SAAS Services vs. Licensed Software

Privacy Plus+

Privacy, Technology and Perspective

SAAS Services vs. Licensed Software. Let’s focus on the difference between software-as-a-service (SAAS) and licensed software. The distinction is important.  Here, we’ll look at why, and help you spot outdated agreements and fill in missing terms.

Background

More and more software providers have transitioned to SAAS-based offerings, which rely on data storage and software stored in the cloud.  Compare previous times when software was delivered via CD-Roms, disk drives, and over file transfer protocol sites, for example.

Despite today’s extensive use of SAAS services, many companies still rely on legacy contracts to cover those services.  That is a problem because legacy licensing agreements often do not cover SAAS services – they only cover the use of the software.

Here are a few clues that you may be working from an outdated agreement:

  • ·       Use of the term “license;”

  • ·       No definitions for the terms “Authorized User,” “Customer Data,” and “Services.”

  • ·       No terms regarding data privacy and security; and

  • ·       Thin representations and warranties (or disclaimers) covering only the software (and not the “Services”).

What terms do SAAS agreements need?  Here are some ideas:

  1. A comprehensive SAAS services agreement under which the subscriber gets access to and use of the SAAS services based upon the conditions set forth in the contract;

  2. Definitions which expressly set out who is an “Authorized User, and define “Customer Data,” “Provider IP,” and “Services;”  

  3. Specific provisions regarding access, use of the services, use restrictions, and support;

  4. Robust confidentiality provisions covering, at minimum, confidential intellectual property, trade secrets, third-party confidential information, and other sensitive or proprietary information, including Customer Data;

  5. A provision that asserts Customer’s ownership of Customer Data and restricts access to and use of it, including, if appropriate, restricting derivative uses of “insights” derived from Customer Data, in whole or in part.  The agreement should also clarify what happens to Customer Data when the Services terminate, or the agreement expires (most organizations want their data returned and want their providers to delete their data);

  6. Privacy and security provisions, such as a privacy and data security addendum or data processing agreement, as appropriate;

  7. A provision regarding fees and the subscription period. Customers should require certainty in the contract itself, including the fees for the services, payment requirements, invoicing terms, and any renewal fee notification or process (as well as any caps on renewal fees);

  8. Reps and Warranties in and around the SAAS services (at a minimum, they should conform in all material respects to the specifications – which is one reason why it is so important to define the Services well, including descriptions and specifications).

  9. Customers should also ask their Provider to include at least basic privacy and security reps and warranties;

  10. Termination rights that provide straightforward ways for both parties to end their agreement, and are clear about what steps must be taken then; and

  11. A service level agreement that addresses performance issues (such as uptime and speed of performance) and provides credits for unplanned downtime.

Suppose you find yourself looking at a legacy contract that is missing these terms (or an amendment that purports to address a SAAS-based offering, but its underlying agreement is missing these terms). In that case, likely, you don’t have a SAAS services agreement in front of you, and you’ll need a new document. Also, keep in mind that there are other risk mitigation terms that you will want to address, including, but not limited to, terms regarding indemnities, the allocation of liability, compliance with applicable laws, and insurance.

A final point – It’s important to educate your procurement group on the difference between SAAS services and licensed software.  Too many important issues may slip through the cracks otherwise. For a helpful checklist, please feel free click on the following link to download our HM SAAS Checklist.

---

Hosch & Morris, PLLC is a boutique law firm dedicated to data privacy and protection, cybersecurity, the Internet and technology. Open the Future℠.

 

Previous
Previous

Utah Joins California, Colorado, and Virginia in Enacting A Comprehensive Privacy Law with Connecticut Set to Follow

Next
Next

DOJ Takes Down Russian Botnet