Negotiating your SAAS contract

Negotiating a SaaS (Software as a Service) contract is necessary to formalize the relationship between software publisher and customer.

This type of contract, often complex, must be clear and exhaustive to avoid disputes and define the responsibilities of both parties. A well-drafted SaaS contract anticipates the operational and legal needs of both parties, while offering the flexibility to adapt to changes in the software or the customer's expectations.

A well-structured contract protects the interests of both the publisher and the customer by setting out service levels (SLAs), personal data protection (particularly with regard to the RGPD), rights of use, and reversibility in the event of contract termination.

Here are the main points to watch out for when negotiating or drafting a SaaS contract, with concrete examples to help you better understand what's at stake.

1. Rights of use and licenses

When negotiating a SaaS contract, the agreement must clearly define the rights of use granted to the customer, as SaaS is based on a license model, and not on ownership.

It is important to specify:

• The type of license granted: renewable subscription, time-limited use or perpetual use.
• The number of authorized users: Limit access to personnel designated by the customer, and specify whether additional users are authorized under certain conditions, or whether charges apply. A common example: a SaaS solution authorizes 50 initial users and charges €10 per additional user per month.
• Restrictions on use: Mention whether the customer is prohibited from modifying, reselling or sublicensing the software. In some cases, it may be relevant to specify whether the customer can access SaaS via personal devices.
• License duration: Specify whether the license is temporary (in the form of a renewable subscription) or perpetual, and define the renewal or termination terms.

Please note: Restrictions must be clear enough to prevent misuse by the customer, while taking care not to impose limitations that could interfere with legitimate use of the software. Make sure the contract includes a clause specifying that any use outside the specified terms will constitute a breach of contract.

A well-structured SaaS contract protects the publisher's rights, while clearly outlining possible uses for the customer.

Case in point : My customer has integrated a software package into his agricultural equipment and wanted to limit the use of the source code to users, so as to retain control over it. I secured user access to the source code, taking care to insert safeguards against misuse of the source code, such as non-assignment of rights to the software.

Other points to consider:

• Access rights to the software environment: specify whether the customer can access the software from multiple devices or locations. Also specify whether use is restricted to certain territories (e.g., use only in France or Europe).
• Restrictions on reuse: specify that the software may not be duplicated, translated, or reconfigured for another use without written authorization. A clause of this type is often crucial to protect publishers' business models.

2. Service Level Agreement (SLA)

The SLA (Service Level Agreement) is an essential element in a SaaS contract, as it guarantees the quality and availability of the service (negotiate saas contract).

This document must specify :

• Availability rate: The SLA should include an availability commitment (e.g. 99.9% monthly availability) to ensure that customers have reliable access to the service. Also include penalties for failure to meet this level of availability, such as a partial refund of the monthly subscription. The contract may specify planned maintenance periods, during which the service may be temporarily unavailable.
• Incident response times: Define incident types (minor, major, critical) and response times for each level of severity. For example, for a critical incident impacting all users, the SLA could require a response within 30 minutes. Add concrete examples: for a minor incident, a response within 24 hours could be sufficient, whereas a major interruption requires priority resolution within 2 hours (negotiate saas contract).
• Technical support: Specify the hours of availability of technical support (e.g. 24/7 or only during working hours) and the support channels (telephone, email, online chat). Also mention whether premium support is offered and any additional costs.

Caution: A poorly defined or unrealistic SLA can lead to frustration on the part of customers and expose the publisher to litigation if the service does not meet expectations.

The SLA goes beyond standard commitments: it can also include specific guarantees to reassure customers and frame expectations on both sides.

• Penalties for non-compliance: Incorporate clear penalties if commitments are not met. For example, if the availability rate is not respected, the customer could receive a refund proportional to the period of interruption.
• Update commitments: Specify whether software updates are included in the contract. This may include corrective updates (bug fixes) and evolutionary updates (new features).
• Exclusions of liability: Identify the events that could affect availability without the publisher being held responsible: external network failure, force majeure, or non-conforming use by the customer.

Case in point: When a SaaS customer in the medical field suffered an unexpected interruption, a well-structured SLA with 4-hour repair commitments helped avoid costly litigation, while protecting the publisher's reputation.

