Free SaaS Agreement Template

Last updated 15 February 2026 Reviewed by SEQ Legal Editorial Team

Free SaaS agreement template for cloud and hosted services. Covers service levels, data protection, intellectual property, limitations of liability, and termination provisions.

No signup required 100% free to use Instant download Customisable jurisdiction

Quick customise

Fill in your details and the template updates in real time.

Company name

Website URL

Jurisdiction

Select the state or region where your business is registered. Governing law clauses must specify a particular jurisdiction, not just a country.

Your Template Document

SaaS Subscription Agreement

Date: [Date]

Parties:

(1) [Insert your company/business name], a [company incorporated in England and Wales] under company number [Company Number], whose registered office is at [Registered Address] (the "Provider"); and

(2) [Customer Full Legal Name], a [company incorporated in England and Wales] under company number [Company Number], whose registered office is at [Registered Address] (the "Customer"),

together referred to as the "Parties" and each a "Party".

1. Definitions and interpretation

1.1 In this Agreement, except where the context otherwise requires, the following expressions have the following meanings:

1.2 "Authorised Users" means those employees, agents, and independent contractors of the Customer who are authorised by the Customer to use the Service, as further described in the Order Form.

1.3 "Business Day" means any day which is not a Saturday, Sunday, or public holiday in England and Wales.

1.4 "Confidential Information" means all information of a confidential nature disclosed by one Party to the other, whether disclosed in writing, orally, visually, or by any other means.

1.5 "Customer Data" means all data, information, and materials submitted by or on behalf of the Customer or its Authorised Users to the Service, or collected and processed by the Service on behalf of the Customer.

1.6 "Documentation" means the user manuals, online help, and other documentation for the Service made available by the Provider.

1.7 "Fees" means the subscription fees payable by the Customer for the Service as set out in the Order Form.

1.8 "Initial Subscription Term" means the initial term of [number] [months / years] commencing on the Effective Date.

1.9 "Order Form" means the order form completed by the Customer and accepted by the Provider, specifying the Service, Fees, number of Authorised Users, and other commercial terms.

1.10 "Personal Data", "Data Controller", "Data Processor", "Data Subject", "processing", and "appropriate technical and organisational measures" shall have the meanings given to them in the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1.11 "Renewal Period" means each successive period of [number] [months / years] following the Initial Subscription Term.

1.12 "Service" means the [name / description of the SaaS application] provided by the Provider as described in the Order Form and the Documentation.

1.13 "Service Level Agreement" or "SLA" has the meaning given in clause 7.

2. The Service

2.1 The Provider shall make the Service available to the Customer and its Authorised Users during the Subscription Term in accordance with this Agreement and the Order Form.

2.2 The Provider shall use commercially reasonable endeavours to make the Service available 24 hours a day, 7 days a week, except for planned maintenance (of which the Provider shall give the Customer at least [number] Business Days' prior notice) and unscheduled maintenance.

2.3 The Provider reserves the right to modify the Service from time to time, provided that such modifications do not materially reduce the functionality of the Service.

3. Account registration

3.1 The Customer shall provide accurate, current, and complete information during the registration process and shall keep such information updated.

3.2 The Customer is responsible for maintaining the confidentiality of its account credentials and for all activities that occur under its account.

3.3 The Customer shall promptly notify the Provider of any unauthorised use of its account or any other breach of security.

3.4 The Customer shall not permit any person other than an Authorised User to access or use the Service.

4. Licence grant

4.1 Subject to the Customer's compliance with this Agreement and payment of the Fees, the Provider grants to the Customer a non-exclusive, non-transferable, non-sublicensable licence during the Subscription Term to permit the Authorised Users to access and use the Service and the Documentation solely for the Customer's internal business purposes.

4.2 The licence granted under clause 4.1 is limited to the number of Authorised Users specified in the Order Form. The Customer may add additional Authorised Users by executing a further Order Form and paying the applicable additional Fees.

