What is a SaaS Agreement?

This post was updated in October 2024 for accuracy and relevance.

A SaaS agreement is a formal contract between a customer and a Software-as-a-Service provider that sets forth the terms and conditions of using the provider’s software. SaaS agreements are tailored specifically for the SaaS delivery model, where the provider typically hosts the software on their own servers or cloud and the customer accesses it via a web browser.

If your eyes are starting to glaze over, we get it. Most of us would agree that “reading the fine print” in every contract isn’t something we always have the time or enthusiasm to do. 

But knowing what’s in every SaaS agreement is vital for protecting both you and your vendors from negative outcomes, such as unclear payment obligations, lack of service level agreements, poor data and legal protections, ambiguous ownership of intellectual property rights, or lack of dispute resolution. 

In this article, we’ll explore why SaaS agreements are important, when you need one, the most important clauses, and how to manage your SaaS agreements at scale. 

SaaS agreements vs. licensing agreements

The delivery model of the software you buy will impact the type of agreements you enter into with your software vendors. While SaaS and licensing agreements seem similar, there are crucial differences you should know:

1. Delivery model: SaaS agreements cover the delivery of software over the Internet. Licensing agreements generally refer to the delivery of software as a downloadable package or an on-premise implementation.
2. Ownership: In a SaaS agreement, the provider owns the software and grants customers limited rights to access and use the software based on the terms of the contract. A licensing agreement will generally grant ownership of the software to the customer, who can then modify and transfer ownership in accordance with the licensing terms. The customer is also usually responsible for maintenance and security in an on-premise model. 
3. Payment structure: SaaS agreements are often structured as subscriptions, where the customer pays a recurring fee at an agreed-upon interval, such as monthly, quarterly, or yearly. The cost of the subscription can depend on many factors, such as seats/users, add-ons, integrations, etc. Licensing agreements are usually structured as a one-time upfront payment for the license, with additional costs for implementation and optional maintenance. 

Why SaaS Agreements are important: avoiding risks

SaaS agreements are the handshake deal that helps everyone get what they need. They provide clarity around terms and conditions that ensure both parties meet their ends of the agreement and provide a structure for a strong partnership. Here are some of the key reasons why SaaS agreements are critical.

Protecting personal and customer data

SaaS agreements define the data protection policies the vendor will adhere to and lay out all of the ways they’ll secure company, customer, and employee data. As security comes more into focus for enterprises, understanding if potential vendors meet critical compliance standards is one of the most important things to figure out before signing a contract.

Data ownership

The concept of data ownership refers to who has the legal right to access, manipulate, and use the data generated by a customer’s use of a SaaS product. In the SaaS world, the provider owns the software and infrastructure, while the customer provides/generates data within the software. Who actually owns that data must be put forth in an agreement.

If you’re inputting customer or business data into a SaaS solution, it’s critical your agreement with the provider firms up details like

• Who owns the data
• Who can access the data
• How the data will be used by the provider
• How the data will be protected and backed up
• Who is liable for data loss

Having a formal agreement around data ownership ensures you can meet compliance standards and maintain customer trust. 

Service Level Agreements

SLAs define the level of service a customer can expect from a SaaS provider, as well as the penalties the provider will incur if it fails to meet the SLA. 

You rely on the tools you use to run your business, so getting SLAs for service availability, performance metrics, customer support (response times, availability of tech support services), maintenance and upgrades, and remedies for failure to maintain the SLA is vital. Without a mechanism to hold your providers accountable, you may have key processes interrupted by poor service. 

When you need a SaaS agreement

Any time your employees sign up for a SaaS product, you’ve entered into an agreement—even if you haven’t actually negotiated or signed a contract. It’s not a matter of when—that ship’s already sailed. It’s a matter of which agreements you know about and which ones you don’t.

Many SaaS products offer individual or small team tiers that can be purchased with a credit card. Consider tools like Calendly, Trello, or Airtable. Anyone can sign up and use those platforms for years and never even talk to a sales rep. 

But even then, those self-serve models come with terms and conditions that a user has to agree to before they can access the service. It doesn’t matter if they read through them in-depth or not (and let’s be serious—most people just check the box that says they read the T&C and move on as quickly as possible).

All of those platforms have Team and Enterprise tiers that do require contracts and formal agreements, but the fact is that any time you adopt a tool or an individual employee signs up for something, there’s an agreement. 

The problem is that when you have rogue users creating software sprawl with multiple individual accounts, you have little/no visibility into what those agreements actually say. You don’t know how your or your customers’ data is being stored or handled. You don’t know who has the login credentials. You don’t know what you’re paying for and how often. 

Research shows that the average company overpays for software by as much as 30%. 

Types of SaaS agreements

Most SaaS agreements you enter will fall into one of two categories:

1. Per user agreements

Per user agreements outline how many users—or “seats”—you can have in the solution before you reach the contractual limit. If you reach or exceed the limit, your agreement may require you to pay to add additional users. 