Pleasenote: SLA clauses must be realistic; over-ambitious commitments can generate high financial risks for the publisher. Add a liability limit for financial compensation in the event of default (for example, a maximum equivalent to one month's subscription).

3. Confidentiality and data protection

Data confidentiality and security are crucial aspects in SaaS contracts, particularly since the RGPD came into force, especially in its Article 13 (negotiate saas contract).

The contract must include measures to protect data and guarantee confidentiality:

• Data protection policy: Describe data security practices, such as encryption, restricted access controls, and regular backups to prevent data loss. Also include a clause on secure data destruction at the end of the contractual relationship.
• Responsibility of each party: The contract should clarify the respective responsibilities of the publisher and the customer with regard to personal data, particularly when the customer collects data on its own users via the software. Also specify the measures the customer must take to ensure the security of the accesses he controls (e.g. strong password management).
• Data breach notification: specify the procedures and deadlines for informing the customer in the event of a data breach, usually within 72 hours, as required by the RGPD. Add an obligation for the customer to cooperate in the event of an audit or regulatory investigation.

Caution: If data protection obligations are not well defined, the publisher may incur significant penalties in the event of a security breach. You should also include a clause limiting the publisher's liability in the event of unforeseeable external attacks.

To reinforce data protection, the SaaS contract must also include :

• Security audit: Make provision for the customer to carry out or request security audits, under specific conditions. Add details on frequency (annual, semi-annual) and limits to avoid unjustified service interruptions (negotiate saas contract).
• Data location: clearly indicate where the data will be hosted (for example, in the European Union to comply with the RGPD). If subcontractors are used for hosting, list them or specify that they must comply with the same obligations as the publisher.
• Business continuity plan: Include guarantees of service continuity in the event of a serious incident, such as a cyber attack or major breakdown. Add a clause on data restitution in the event of publisher bankruptcy.

Case in point: a SaaS company hosting healthcare data had to incorporate a quarterly audit to reassure its customers about RGPD compliance and ISO 27001 security standards.

Please note: Inadequate data protection commitments may not only expose the publisher to financial penalties, but also damage its reputation. Add a clause specifying that customer data will remain accessible even in the event of termination, to facilitate migration.

4. Intellectual property

The question of intellectual property is crucial in SaaS contracts. Although the customer benefits from rights of use, the publisher generally retains intellectual property rights to the software (negotiate SaaS contracts).

The contract must clarify :

• Ownership of source code: The publisher retains full ownership of the source code, which prevents the customer from modifying or duplicating the software, in accordance with articles L122-4 and L122-6-1 of the French Intellectual Property Code. Also include a clause prohibiting reverse engineering of the software to prevent any attempt at unauthorized reproduction.
• Rights of use: the customer is granted a right of use of the software, without any right of ownership. For example, the customer may access the software for business purposes, but has no right to extract components and integrate them into another solution (negotiate saas contract).
• Content created by the customer: The customer retains ownership of the data or content he enters into the software, and can recover it in the event of termination. Please also note that such content may not be used by the publisher without express authorization.

Caution: Any ambiguity about ownership can lead to costly disputes. Include a specific clause for modules or extensions developed jointly by the customer and the publisher, to clearly define their ownership.

In some cases, customers may request modifications or adaptations to the software. The contract must provide for these situations:

• Customer improvements: If the customer participates in the development or improvement of the software, specify whether these contributions remain the property of the publisher or are shared. Add a clause providing for a non-exclusive license for the publisher on any improvements made by the customer.
• Exploitation by third parties: Specify that the customer may not make the software or its extensions available to third parties without authorization. This includes an explicit prohibition on renting, transferring or sub-licensing the software (saas contract negotiation).
• Ownership of analytical data: Define who owns the analytical data generated by software use (e.g. usage statistics, performance data). Add a clause specifying that the publisher may use this data in aggregated and anonymized form for service improvement purposes.

Case in point: One of my customers has developed an automotive software solution which he wishes to retain as the exclusive owner. By including specific clauses limiting or even prohibiting users from reproducing the software, he has ensured that he retains exclusive ownership of the intellectual property.