5. Restrictions

5.1 The Customer shall not, and shall ensure that its Authorised Users do not:

(a) access, store, distribute, or transmit any viruses, malware, or any material that is unlawful, harmful, threatening, defamatory, obscene, or otherwise objectionable during the course of its use of the Service;

(b) use the Service in any way that could damage, disable, overburden, or impair the Service or interfere with any other party's use of the Service;

(d) copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Service or Documentation in any form or media;

(e) reverse engineer, disassemble, decompile, translate, or otherwise attempt to derive the source code of the Service, except to the extent expressly permitted by applicable law;

(f) access the Service for the purpose of building a competitive product or service or for benchmarking purposes;

(g) licence, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit the Service or make the Service available to any third party; or

(h) use the Service in breach of any applicable law, regulation, or third-party right.

6. Support

6.1 The Provider shall provide the Customer with [basic / standard / premium] support services during [Business Hours: 9:00 to 17:00 GMT, Monday to Friday / 24/7], including:

(a) a helpdesk facility accessible by [email at [Support Email] / telephone at [Support Phone] / online ticketing system at [Support URL]];

(b) responses to support requests within [number] Business Hours of receipt; and

7. Service levels

7.1 The Provider shall use commercially reasonable endeavours to ensure that the Service achieves an uptime percentage of at least [99.9]% during each calendar month (the "Uptime Commitment"), measured as: ((total minutes in the month minus Downtime minutes) / total minutes in the month) x 100.

7.2 "Downtime" means any period during which the Service is not available, excluding: (a) planned maintenance notified in advance; (b) downtime caused by the Customer's systems, networks, or equipment; (c) force majeure events; and (d) suspension of the Service in accordance with this Agreement.

7.3 If the Provider fails to meet the Uptime Commitment in any calendar month, the Customer shall be entitled to a service credit equal to [percentage]% of the monthly Fees for each [1]% (or part thereof) by which the uptime falls below the Uptime Commitment, up to a maximum credit of [percentage]% of the monthly Fees (the "Service Credit").

7.4 Service Credits shall be applied against the next invoice and shall be the Customer's sole and exclusive remedy for any failure by the Provider to meet the Uptime Commitment.

8. Fees and payment

8.1 The Customer shall pay the Fees as set out in the Order Form. Unless otherwise specified, Fees are payable [monthly / quarterly / annually] in advance.

8.2 All Fees are exclusive of VAT, which shall be payable by the Customer at the prevailing rate.

8.3 The Customer shall pay each invoice within [number] days of the date of the invoice to the bank account nominated by the Provider.

8.4 If the Customer fails to make any payment due under this Agreement by the due date, the Provider may, without limiting its other rights and remedies: (a) charge interest on the overdue amount at the rate of [number]% per annum above the base rate of the Bank of England from time to time, accruing daily from the due date until payment is made; and (b) suspend access to the Service until all overdue amounts have been paid in full.

8.5 The Provider may increase the Fees at the start of each Renewal Period by giving the Customer not less than [number] days' prior written notice, provided that the increase does not exceed [the percentage increase in the Retail Price Index / Consumer Price Index over the preceding 12 months / [number]%].

9. Data protection

9.1 The Parties acknowledge that for the purposes of the UK GDPR and the Data Protection Act 2018, the Customer is the Data Controller and the Provider is the Data Processor in respect of any Personal Data processed by the Provider on behalf of the Customer in connection with the Service.

9.2 The Provider shall process Personal Data only in accordance with the Customer's documented instructions, unless required to do so by applicable law, in which case the Provider shall (to the extent permitted by law) inform the Customer of that legal requirement before carrying out the processing.

