Negotiation of SaaS Agreements
A Software as a Service Agreement (SaaS) is a Software Licensing Agreement or a Subscription Licensing Agreement between Clients and Software Service Providers. SaaS agreements are licensing agreements that typically contain the terms and conditions that a SaaS service provider (the licensor/vendor) requires of its clients (the licensee).
Software as a Service agreements is a model in which a cloud-based system is hosted on the Internet, instead of being hosted on the client’s software platform. Many SaaS programs have become very common, including Dropbox, Netflix, Hulu, Quickbooks online, Xero.com, DocuSign and SurveyMonkey, to name a few .
SaaS agreement is a specific licensing agreement that details the terms under which a specific set of online computer functionalities can be used be a specific client for a specific purpose. A SaaS model will always have a subscription fee, a financial requirement or license fee. It can be a monthly or yearly fee, or a combination of both. More importantly, the licensing agreement will define the terms and conditions of the usage of the client license.
To the client, a SaaS agreement is often required to integrate into an existing business model that includes training, onboarding, and maintenance. To a Service Provider, it’s almost always required that a client abide by the software licensing agreement and all the licensing requirements detailed in the agreement.
Key Provisions of SaaS Agreements
The following are important clauses commonly found in SaaS agreements:
Service Levels
Service levels are commitments that the SaaS vendor makes to the customer. An example of a service level is a contractual commitment to provide the service 97% of the time during a given calendar month. If this commitment is not met, for example, by "only" providing the service 96% of the time, the SaaS vendor typically commits itself to crediting the customer with a certain percentage of its fees for that month. Another type of service level is a fast response to helpdesk inquiries. For these types of service levels, the SaaS vendor typically commits itself to respond to customer helpdesk emails or telephone calls within a certain period of time. A failure to meet the stated response time typically triggers a ground for a fee credit to the customer.
Uptime Guarantees
An uptime guarantee is a high level service commitment stating that the service will be available at least a certain percentage of the time during the work day. This concept is similar to the term "service levels," except that service levels can relate to numerous aspects of the service (e.g., response times for emails or bug fixes), while uptime guarantees focus specifically on availability of the service and are typically measured per month.
Help Desk/Support
Help desk/support provisions typically set forth both parties’ responsibilities during the term of the SaaS agreement. For example, a SaaS agreement might set forth the hours of support during which support staff will be available to help customer project teams with issues pertaining to the usability of the service (e.g., how to change the page presentation of the data on the screen). Such support will not relate to issues such as the service being unavailable—for example, if the web server were to go down.
Termination for Convenience
Typically, termination for convenience provisions set forth the right of each party to unilaterally terminate the SaaS agreement for any reason. Typically, the period of notice that is necessary to terminate a SaaS agreement for convenience is 30-90 days. Some SaaS agreements also allow for termination without cause before the end of the agreement’s initial term for a fee, which fee is typically based on the number of remaining months under the agreement.
Pricing Structure and Considerations
One of the most important issues a SaaS buyer should consider is the pricing model. On the software license side, it was billed as an "acquisition cost" and was seen as the end of the sales transaction. On the SaaS side, there are many costs over the term of the agreement and unless they are specifically addressed in the contract, they will not be able to be evaluated before the deal is done. Some of these costs can be significant. So buyers should take the time to evaluate the alternatives and evaluate the costs against their expectations.
Subscription-based services are billed according to the number of users. The more users you have, the more you pay. The pricing models vary but basic pricing looks like: For example, company Y has 50 seats. This pricing would amount to $31.25 per month or $375 annually. If company Y has 400 seats which is 8 times the number of seats as company X, then assuming the entire deal is hosted on one server and has no more than double the costs for the 50 seats, company Y should pay 8 times the costs of company X. So as long as the basic pricing formula above is followed, company y will pay $3,000 a month or $36,000 annually. so far so good. The costs do not include any installation or customer support costs that may not be apparent at first and require the client to spend resources or help. The next thing to consider is how many users will be using the service. To follow the example above using the same basic scenario above, company y has 300 employees. If only 100 of these employees use the new service, then if the subscription fee is not a per user fee but is based on the total number of employees, company y is paying 4 times the cost of company X when company Y is only using 2.5 times the service. The next thing negotiators should consider is how the service is priced based on usage. The pricing looks like something like this: The costs here depend on usage. For example, if company Y uses 2M calls a month and purchases prepaid minutes at these fees after using the 200K prepaid minutes, then their monthly cost could be $76,000. Not so inexpensive sounding after all! This pricing looks more dangerous to negotiate a lease term since it is pegged to a set amount of usage on a monthly basis and is billed for excess use. If company Y uses 2M calls a month, their costs would be $14,000 a month. However, if they only use 200K calls a month, they are paying close to six times the base cost. The dock on this pricing is that it is a term lease with no opt outs and it is only guaranteed for one year. Overage that is paid months after the billing cycle and a moving target price can also add to the costs. After you evaluate these various models and pricing, you have recommendations on how to negotiate the pricing. Negotiation of SaaS agreements should be a mix of strategic and tactical thinking. So depending on your deal structure and company resources, you may want to consider negotiating only some of the costs and leave others alone. Another option is to match SaaS resources with people resources.
Privacy and Data Protection
Data privacy and security are particularly crucial in the age of SaaS providers, which can cause headaches for companies accustomed to working with traditional software vendors. "Most on-premise software agreements are not as privacy and security focused because businesses are using that software within the four walls," said Teresa Wu, an associate in Katten’s Technology practice. "With SaaS agreements, companies are giving their third-party SaaS vendors access to their data." For this reason, coveted terms such as liability limitations and caps on damages can become moot if an unauthorized data breach occurs.