Pleasenote: These clauses must be drafted in such a way as to protect the publisher's business model while respecting the customer's legitimate rights. Also include a clause specifying remedies in the event of violation, such as immediate suspension of access to the software.

5. Termination and reversibility clauses

Termination and reversibility clauses are essential in a SaaS contract, especially at the end of a business relationship. They define the conditions under which the contract can be terminated and how the customer's data can be recovered (negotiate SaaS contract).

The contract must specify :

• Termination conditions: Define the grounds for termination of the contract by either party, such as a serious breach of the SLA, a breach of confidentiality, or an infringement of intellectual property rights. Also include the possibility for the customer to terminate for convenience with a defined notice period, e.g. 60 days.
• Data recovery terms: Specify how customer data will be returned at the end of the contract, in what format (e.g. CSV, XML), and within what timeframe. Add an option for the customer to request migration assistance, for a reasonable fee.

Please note: A well-written reversibility clause is crucial to avoid disputes in the event of contract termination, and to guarantee the customer access to his data. Mention also whether any charges apply for the secure recovery or destruction of data after termination.

Reversibility is a central issue for customers when they wish to change supplier or terminate their contract. The contract must also provide for :

• Data retention period after termination: Specify whether the customer's data will be kept temporarily after termination to enable him to migrate, and how long before it is permanently deleted. A standard period is 30 to 90 days.
• Reversibility fees: Mention whether specific fees apply for data return or migration. Also include a clause stating that these fees must be communicated to the customer at the outset of the contract.
• Continued access before effective termination: Guarantee that the customer retains full access to his data until the effective termination date, except in the event of gross negligence on his part.

Case in point: A SaaS customer wishing to migrate to another solution was able to retrieve all his data in a standard format (CSV) thanks to a clear reversibility clause, enabling him to make a smooth transition without service interruption.

Point of attention: Include a clause prohibiting the customer from withholding remaining payments as leverage to accelerate or influence reversibility. Include a reference to the obligation of both parties to cooperate during the migration process.

6. Liability and limitation of liability

Limitation of liability is a key point in the SaaS contract, protecting the publisher from costly claims while keeping the customer's expectations in check (negotiate saas contract).

The contract must include :

• Exclusions of liability: Specify situations in which the publisher is not liable, such as in the event of misuse of the software by the customer, interruption due to external causes (network failures, force majeure), or cyber-attacks. Also include a statement on limited liability in the event of use not in accordance with the terms of the contract.
• Limitation of damages: Indicate a liability cap to limit financial claims (for example, to the amount of the annual or quarterly subscription). This clause may include an exclusion for consequential damages, such as loss of profits or data.
• Indemnity obligations: Include indemnity clauses to protect the publisher against third-party lawsuits, particularly in the event of infringement of the software's intellectual property rights.

Attention point: A well-drafted limitation of liability clause is essential to avoid costly and unforeseen litigation. Include a section detailing the remedies available to the customer in the event of serious breach by the publisher, such as limited compensation or early termination without charge.

To reinforce the protection of both parties and avoid abuse, the contract may also include :

• Force majeure clauses: Specify that the publisher will not be held liable in the event of unforeseeable, external events, such as natural disasters or global Internet network breakdowns. Add an obligation for the publisher to notify the customer promptly in the event of force majeure affecting the service.
• Data-specific limits: define responsibilities in the event of data breaches: is the publisher liable only in the event of proven fault (e.g. negligence in security)? Mention that the customer must also take steps to protect access and data.
• Professional liability insurance: Include a statement to the effect that the publisher has insurance covering the risks associated with the SaaS contract. This can reassure customers about the publisher's financial capacity to deal with claims.

Case in point: When a customer claimed financial compensation for a loss of sales due to a temporary breakdown, a limitation of liability clause of up to one month's subscription enabled the publisher to limit the financial loss while offering an acceptable remedy for the customer.

Caution: These clauses must be balanced to protect the publisher without appearing too restrictive for the customer. Add a specific clause for situations where the customer has contributed to the incident (e.g. misconfiguration of SaaS access).