credits are typically the sole and exclusive remedy for downtime.
- Exclusions: Scheduled maintenance windows, force majeure events, customer-caused issues, and third-party service outages are commonly excluded from uptime calculations.
- Termination right: For sustained underperformance (e.g., SLA breach in 3 consecutive months), the customer should have the right to terminate without penalty.
Data Processing and Security
Data provisions are increasingly the most scrutinized section of SaaS agreements, driven by GDPR, CCPA, and sector-specific regulations.
- Data ownership: The agreement should explicitly state that customer data remains the customer's property and the provider receives only a limited license to process it for the purpose of providing the service.
- Data Processing Addendum (DPA): If personal data is processed, a DPA compliant with applicable privacy law (GDPR Article 28, Standard Contractual Clauses for cross-border transfers) should be incorporated.
- Subprocessors: Customers should have the right to be notified of new subprocessors and to object within a reasonable period. Provider should maintain a current list of subprocessors.
- Data location: Specify where data will be stored and processed. Cross-border data transfers require adequate legal mechanisms.
- Security standards: Reference specific certifications (SOC 2 Type II, ISO 27001) and require annual third-party audits. Specify encryption requirements (at rest and in transit).
- Breach notification: Provider should notify customer of a security breach within a defined timeframe (24-72 hours is standard), including the nature of the breach, affected data, and remediation steps.
Termination Provisions
Termination provisions define how the relationship ends and what happens to customer data afterward.
Termination for Cause
Either party may terminate if the other commits a material breach and fails to cure within a specified period (typically 30 days for non-payment, 30-60 days for other breaches). Insolvency or bankruptcy events also typically trigger termination rights. The non-breaching party should be entitled to a pro-rata refund of prepaid fees.
Termination for Convenience
Allows a party to end the agreement without cause upon advance notice (30-90 days is typical). Customers generally prefer this right; providers may resist or include an early termination fee. If the customer has a termination for convenience right, clarify whether prepaid fees are refundable on a pro-rata basis.
Post-termination data handling: The agreement should specify a data export period (30-90 days is standard) during which the customer can retrieve its data in a standard format (CSV, JSON, database export). After the export period, the provider should certify deletion of all customer data.
Disclaimer: This template is provided for general informational and educational purposes only and does not constitute legal advice. SaaS agreements should be tailored to the specific service, industry, applicable regulations, and commercial terms of the transaction. Consult qualified legal counsel before using any template language in an actual agreement.