SaaS terms and conditions (standard)
This SaaS T&Cs template can be used to create professional legal documentation for software provided as a service. The template has been designed for business-to-business services, and should not be used in relation to customers who are consumers.
Two different provisions concerning the entry into force of the SaaS T&Cs are included. First, the SaaS T&CS may be agreed by the parties signing a "services order form". Alternatively, the SaaS T&Cs may be incorporated into an online contracting procedure.
There are a great variety of software applications that can be provided as a service. This template includes a range of optional provisions.
For instance, it includes optional provisions covering the supply of AI-generated data to the customer, as well as the use of customer-supplied data in the training of AI models.
The General Data Protection Regulation (GDPR) - in both its original EU form and derivative UK form - requires that, where one business processes personal data on behalf of another, certain mandatory provisions are included in the contract between the parties. These SaaS T&Cs incorporate clauses that are design to help the parties to comply with both the EU GDPR and UK GDPR.
Get help with this documentSaaS terms and conditions (standard) contents
- Definitions: definitions.
- Term: commencement of term; end of term (indefinite); each services order form creates distinct contract.
Set Up Services : obligation to provide set up services; set up services timetable; delays in set up services consequent uponCustomerdelays; hosted services set up and intellectual property rights.Hosted Services : provision of hosted services access credentials (set up services option); grant of licence to use hosted services; limitations on use of hosted services; prohibitions on the use of the hosted services; security of access credentials; availability of hosted services and SLA; hosted services acceptable use policy; no damaging use of hosted services; no excessive use of the hosted services; no unlawful use of hosted services; no access to platform code; suspension of hosted services.- Scheduled maintenance: right to suspend hosted services for scheduled maintenance; notice of scheduled maintenance to hosted services; times for provision of scheduled maintenance; maximum aggregate time for scheduled maintenance of hosted services.
Service Data : licence to use service data (business purposes); prohibitions on use of service data (hosted services); security of service data; service data contains AI output data; limitation of liability for AI output data.Support Services : support services provision; standard of support services; support services in accordance with SLA; suspension of support services.- Customerobligations: general second party obligations; access to computer systems.
- CustomerData: licence ofCustomerdata; licence ofCustomerdata for AI purposes; licence ofCustomerdata for aggregation purposes; warranties relating toCustomerdata; back-up of second party data; restoration ofCustomerdata.
- Integrations with
Third Party Services : integration of third party services; right to integrate third party services; activation of third party services integration; right to remove third party services integrations;Providernot responsible for supplying third party services;Customerresponsibilities in relation to third party services; charges relating to third party services; no warranties or liability in relation to third party services. Mobile App : mobile App governed by separate terms.- No assignment of
Intellectual Property Rights : no assignments of intellectual property rights. - Charges: obligation to pay charges; time-base charges limitations; amounts inclusive or exclusive of VAT; variation of charges.
- Payments: issue of invoices; time for payment of charges following invoice; payment methods; interest on late payments; interest on late payments.
- Provider's confidentiality obligations:Providerconfidentiality undertaking; disclosure of confidential information byProviderto certain persons; exceptions toProviderconfidentiality obligations; disclosures ofCustomerconfidential information mandated by law etc;Providerconfidentiality obligations after termination.
- Data protection: compliance with data protection laws; warranty of Customer's right to disclose personal data (GDPR); details of personal data processed bythe Provider(GDPR); purposes of processing of personal data bythe Provider(GDPR); duration of personal data processing byProvider(GDPR); personal data processed byProvideron instructions (GDPR); authorised international transfers of personal data (GDPR); informingCustomerof illegal instructions (GDPR); personal data processed byProvideras required by law (GDPR); confidentiality obligations onProviderpersons processing personal data (GDPR); security of personal data processed byProvider(GDPR); appointment of sub-processor byProvider(GDPR); authorisation forProviderto appoint sub-processors (GDPR);Providerto assist with exercise of data subject rights (GDPR);Providerto assist with compliance (GDPR); obligation to notifyCustomerof personal data breach (GDPR);Providerto provide data protection compliance information (GDPR); deletion of personal data byProvider(GDPR);Providerto allow audit (GDPR); changes to data protection law.
- Warranties: first party general warranties; hosted services general warranties; warranty of legality of hosted services; hosted services intellectual property infringement warranty; breach of hosted services infringement warranty; Customerwarranty of authority; exclusion of implied warranties and representations.