9.3 The Provider shall:

(a) ensure that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;

(b) implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the UK GDPR;

(c) not engage another processor (sub-processor) without prior specific or general written authorisation of the Customer. In the case of general written authorisation, the Provider shall inform the Customer of any intended changes concerning the addition or replacement of sub-processors, thereby giving the Customer the opportunity to object to such changes;

(d) taking into account the nature of the processing, assist the Customer by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Customer's obligation to respond to requests for exercising Data Subjects' rights;

(e) assist the Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the UK GDPR, taking into account the nature of processing and the information available to the Provider;

(f) at the choice of the Customer, delete or return all the Personal Data to the Customer after the end of the provision of the Service, and delete existing copies unless applicable law requires storage of the Personal Data;

(g) make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the UK GDPR and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer; and

(h) immediately inform the Customer if, in the Provider's opinion, an instruction from the Customer infringes the UK GDPR or other applicable data protection legislation.

9.4 The Provider shall notify the Customer without undue delay after becoming aware of a personal data breach affecting the Customer's Personal Data.

10. Customer Data

10.1 The Customer shall own all right, title, and interest in and to the Customer Data.

10.2 The Customer grants the Provider a non-exclusive, royalty-free licence to use, copy, store, transmit, display, and process the Customer Data solely to the extent necessary to provide the Service and fulfil the Provider's obligations under this Agreement.

10.3 The Provider shall implement and maintain appropriate technical and organisational measures to protect the Customer Data against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

10.4 The Provider shall maintain regular backups of the Customer Data and shall make such backups available to the Customer upon reasonable request.

11. Intellectual property

11.1 The Provider (or its licensors) shall retain all intellectual property rights in the Service, the Documentation, and any software, technology, or materials provided in connection with the Service.

11.2 Nothing in this Agreement shall operate to transfer any intellectual property rights from one Party to the other.

11.3 The Customer (or its licensors) shall retain all intellectual property rights in the Customer Data.

12. Confidentiality

12.1 Each Party shall keep confidential all Confidential Information of the other Party and shall not disclose such Confidential Information to any third party without the prior written consent of the other Party, except: (a) to its employees, officers, agents, and professional advisers who need to know such information for the purposes of this Agreement, provided that such persons are bound by obligations of confidentiality no less onerous than those set out in this clause; (b) as required by law, regulation, or order of a court or governmental authority; or (c) information that is or becomes publicly available otherwise than through breach of this Agreement.

12.2 The obligations of confidentiality shall survive the termination or expiry of this Agreement for a period of [number] years.

13. Warranties

13.1 The Provider warrants that:

(a) the Service will be provided with reasonable care and skill and substantially in accordance with the Documentation;

(b) it has the right and authority to enter into this Agreement and to grant the licence under clause 4;

(d) it will comply with all applicable laws and regulations in the performance of its obligations under this Agreement.

13.2 The Customer warrants that it has the right and authority to enter into this Agreement and to provide the Customer Data to the Provider for processing in connection with the Service.

13.3 Except as expressly set out in this Agreement, all warranties, conditions, representations, and terms, whether express or implied by statute, common law, or otherwise, are excluded to the fullest extent permitted by law.

14. Limitation of liability

14.1 Nothing in this Agreement shall limit or exclude either Party's liability for: (a) death or personal injury caused by its negligence; (b) fraud or fraudulent misrepresentation; (c) any breach of the terms implied by section 2 of the Supply of Goods and Services Act 1982 (title and quiet possession); or (d) any other liability which cannot be limited or excluded by applicable law.

14.2 Subject to clause 14.1, neither Party shall be liable to the other Party, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, for any: (a) loss of profits; (b) loss of sales or business; (c) loss of agreements or contracts; (d) loss of anticipated savings; (e) loss of use or corruption of software, data, or information; (f) loss of or damage to goodwill; or (g) any indirect or consequential loss, arising under or in connection with this Agreement.

14.3 Subject to clause 14.1, the total aggregate liability of either Party to the other Party, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, arising under or in connection with this Agreement shall be limited to [the total Fees paid and payable by the Customer in the [12]-month period immediately preceding the event giving rise to the claim / [amount]].

15. Indemnification

15.1 The Provider shall indemnify, defend, and hold harmless the Customer against all claims, actions, proceedings, losses, damages, expenses, and costs (including court costs and reasonable legal fees) arising out of or in connection with any claim that the Customer's use of the Service in accordance with this Agreement infringes the intellectual property rights of any third party.

