SaaS terms and conditions (basic)
This is a short-form software-as-a-service (SaaS) terms and conditions template, with accompanying support services provisions.
The document sets out the basis upon which a customer may use a hosted software system. Rights of usage are expressed both positively, stating what the customer is permitted do do, and negatively, with a list of limitations and prohibitions. Usage may optionally be governed by a distinct acceptable use policy (set out as a schedule to this document).
The support provisions in the T&Cs are comparatively short and simple: unlike in the standard and premium versions of this document, there are no service level commitments / agreements setting out the details of exactly how support will be provided.
Standard confidentiality are included. This document also includes provisions designed to help both parties to comply with the General Data Protection Regulation (GDPR).
The document has been designed for B2B (rather than B2C) SaaS arrangements.Ask about this document
SaaS terms and conditions (basic) contents
- Definitions: definitions.
- Term: commencement of term; end of term (indefinite); each services order form creates distinct contract.
Hosted Services: provision of hosted services access credentials (effective date); grant of licence to use hosted services; limitations on use of hosted services (short-form); prohibitions on the use of the hosted services; security of access credentials; availability of hosted services; FAOD exceptions to hosted services availability; hosted services acceptable use policy; no damaging use of hosted services; no excessive use of the hosted services; no unlawful use of hosted services; no access to platform code; suspension of hosted services.
- Scheduled maintenance: right to suspend hosted services for scheduled maintenance; notice of scheduled maintenance to hosted services; times for provision of scheduled maintenance; maximum aggregate time for scheduled maintenance of hosted services.
Support Services: support services provision; standard of support services; helpdesk obligation; purpose of support services helpdesk; support services responses to be prompt; support services training and misuse limitations; suspension of support services.
- CustomerData: licence ofCustomerdata; warranties relating toCustomerdata; back-up of second party data; restoration ofCustomerdata.
Mobile App: mobile App governed by separate terms.
- No assignment of
Intellectual Property Rights: no assignments of intellectual property rights.
- Charges: obligation to pay charges; time-base charges limitations; amounts inclusive or exclusive of VAT; variation of charges.
- Payments: issue of invoices; time for payment of charges following invoice; payment methods; interest on late payments.
- Provider's confidentiality obligations:Providerconfidentiality undertaking; disclosure of confidential information byProviderto certain persons; exceptions toProviderconfidentiality obligations; disclosures ofCustomerconfidential information mandated by law etc;Providerconfidentiality obligations after termination.
- Data protection: compliance with data protection laws; warranty of Customer's right to disclose personal data (GDPR); details of personal data processed bythe Provider(GDPR); purposes of processing of personal data bythe Provider(GDPR); duration of personal data processing byProvider(GDPR); personal data processed byProvideron instructions (GDPR); authorised international transfers of personal data (GDPR); informingCustomerof illegal instructions (GDPR); personal data processed byProvideras required by law (GDPR); confidentiality obligations onProviderpersons processing personal data (GDPR); security of personal data processed byProvider(GDPR); appointment of sub-processor byProvider(GDPR); authorisation forProviderto appoint sub-processors (GDPR);Providerto assist with exercise of data subject rights (GDPR);Providerto assist with compliance (GDPR); obligation to notifyCustomerof personal data breach (GDPR);Providerto provide data protection compliance information (GDPR); deletion of personal data byProvider(GDPR);Providerto allow audit (GDPR); changes to data protection law.
- Warranties: first party general warranties; hosted services general warranties; warranty of legality of hosted services; hosted services intellectual property infringement warranty; breach of hosted services infringement warranty; second party warranty of authority; exclusion of implied warranties and representations.
- Acknowledgements and warranty limitations: hosted services not error free; hosted services not entirely secure; hosted services compatibility limitation; no legal etc advice with hosted services.
- Limitations and exclusions of liability: caveats to limits of liability; interpretation of limits of liability; no liability for force majeure; no liability for loss of profits; no liability for loss of revenue; no liability for loss of use; no liability for loss of opportunities; no liability for loss of data or software (subject to back-up obligations); no liability for consequential loss; per event liability cap upon services contract; aggregate liability cap upon services contract.
Force Majeure Event: obligations suspended for force majeure; force majeure notification and information; mitigation of effects of force majeure.
- Termination: termination by either party without cause; termination by either party upon breach; termination upon insolvency.
- Effects of termination: surviving provisions upon termination; termination does not affect accrued rights; charges on termination of contract.
- Notices: methods and deemed receipt of contractual notices; first party contact details for contractual notices; substitute contact details for notices.
- Subcontracting: no subcontracting without consent; subcontracting permitted; first party responsible for subcontracted obligations; subcontracting of hosting.
- General: no waiver; severability; variation written and signed; asymmetric assignment of contractual rights; no third party rights; entire agreement (with services order form); governing law; exclusive jurisdiction.
- Interpretation: statutory references; section headings not affecting interpretation; calendar month meaning; no ejusdem generis.
Schedule 1 (Acceptable Use Policy)
- Introduction: definitions for acceptable use policy; parties to policy; agreement to policy by using services; express agreement to policy; services user minimum age under policy.
- General usage rules: no damaging use of services; no unlawful use of services; content must comply with provisions of part.
Content: no unlawful user content: general prohibition; no unlawful user content: specific prohibitions; previous complaints and user content.
- Graphic material: age suitability of user content; no violence in user content; no pornographic user content.
- Factual accuracy: content must be truthful; content must not risk defamation.
- Negligent advice: no professional advice in user content; no negligent advice in user content.
- Etiquette: content appropriate etc; no offensive content; no annoying content; no hostile communications; no deliberate offense; no content flooding; no duplicate content; categorisation of content; appropriate content titles; courtesy to service users.
- Marketing and spam: prohibition on marketing activities; no spam in user content; sending spam using email addresses; no promotion of marketing schemes; avoidance of IP blacklisting.
- Regulated businesses: no gambling-related activities; no pharmaceutical activities; no weapon-related activities.
- Monitoring: acknowledgement relating to monitoring.
- Data mining: no data mining.
- Hyperlinks: no hyperlinks to prohibited content.
- Harmful software: no harmful software; no risky software.
Schedule 2 (Data processing information)
- Categories of data subject: prompt for categories of data subject.
- Types of
Personal Data: prompt for types of personal data.
- Purposes of processing: prompt for personal data processing purposes.
- Security measures for
Personal Data: prompt for security measures for personal data.
- Sub-processors of Personal Data: prompt for identifying sub-processors of personal data.