Legal Agreements for SaaS Apps

Software as a Service (SaaS) is a simple arrangement in some respects. You sell your service like a subscription, and in return, you collect payments on a regular basis from your customers.

But that doesn't mean you can throw your legal obligations out the window.

Protecting your company and ensuring that you understand issues like liability are both integral components to keeping your SaaS up and functioning. And that means using legal agreements to establish clarity between you and the consumer when it comes to expectations.

Here is what you need to know when it comes to legal agreements for your SaaS:

What is SaaS, Anyway?

When you sell a product, you can throw warning information on the label. You can include a warranty in the box. It's a straightforward process.

But you're selling Software as a Service, which changes the format a bit. Rather than a tangible product, you're selling software on a subscription basis.

In most cases, your customers will be able to simply download your software and unlock it with a purchase code or activation key. That means if you're going to establish a basic user agreement, you're going to have to actively insert it somewhere into that process.

Why You Need Legal Agreements in Place

In short, because you're entering into a contract with your customers here. This isn't just a one-time purchase. They're not paying with cash. You're likely taking hold of each customer's:

  • Name
  • Address
  • Credit card information
  • Email address

As Uncle Ben once said in the Spider-Man series--with great power comes great responsibility. That means that you, the provider of the SaaS, have to take steps to ensure that this contract is legal and in good standing by the rules and regulations that govern your industry.

It also helps to protect you on the legal end of things. But we'll get more into that as we explore the specific legal agreements you'll want and oftentimes even need.

Which Legal Agreements Should SaaS Apps Have?

Now let's get specific. Which legal agreements do you want to include with a SaaS app that is presumably collecting vital customer information? In this article, we'll focus on two main agreements:

  • Terms and Conditions - Optional but recommended - You're entering into a contract with someone you don't know. Don't you think it's a good idea to set some basic ground rules first? By having someone agree to your terms and conditions before they use your software, you can fight against potential liabilities -- after all, you've established the conditions of using your software ahead of time.
  • Privacy Policy - Required by law - Collecting data is a serious thing and serious laws protect consumer privacy. It's important that you have a Privacy Policy in place when you collect personal information (like names, email addresses and payment information). This Policy will need to explain what you do with that information.

Here's what you'll need to know about each.

What to Include in Your Terms and Conditions

You know Terms and Conditions. They're those long, boring screeds you skip through as you play the latest computer game or even as you download an important piece of software for your business. And while it's not important that you understand every last detail of these Terms and Conditions as a consumer, you'd better bet that you'll want to know them when it comes to running a SaaS business.

Here are a few things you'll want to include:

  • Defining your software and what will be provided. This sets the expectations of what you need to hold up to on your end of the bargain.
  • Guarantees and warranties, if any.
  • Which laws will govern the contract. For example, if you're in the state of California, you're going to want to explain that.
  • The terms of this agreement and what might cancel it, or give you grounds to cancel it. (You should also explain that you have the right to terminate the agreement at any time).

Tips for Creating Terms and Conditions

How do you actually sit down and create Terms and Conditions? There are a number of ways. You can buy template Terms and Conditions online, for example. But you'll want to customize it for your specific product and ensure that your business concerns are taken care of.

Here are a few tips for making that happen:

  • Get some help. Legal advice in creating Terms and Conditions can be much less expensive than you might think. A lawyer can even work off of a pre-existing template to customize a list of terms and conditions that meet your priorities. It's far easier to say, "here's what I want my terms to be; make it happen in legalese" than it is to attempt it yourself.
  • Look at some examples online first. This will give you a sense of what a quality Terms and Conditions page will look like. Don't copy and paste--see the above tip. But you do want to get a sense of what Terms and Conditions are all about.

Setting the Terms and Conditions sounds boring, but thinking about it can be fun. You get to set the rules for associating with you. Think of yourself as a boss determining the quality of your customers.

The Privacy Policy and Why You Need It

Your Terms and Conditions are important because they establish the ground rules of your services, but this agreement isn't a legal requirement to have.

However, this isn't the case with a Privacy Policy.

Governments around the world actually take the handling of private information very seriously, which is why there are rules and regulations that might actually say you have to have a Privacy Policy for your SaaS app. Some of these laws include the GDPR, CalOPPA and PIPEDA.

Here's what you'll need to know about this vital document:

What to Include in Your Privacy Policy

Essentially, your Privacy Policy should lay out, in clear and basic text, what you plan on doing with your users' private information. If you're going to sell it to third parties, you need to tell them. If you'll never sell it, you need to tell them that, too. Here are some other essentials for a successful Privacy Policy:

  • Disclose what information you collect and how you collect it. Let users know about direct and indirect ways you collect their information, and which types (such as IP addresses, geolocational data and others) that you are collecting.
  • Explain how you will use their information. Are you going to use information to enhance your site? To personalize their experience? Great! Write that down. A Privacy Policy doesn't have to be a litany of bad news. You can also tell the truth about the good things you plan on doing once you acquire the private data of your customers like helping keep their accounts secure.
  • Talk about the categories of third parties with whom you share information.
  • Include information about how your SaaS will update your customers (i.e., via email) if your Privacy Policy has changed. This gives users a chance to review the changes and to decide whether or not they want to continue with you.
  • Establish the effective date for your privacy policy so there's no confusion.

There are rules and regulations determining what goes into a Privacy Policy, so don't take this advice lightly. You need to make it explicitly clear to your users what you're doing with their data.

Tips for Creating Your Privacy Policy

The process of creating a great Privacy Policy can be similar to the process of building a quality page for Terms and Conditions. There may be templates you rely on, but ultimately, you need to take steps that ensure accuracy as it relates to your business and your customers' collected data.

You can start by seeking out a legal firm that specializes in the web and with SaaS like yours. It likely won't be very complicated to draw up a Privacy Policy that adheres to your specific needs and to the rules and regulations that govern your business. It sounds like a lot of work, but the firms willing to do this have likely gotten the process down to a science.

The Better Business Bureau in North Central Texas actually put together a nice list of what to include in a privacy policy that should also serve as some nice tips for you to follow, including:

  • Include how you collect the information. The method through which you collect information, such as tracking users' cookies, is integral to making sense of the entire Privacy Policy in the first place.
  • Include how you use the information. What you plan on doing with the information after you've collected it can be some of the most important information in the entire policy. In fact, it's likely what your users will be looking for.
  • Explain what control your users have over the availability of their information. Obviously, no one has to enter into contract with your SaaS business if they disagree with your Privacy Policy. But you should also establish how someone who gives you their private information can contact you and change their relevant information, such as their password. Doing this will not only ensure that your Privacy Policy remains relevant and up-to-date, but that your users understand that there is a degree of control from their end as well.

Put it all together and you'll have a much stronger Privacy Policy that's more likely to adhere to the regulations set out by many of the world's major governments.

You've done a lot of work to get your SaaS app perfect. Including these two legal agreements will pull everything together. And a lot of people care about them.

Governments will care. Customers will care. And you'll care when you face the consequences for not having these documents in place. Don't let yourself or your business get caught off-guard in the future because you didn't establish the ground rules and make information available to your customers.

Instead, make sure that you include these two legal agreements with your SaaS app. Once you do, you can rest easier knowing that not only have you established the right limitations and restrictions for your SaaS, but that your company is better protected from violating privacy laws.