15.2 The Customer shall indemnify, defend, and hold harmless the Provider against all claims, actions, proceedings, losses, damages, expenses, and costs (including court costs and reasonable legal fees) arising out of or in connection with: (a) any breach by the Customer of this Agreement; or (b) any claim that the Customer Data infringes the intellectual property rights of any third party.

16. Term and termination

16.1 This Agreement shall commence on the Effective Date and shall continue for the Initial Subscription Term, and thereafter shall automatically renew for successive Renewal Periods, unless either Party gives the other Party written notice of termination not less than [number] days before the end of the Initial Subscription Term or the then-current Renewal Period.

16.2 Either Party may terminate this Agreement immediately by giving written notice to the other Party if:

(a) the other Party commits a material breach of this Agreement which (if remediable) is not remedied within [number] days of receiving written notice requiring it to be remedied;

(b) the other Party becomes insolvent, enters administration, goes into liquidation, makes an arrangement or composition with its creditors, or has a receiver, manager, or administrative receiver appointed over its assets; or

16.3 The Provider may terminate this Agreement immediately by giving written notice if the Customer fails to pay any amount due under this Agreement within [number] days of the due date for payment.

17. Effects of termination

17.1 Upon termination or expiry of this Agreement:

(a) all rights and licences granted to the Customer under this Agreement shall immediately terminate;

(b) the Customer shall immediately cease all use of the Service;

(c) the Provider shall, at the Customer's option and request (made within [number] days of termination), either return or delete all Customer Data in its possession or control, except to the extent that applicable law requires the Provider to retain any such data; and

(d) any provision of this Agreement that expressly or by implication is intended to come into or continue in force on or after termination shall remain in full force and effect, including clauses [list surviving clauses, e.g., 9, 10, 11, 12, 13, 14, 15, 17, 19, 20].

17.2 Termination or expiry of this Agreement shall not affect any rights, remedies, obligations, or liabilities of the Parties that have accrued up to the date of termination or expiry.

18. Force majeure

18.1 Neither Party shall be in breach of this Agreement nor liable for any failure or delay in performing its obligations under this Agreement (other than obligations to make payment) if such failure or delay results from a Force Majeure Event.

18.2 "Force Majeure Event" means any circumstance not within a Party's reasonable control, including but not limited to acts of God, fire, flood, earthquake, epidemic, pandemic, war, terrorism, civil unrest, labour disputes, governmental actions, power failures, internet or telecommunications failures, or denial-of-service attacks.

18.3 If a Force Majeure Event prevents a Party from performing its obligations for a continuous period of more than [number] days, the other Party may terminate this Agreement by giving [number] days' written notice.

19. Entire agreement

19.1 This Agreement (together with the Order Form and any documents referred to in it) constitutes the entire agreement between the Parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations, and understandings between them, whether written or oral, relating to its subject matter.

19.2 Each Party acknowledges that in entering into this Agreement it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance, or warranty that is not set out in this Agreement.

20. General provisions

20.1 Assignment: The Customer shall not assign, transfer, charge, sub-contract, or deal in any other manner with all or any of its rights or obligations under this Agreement without the prior written consent of the Provider. The Provider may assign or transfer this Agreement to any of its group companies or to a successor in business.

20.2 Variation: No variation of this Agreement shall be effective unless it is in writing and signed by or on behalf of each of the Parties.

20.3 Waiver: No failure or delay by a Party to exercise any right or remedy provided under this Agreement or by law shall constitute a waiver of that or any other right or remedy.

20.4 Severability: If any provision of this Agreement is or becomes invalid, illegal, or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal, and enforceable.

20.5 Third party rights: A person who is not a party to this Agreement shall not have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this Agreement.

20.6 Notices: Any notice given to a Party under or in connection with this Agreement shall be in writing and shall be delivered by hand, by pre-paid first-class post, or by email to the addresses specified in the Order Form.