2. Usage-based (consumption-based) agreements

Usage-based agreements lay out how much you can use the software during a given period. For example, you might be able to run a certain number of reports, export a certain amount of data, or track a certain number of events per month. 

Many SaaS agreements offer components of both models. It’s important to understand how consumption and number of users impact your agreement before signing.

Common Risks in SaaS Agreements

Vendor Lock-in

‍Vendor lock-in is one of the most significant risks businesses face with SaaS agreements. When tied to a single provider, it can limit flexibility and increase dependency on that vendor's services and pricing. If the provider increases prices or reduces service quality, businesses may find it challenging to switch to a different vendor due to the high costs or technical complexities of transitioning.

It's essential to address this risk by ensuring the contract includes terms that allow for flexibility, such as the ability to scale services up or down, as well as exit clauses that minimize disruption to operations.

Data Portability

‍A key concern in SaaS agreements is what happens to your data when switching vendors or terminating the contract. Data portability refers to the ability to transfer your data from one system to another without significant hassle. If data portability isn't addressed in the agreement, businesses might face difficulties in accessing or exporting their data, leading to potential operational disruptions. The contract should specify how and in what format your data will be made available to you upon exit, ensuring that there are no restrictions or added fees for migrating data to a new platform.

Downtime and Service Interruptions

‍Reliability is critical for any SaaS product. Downtime or service interruptions can lead to operational inefficiencies, lost revenue, or even legal and regulatory violations. Ensure the agreement contains explicit terms about uptime guarantees, typically captured in the Service Level Agreement (SLA).

These terms should define what constitutes acceptable downtime and how the provider compensates for significant outages. It's also crucial to clarify response times and support options during service interruptions to mitigate any adverse effects on your business.

Hidden Fees and Charges

‍Another common risk in SaaS agreements is the possibility of hidden fees or additional charges. These may appear in the form of increased subscription costs after initial contracts, additional fees for premium features, or charges for data storage beyond a certain threshold.

To avoid surprises, it's essential to fully understand the pricing structure and identify any potential for cost increases over time. Ensure transparency in the pricing model and seek to negotiate caps on price increases, especially for long-term agreements.

Security Breaches

‍With increasing cyber threats, security is a paramount concern in any SaaS agreement. The contract should detail how the vendor protects your data, including encryption standards, security protocols, and compliance with data protection regulations (e.g., GDPR or CCPA). Moreover, the agreement should clarify the provider’s responsibility in the event of a security breach, including timelines for notification, mitigation actions, and liability for any damages caused. Understanding the vendor’s approach to security, their history of breaches, and how they address incidents is critical to safeguarding your data.

The most important clauses in a SaaS contract

Arguably the most important task in contract negotiation is going through the agreement clause-by-clause to ensure your company gets the value it expects while putting safeguards in place for security and breaches of contract. 

While every SaaS contract will be different, there are some common clauses to watch out for. Here are some of the most important ones:

• Data ownership: Is it clear who actually owns the data you upload into the software?
• Liability: What liabilities does the SaaS provider accept, and what do they deny? Is there a cap for damages? This may also be listed as indemnification and arbitration. Essentially, to what extent will both parties be responsible for breach of contract?
• Seats/users permitted: Does the agreement include the number of users agreed upon in negotiations?
• Payment schedule: Is the pricing and schedule of payments outlined correctly?
• Term and renewal: Does the agreement lay out the subscription period, the means you have to cancel or alter the subscription, penalties for early cancellation, or auto-renewal language?
• Support: Are there guarantees for the level of support you’re entitled to? Look for specifics like response time and access to a dedicated rep if one is included in the contract.
• Data security: How often is data backed up? What kinds of protection are offered? What will happen to your data in the event of a breach or if the vendor shuts down?
• SLAs: Is there a minimum performance standard for service availability/uptime? 
• Consumption metrics: For usage-based SaaS products, you may have a limit to how much data you can use or actions you can take before you hit a limit. What is that limit? What happens if you go over during the billing period?

Dealing with these aspects of contract negotiation can be incredibly difficult and time-consuming. Don’t have the resources to dive into the weeds of every contract negotiation? Learn about Tropic’s Expert Advisory or Full Service Negotiation capabilities.

Best Practices for Negotiating SaaS Agreements

1. Assess the Provider’s Track Record

‍When negotiating SaaS agreements, it’s crucial to assess the provider's reliability, service history, and customer satisfaction levels. Start by examining reviews and case studies, and request references from similar businesses in your industry. A provider with a solid track record in uptime, customer support, and delivering promised features is a safer bet.

Ask about any significant downtime incidents, how they were handled, and whether the provider is transparent about these situations. A reliable SaaS provider should have a history of prompt resolution of issues and consistent service delivery.

2. Customizing the Agreement to Your Needs

‍One-size-fits-all agreements often fall short in meeting a business’s unique needs. During negotiations, ensure the agreement is tailored to your specific operational requirements. Consider whether the platform supports your workflow, integrates seamlessly with existing systems, and meets compliance standards in your industry.