- Acknowledgements and warranty limitations: hosted services not error free; hosted services not entirely secure; hosted services compatibility limitation; no legal etc advice with hosted services.
- Indemnities: indemnity (flexible, with definition); conditions upon first party indemnity; indemnity (flexible, with definition); conditions upon second party indemnity; limitations of liability vs indemnities.
- Limitations and exclusions of liability: caveats to limits of liability; interpretation of limits of liability; no liability for force majeure; no liability for loss of profits; no liability for loss of revenue; no liability for loss of use; no liability for loss of opportunities; no liability for loss of data or software (subject to back-up obligations); no liability for consequential loss; per event liability cap upon services contract; aggregate liability cap upon services contract.
Force Majeure Event : obligations suspended for force majeure; force majeure notification and information; mitigation of effects of force majeure.- Termination: termination without cause (optionally asymmetric, initial term and renewal term); termination by either party without cause (initial term and renewal term); termination upon breach; termination upon insolvency; termination upon non-payment; rights of termination supplemental or exclusive.
- Effects of termination: surviving provisions upon termination; termination does not affect accrued rights; charges on termination of contract.
- Notices: methods and deemed receipt of contractual notices; first party contact details for contractual notices; substitute contact details for notices.
- Subcontracting: no subcontracting without consent; subcontracting permitted; first party responsible for subcontracted obligations; subcontracting of hosting.
- Assignment: assignment by first party; assignment by second party.
- No waivers: no unwritten waivers of breach; no continuing waiver.
- Severability: severability of whole; severability of parts.
- Third party rights: third party rights: benefit; third party rights: exercise of rights.
- Variation: variation only in accordance with section; variation by signed written agreement; variation on first party's notice.
- Entire agreement: entire agreement: documents; no misrepresentation; section subject to caveats to limits of liability.
- Law and jurisdiction: governing law; jurisdiction.
- Interpretation: statutory references; section headings not affecting interpretation; calendar month meaning; no ejusdem generis.
Schedule 1 (Acceptable Use Policy)
- Introduction: definitions for acceptable use policy; parties to policy; agreement to policy by using services; express agreement to policy; services user minimum age under policy.
- General usage rules: no damaging use of services; no unlawful use of services; content must comply with provisions of part.
- Unlawful
Content : no unlawful user content: general prohibition; no unlawful user content: specific prohibitions; previous complaints and user content. - Graphic material: age suitability of user content; no violence, self-harm or suicide depicted in user content; no encouragement of violence, self-harm or suicide; no pornographic user content.
- Factual accuracy: content must be truthful; content must not risk defamation.
- Negligent advice: no professional advice in user content; no negligent advice in user content.
- Etiquette: content appropriate etc; no offensive content; no annoying content; no hostile communications; no deliberate offense; no content flooding; no duplicate content; categorisation of content; appropriate content titles; courtesy to service users.
- Marketing and spam: prohibition on marketing activities; no spam in user content; sending spam using email addresses; no promotion of marketing schemes; avoidance of IP blacklisting.
- Regulated businesses: no gambling-related activities; no pharmaceutical activities; no weapon-related activities.
- Monitoring: acknowledgement relating to monitoring.
- Data mining: no data mining.
- Hyperlinks: no hyperlinks to prohibited content.
- Harmful software: no harmful software; no risky software.
Schedule 2 (Availability SLA)
- Introduction to availability SLA: purpose of hosted services availability SLA; informal definition of uptime.
- Availability: uptime commitment; measurement of uptime; reporting of uptime measurements.
- Service credits: earning service credits; amount of service credits; application of service credits; service credits are sole remedy; service credits upon termination.
- Exceptions: list of exceptions to availability commitment.
Schedule 3 (Support SLA)
- Introduction: introduction to support SLA.
- Helpdesk: helpdesk obligation; purpose of support services helpdesk; access to helpdesk; times of helpdesk availability; all requests for support to go through helpdesk.
- Response and resolution: hosted services support issue categorisation; allocation of support issue severity categories; support response times; contents of response to support request; support resolution times.
- Provision of
Support Services : support services to be provided remotely. - Limitations on
Support Services : excessive use of hosted services support; support services training and misuse limitations.
Schedule 4 (Data processing information)
- Categories of data subject: prompt for categories of data subject.
- Types of
Personal Data : prompt for types of personal data. - Purposes of processing: prompt for personal data processing purposes.
- Security measures for
Personal Data : prompt for security measures for personal data. - Sub-processors of Personal Data: prompt for identifying sub-processors of personal data.