21. Law and jurisdiction

21.1 This Agreement and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the law of [England and Wales].

21.2 Each Party irrevocably agrees that the courts of [England and Wales] shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with this Agreement or its subject matter or formation.

Signatures

Signed for and on behalf of [Insert your company/business name]:

Signature: ___________________________

Name: [Signatory Name]

Title: [Signatory Title]

Date: [Date]

Signed for and on behalf of [Customer Full Legal Name]:

Signature: ___________________________

Name: [Signatory Name]

Title: [Signatory Title]

Date: [Date]

This document was created using a free template from SEQ Legal.

This template is provided for general information purposes only and does not constitute legal advice. You should adapt it to suit your specific circumstances. Consider seeking professional legal advice before relying upon this document.

What’s in this SaaS agreement?

The fundamental obligation of the provider under the SaaS agreement is to make its software accessible to the customer via the internet as a service. The customer is granted a licence to use that software, subject to a set of restrictions and prohibitions that can be tweaked for each individual case.

The provider may also be obliged to provide support services, and to ensure that it complies with certain requirements in relation to the maintenance of the software (for example, notice requirements).

The data supplied by the customer are the property of the customer and, insofar as such data are personal data, are subject to a standard UK GDPR-friendly data processing clause. The customer data may be specified to be confidential.

In consideration for the undertaking to provide the services, the customer agrees to pay to the provider the relevant charges and to ensure that the customer data will not create any liabilities on the part of the service provider.

What legal documents do I need for my SaaS or cloud service?

There are five main classes of document you should consider:

terms of service;
privacy policies;
terms and conditions of website use;
end user documents; and
intra-customer and intra-user documents.

First, you need terms of service – although they might be called something else. They might be called the “user agreement” or the “cloud service contract” or something different entirely. This SaaS agreement, our SaaS terms and conditions and our cloud services terms and conditions are all examples of terms of service documents. Whatever the document is called, its function is to regulate the legal relationship between a service provider and its customers. The terms of service will contain provisions covering the core services obligation, the payment of charges, the term of the contract and its termination, the parties’ liability to one another, and so on. In some cases, the terms of service will be supplemented by additional subject-matter specific documents, such as data processing agreements and service level agreements.

Second, you are likely to need a privacy policy. Privacy policies are used by organisations acting as data controllers to make disclosures to data subjects relating to the handling of personal data. Even if you are a processor with respect to much of the personal data in your database, you are likely to be a controller in some respects. For instance, you would usually be a controller of personal data in your customer relationship management system. See our free privacy policy for more.

Third, if your website is not coterminous with your service, you will need terms and conditions to cover the use of the website. See our free website terms and conditions for more.

Fourth, for many B2B services and for some B2C services, there may be users of the service who are not your customers and therefore not directly bound by the terms of service. In these cases, you may want to introduce additional documents which are binding upon both customers and non-customer users. Examples of this type of document include end user licence agreements and acceptable use policies.

Fifth, a minority of SaaS and cloud services allow users to create contractual relationships with others – for example marketplaces for services, physical goods or digital goods. In some cases, it may be advantageous to provide standard documentation to govern these relationships. The documentation can be provided as mandatory or default documentation. In all cases, you should carefully circumscribe your liability in relation to the provision of any such documentation: you are not acting as your customers’ lawyer.

Who should prepare my SaaS or cloud agreement?

While we publish a range of legal templates, we think that there are many circumstances where you should use a lawyer rather than a template legal document.

In one sense a template isn’t a substitute for a lawyer. Lawyers also work from precedents. By opting to use a template, you are taking on the lawyer’s role.

Before using a template, businesses should ask themselves: is the use of a lawyer commercially justified?

Deciding whether it makes commercial sense will involve balancing risks and costs. Ask yourself the following questions.

What are the risks associated with this contract?
To what extent would a good lawyer help me to mitigate those risks?
Do I have access to a lawyer with the right experience?
Do I have access to appropriate templates?
Will a lawyer help smooth the contracting process?
What legal fees will I have to pay?
How much time would it take me to prepare the document?