You may also need to negotiate terms around scaling the service, customization options, and dedicated support. Customization should include provisions for future needs, such as adding users or scaling functionality without incurring steep fees.

3. Review the SLA Carefully

‍The Service Level Agreement (SLA) is a critical document outlining the expected performance and availability of the SaaS product. Pay close attention to uptime guarantees, response times for support, and penalties for failing to meet these expectations. Penalties might include service credits, refunds, or termination rights.

Ensure that the SLA addresses key business requirements and contains clear definitions of responsibilities in case of service disruptions. A strong SLA not only ensures accountability from the vendor but also provides leverage in case things go wrong.

4. Legal Review

‍Involving legal counsel is crucial when negotiating SaaS agreements. SaaS contracts can contain complex terms related to intellectual property, data ownership, and liability that require legal expertise to interpret fully.

A legal team will help ensure that your rights are protected, including clauses around termination, dispute resolution, and data security. It’s also wise to have counsel review the fine print to identify hidden clauses or ambiguities that could pose risks later. By doing so, you can ensure the agreement aligns with both your business needs and legal standards.

Steps to Take Before Signing a SaaS Agreement

Due Diligence

‍Before committing to a SaaS provider, perform thorough research into the company’s background, reputation, and financial stability. This includes checking the company’s market position, reviews from current or past clients, and their longevity in the industry.

It's also wise to evaluate their financial stability, as you don't want to partner with a provider who may go out of business in the near future, leaving your business in a lurch. Conducting this level of diligence can prevent future risks and ensure long-term service reliability.

Clarifying Terms of Use

‍It’s essential to have a clear understanding of the terms of use for the SaaS platform, including how you can use the software, any restrictions on usage, and what happens if the provider makes changes to their services. Ensure that the agreement covers scenarios like service continuity, maintenance windows, and exit strategies in case you need to switch vendors. Having these terms clearly outlined helps mitigate the risks of service interruptions and ensures a smooth transition if needed.

Understanding Your Responsibilities

‍While the SaaS provider manages much of the infrastructure, there are still responsibilities that fall on you as the customer. These might include ensuring secure access to the platform, regular data backups, or maintaining specific security standards.

It’s important to clearly define what is expected from your side, especially concerning data management, security measures, and compliance with regulatory requirements. Failure to fulfill your responsibilities could lead to issues like data loss or security breaches that the provider may not be liable for.

SaaS Agreement Checklist for Businesses

‍To ensure nothing is overlooked, a SaaS agreement checklist is essential. This checklist should include legal aspects, such as reviewing data ownership and liability clauses, as well as technical considerations, such as data backup, data portability, and integration capabilities.

Additionally, the checklist should cover operational aspects like service uptime, response times, scalability options, and pricing transparency. By using a comprehensive checklist, you can ensure that all critical areas are covered before signing the agreement, reducing the risk of future disputes or service issues.

Managing SaaS agreements at scale

While large enterprises have procurement and legal teams to act as “SaaS Ops,” smaller companies—those fewer than 1,000 employees—often have some mix of finance, IT, and operations trying to wrangle SaaS agreements on top of their core responsibilities. 

Cue the sound of dozens of SaaS agreements falling through the cracks.

That’s why many midmarket and enterprise companies are turning to third-party SaaS procurement solutions. As a leading provider in this space, Tropic helps companies manage SaaS agreements at scale on their behalf. Here’s how:

Preventing runaway SaaS spending

The average company overpays for SaaS by as much as 30% due to mismanagement and lacking processes. 

We solve this problem in the near term by facilitating contract negotiations, backed by thousands of data points to ensure fair pricing. Over the long-term, by deploying compliant purchasing experiences on our workflow technology, we’ll ensure you’ll always get a favorable contract through renewals or even expansions. 

Tropic also makes it easy to identify redundancies across your tech stack, making it easy to consolidate contracts, reduce IT burden, and prevent rogue users.

Saving time

You want your departmental leads and IT teams focusing on high-value activities that move your business forward, not trying to make sense of complicated SaaS agreements. 

The average end user spends 4-5 hours per contract. Across 100+ contracts that’s 400+ hours per year for a single user. By automating the purchasing experience, Tropic reduces this by 87.5% to 30 minutes per contract for your team.

Ensuring compliance

One of the most nerve wracking experiences a procurement and IT/security team can have is finding out that someone signed up for a SaaS solution that puts company, customer, or employee data at risk due to substandard security workflows and processes. 

If you’re struggling to implement your desired purchasing controls—such as INFOSEC, financial review, proper documentation, etc.— Tropic can get you to 100% compliance by deploying a user-friendly procurement experience.

Get a free SaaS savings assessment to see how much you can save on a given supplier, or check out our Customer Stories to see how our customers are turning procurement into a strategic spend management advantage.