Software as a service (SaaS) is defined by wikipedia as a “software delivery model in which software and associated data are centrally hosted on the cloud.” Notable examples include Dropbox, Google Apps, Evernote and MailChimp. The efficiency and rapid growth of SaaS is in large part why Marc Andreessen wrote his influential article entitled “Why Software Is Eating the World”.
The legal terms involved in SaaS are more involved than those in a standard End User Licence Agreement (EULA), since the provider hosts data and provides the infrastructure to operate the software (often provided through a web browser). This article will set out some of the areas particular to SaaS that require consideration.
A SaaS provider is in possession of their customer’s data. As a result, certain issues must be covered.
- There must be clear provision in the agreement for the “data liberation process” upon the termination of the SaaS Agreement. It is preferable for the costs of such a process to be clear.
- Providers must be clear about what liability they are willing to assume for maintaining the customer’s data. Whether or not the provider assumes liability for data loss is an issue that must be covered, as well as what backup regime the provider undertakes to subscribe to.
- Providers need to be clear about which third parties might have access to their customer’s data. SaaS is often hosted on Infrastructure as a Service (IaaS), and IaaS providers like Amazon Web Services often reserve the right to review data hosted by their customers.
- Providers need to understand what kind of data they will be collecting, and take appropriate measures if any of it is categorised by the Privacy Act 1988 (Cth) as “sensitive information”.
Term of Contracts
SaaS is always provided in the context of an ongoing commercial relationship between the provider and customer, as opposed to the one-off grant of a perpetual licence to use under the traditional software model. As a result, the agreement’s period is critical. Particularly in the enterprise space, agreements tend to be based on automatically renewing contractual periods, which either party can end with a specified notice period. This approach fits the model of fees based on a continuing subscription.
SaaS providers need to be crystal clear about whether or not they will be responsible for “down time”, particularly if they are providing mission critical software. Many providers take an “all care and no responsibility” approach, other SaaS providers guarantee certain levels of uptime and provide refunds if they do not reach those levels. Many SaaS providers operate on IaaS services, which usually refuse to accept liability. In other words, if downtime liability is not parsed away, the SaaS provider is stuck with it.
Another reason that software (or certain parts of it) can become inaccessible is that the vendor chooses to remove them on purpose. In a software design environment increasingly governed by rapid iteration and “less is more”, it is important for vendors to reserve the right to make changes to the software if a feature does not get traction and ends up “getting in the way”. They may find that a small number of customers have come to rely on that feature, and are damaged by its removal.