Only by considering these and other relevant factors will you be able to make a sensible assessment.

If you do decide to use a template, you should keep that decision under review. For example, it might make commercial sense to use a template for a new and untested service. However, if the service starts making significant amounts of money, you should engage a lawyer to review, advise on and update the document.

How should I go about choosing a template document?

Once you have decided to use a template for your cloud service or SaaS contract, you need to decide which template. There are three main aspects to suitability: execution style, structure and content.

Execution style: will your document be agreed online or offline or both? How, specifically, will it be executed or agreed? Our SaaS agreement documents (including this free template) assume offline agreement, whereas our SaaS terms and conditions documents are agnostic, allowing for both online and offline agreement via a services order form. Our cloud services terms and conditions assume there will be an online sign-up process.

Structure: will your document create a single contract with each customer, or could there be multiple contracts? In the case of a single contract, are different elements of the services independently terminable?

Content: what is actually covered by your document? The types of clauses you might find in a long-form SaaS contract are listed below. Ensure that the template you choose covers all or most of the necessary subjects.

Definitions of special terms
Contract term and termination
Set up / configuration services
Development services
Hosted / cloud services
Support and maintenance
Service levels
Acceptance procedure
Acceptable use
Customer obligations, data and systems
Mobile applications and other installed software
Representatives, management and change control
Charges, expenses, timesheets and payment processes
Confidentiality and publicity
Data protection
Warranties and indemnities
Limitations of liability
Insurance requirements
Force majeure
Effects of contract termination
Export restrictions
Anti-corruption
Non-solicitation / non-compete
Contractual notices
Subcontracting
Assignment, waivers, severability, third party rights, entire agreement
Law and jurisdiction
Alternative dispute resolution

How is liability limited in SaaS / cloud terms of service?

The essence of cloud services is efficiency through standardisation: all customers using a single instance of an application, with uniform support and maintenance arrangements. This standardisation is reflected in the contractual sphere by the use of non-negotiable terms of service. Where terms of service are non-negotiable, they will usually say a good deal about the protection of the interests of the services provider, and relatively little about the protection of the interests of customers.

However, if you run a small services provider selling to enterprise customers, you will know that even if an enterprise customer’s procurement team are interested in purchasing a standard product, their legal team may be unwilling to accept standard legal documents. They will give particular attention to the provisions of your terms and conditions dealing with liability.

In this category – liability provisions – A well-drafted SaaS agreement would typically include the following.

Warranties, which assert that particular facts are true, and if proven false may ground a claim for damages. For example, a services provider may warrant that its software does not infringe any person’s intellectual property rights.
Limits of liability, which seek to reduce the amount of a claim in the event of a breach of warranty or another breach of contract. These may restrict recovery of particular types of loss (for instance, reputational damage) or losses arising from a particular cause (for instance, losses caused by third party services providers). In addition, they may apply one or more caps to the amounts which may be claimed. Commonly, such caps are set by reference to charges under the contract and/or available insurance coverage.
Indemnities, which seek to extend the indemnifier’s liability beyond that arising out of a breach of contract. For example, a services provider may be asked to indemnify the customer in relation to any allegations and claims that software infringes intellectual property rights, whether or not it does in fact infringe. The indemnifier will often seek control of any claims as a quid pro quo for this type of indemnity.

We publish a range of SaaS and hosted services contracts.

The SaaS agreements are designed to be used in situations where the parties will sign the documents. In many cases, however, a SaaS contract may be entered into by the parties agreeing a services order form, whether online or offline. In those cases, the “terms and conditions” versions of the SaaS documents will be more suitable.

Where do service level agreements fit in?

A service level agreement (SLA) or service level schedule may specify:

particular measurable standards which services should meet;
means of measuring whether the standards have been met;
exceptional circumstances where a failure to meet the standards does not constitute a breach of the service level commitment; and
the consequences of a failure to meet the standards, often involving the payment of service credits.

In the SaaS / cloud context, service levels will usually relate to the availability of the service. They may also relate to support query response and/or resolution times.

SLAs are commonly used for B2B services, but rarely used for B2C services.

SLAs can be used as shields for services providers rather than swords for customers. It’s not uncommon to see weak service level commitments, full of exceptions, backed by derisory service credit offers. Accordingly, customers should take no comfort from the existence of an SLA – it all depends upon content.

Our standard and premium SaaS agreements and terms and conditions include SLAs covering availability and support.

Do I need a separate data processing agreement?

If you provide a B2B SaaS or cloud service, and the provision of that service involves the collection, storage or other processing of personal data, then you will likely be a data processor with respect to some of that personal data.

If you are a data processor, then both you and your controller have an obligation under the UK GDPR to enter into a written agreement concerning the ways in which you handle the personal data. That written agreement must comply with the specific, often awkward, requirements of Article 28 of the UK GDPR.

A SaaS or cloud services agreement should include data processing clauses meeting these requirements. All of our SaaS agreements, SaaS terms and conditions and cloud services terms and conditions include appropriate clauses.

There’s no legal requirement that the data processing clauses are in the same document as the main services provisions, however, and many services providers do use separate data processing agreements. Good reasons for doing so are: (a) only some of your customer processing is subject to the UK GDPR, but you want to use the same services terms and conditions for all customers; (b) it will be difficult to negotiate new legal terms and conditions with existing customers, but you need to introduce data processing clauses into their contracts.

How should I handle termination of the SaaS agreement?

The pure SaaS / cloud model is easy come, easy go. Customers can usually terminate on short notice periods. Where charges are paid in advance, customers may be permitted to terminate at any time – although without any refund. Where payment is in arrears, a notice period of 30 days or so is typical. Termination rights may be aligned with billing periods to avoid the need to calculate partial charges.

If, however, you are dealing with enterprise customers, the costs of negotiating and entering into a contract may represent a significant up-front investment. Moreover, enterprise customers are more likely to require set-up, configuration, training and/or custom development services before using your application. Whatever the nature of the up-front investment, if you are not being directly remunerated for this you and are intending to cover your costs through subscription charges, you may need to insist upon a contractual minimum term. For instance, customers may be prohibited from terminating in the first 12 months of the contract.

SaaS and cloud service providers should ensure that they also have rights to exit contracts for convenience, even if they never plan to exercise these rights.

You should also consider rights of termination that apply where one of the parties is in default, for instance, if:

the customer fails to pay the charges;
the services provider fails to provide the service or meet the agreed service levels;
either party becomes insolvent.

In addition to rights of termination, you should also say something about the effects of termination. The key questions here revolve around customer data. Will the customer be able to download all its data from the platform? Does the services provider have an obligation to provide the data to the customer? If so, when and how? And at what point must the services provider delete the customer data from its live and back-up databases? (If the database contains personal data, and the services provider is a processor of that personal data, it will need to be deleted after the completion of the services to comply with the UK GDPR.)

You may also need

Download a free privacy policy template for your website. Covers data collection, cookies, user rights, retention, and international transfers. GDPR compliant. No signup required.

Software support agreement

Free software support agreement template. Covers support services, response times, service levels, and maintenance obligations.

Frequently asked questions

What is the difference between a SaaS agreement and a software licence?

A SaaS agreement governs access to software hosted and maintained by the provider, typically on a subscription basis. A software licence agreement grants the right to install and use software on the customer's own systems. The key distinction is where the software runs and who is responsible for its infrastructure and maintenance.

What should a SaaS agreement cover?

A comprehensive SaaS agreement should address service description and scope, subscription fees and payment terms, service levels and availability, data protection and security, intellectual property ownership, limitation of liability, term and termination, and data portability on exit.

Do I need a separate data processing agreement with my SaaS provider?

If your SaaS provider processes personal data on your behalf, the GDPR requires a data processing agreement (DPA) to be in place. Some SaaS agreements incorporate data processing terms directly, while others reference a separate DPA. Either approach can satisfy the legal requirement.