Companies should negotiate a variety of protections covering personal data handled by the vendor, such as breach notification and resolution. "You will likely need the vendor to agree to report (and possibly help you remediate) a data breach under a certain time frame and initiate a forensic investigation. How these notifications and investigations are initiated is especially important when a company decides to notify customers of the breach," Wu said.
The agreement should also allow the company to conduct audits and reviews of the vendor’s privacy and data protection procedures and controls. "Audits may prove especially helpful in the event of a data breach. Sometimes, you can ask your vendor to provide reports from third party auditors of its privacy and data protection program," Wu added.
These terms are not typical for traditional on-premise software licenses, so companies should be flexible and creative when negotiating the deal.
IP Rights and Ownership Negotiation
Understanding how rights in intellectual property and technology are handled in a SaaS agreement is critical to reducing risk associated with these ever-increasingly important business arrangements. SaaS agreements often cover a range of software, data, content, technical specifications, patent rights, know-how and other proprietary technologies, processes, and information. Since the licensor typically has invested significant time, effort, and money to develop the technology, whenever possible, you should strive to limit the extent to which the licensee will be permitted to reverse engineer, or build upon or otherwise use any of the licensor’s intellectual property for anything other than the expressly permitted uses under the terms of the license agreement. The licensee will typically insist that it own the technology developed and created by the licensee using, accessing, and/or incorporating the licensor technology into the licensee’s systems. If negotiated carefully, this will not be an issue.
Your SaaS license agreement should include clear and defined license parameters including:
-Contract restrictions on use and services provided under the contract . Define them.
-Limits on reverse engineering the product. See if you can include – "for the express purposes of: (1) testing for exploitation of new security holes; (2) testing for circumvention of usage limits; (3) testing for any contractually prohibited actions on the part of licensee’s system.
-Ownership. Ownership should stay with the licensor. you can even specify that IP rights vest in the licensor and nothing else. (See, for example, the terms of service for Microsoft Azure services, which include intellectual property provisions).
-Restrictions on use of proprietary (i.e. confidential) data and information. Make sure licensee doesn’t use data for purposes unrelated to the contract.
-Compliance with data privacy, cybersecurity and other regulatory requirements. See if you can include regular audits, GIFTA (governmental investigative laws, rules, regulations, legislation, and all other legal rights of any governmental or regulatory authority), other regulatory and compliance information exchange clauses.
Exit Terms and SLAs
Let’s face it – every relationship encounters issues, and there’s a certain percentage of tactical and emotional termination that occurs in the client/service provider relationship. It’s therefore imperative to have a clearly defined exit strategy from the outset, along with properly defined SLA terms determining how & when those SLAs are to be reviewed & revisited. From the very beginning of this process, the company should make sure the SLAs provide for flexibility, especially if part of the proposed solution is an in-cloud offering or there’s an evolutionary road-map. If the cloud offering fits your company well (and it should, or the strategic fit issues will likely arise and a change will be needed), then an exit strategy that includes a simple process to pull back control of the cloud application and data from the vendor and transfer it smoothly to another provider of your choice should be the goal. We’ve seen situations where there’s no provision in the agreement for transferring data out of the vendor’s ecosystem to a service provider of the client’s choosing. In one situation, a large enterprise client wanted to switch service providers and found it extremely challenging as the cloud-based service provider vendor used its own private cloud for hosting (and had no expertise to transfer the solution to an external hosted environment). Especially in these days of GDPR, your data is by law your data and should not be controlled & kept by a vendor against your will – with exit terms that include an appropriate time period to notify the service provider of client’s intention to terminate, adequate notice provisions before the termination date (e.g. 90 days) facilitates a smooth transition, as well as a good faith provision (legally, best efforts, commercially reasonable endeavor). We can’t stress this point enough – the world is a small place, and vendors may at some time be competitors of the other party. The smoother the termination, the cleaner the slate.
Negotiation Tips
When negotiating a SaaS agreement, effective strategies can mean the difference between success and spending far more than needed. SaaS buyers can improve their negotiating position by being realistic in assessing their leverage. The art of negotiation is a balancing act: If you push too hard and refuse to be flexible, you risk losing the deal, but if you concede too much, you get little for your concessions and unnecessarily pay a higher price. Aim to secure a fair deal that leaves you in a win-win position. A successful approach is to consider the transaction as a multi-party negotiation in which you negotiate with both the provider as well as the end-users in the organization.
SaaS vendor competition has intensified, often giving you considerable leverage in negotiations. But since not everyone has the same leverage, it’s important to know when you have leverage, when you don’t and when it’s time to recognize that you may need to put the deal on the shelf. If you don’t have significant leverage, you can still make the most of a weaker bargaining position through thorough pre-game homework to identify the points that are negotiable and to establish acceptable limits on concession. Keep an eye on the big picture and be wary of getting lost in the minutiae because it could be easy to overlook opportunities that would help you achieve your objectives.
Even when the vendor is willing to be flexible on terms, you may not have that same flexibility. Your window of negotiation may be small especially when you are dealing with pre-approved legal contracts, especially if you have a tight implementation timeline. Some points may also be non-negotiable, especially if they reflect internal policies, such as data residency or data security. You may also lack leverage if there are multiple end-users, each having separate interests and objectives, which can complicate the negotiating process. For example, for a single-multi tenant implementation with multiple divisions within your organization, you may need a 2-tier discount structure where the provider gives each division a discount based on its volume threshold or you could negotiate for a flat discount for all divisions. This approach can simplify licensing arrangements and track compliance more quickly.
When negotiating a SaaS agreement, keep it simple. First focus on negotiating key provisions that may offer substantial savings or that could create the most friction. Focus on the most important deals first and for minor or data entry type purchases, like telco agreements, you may choose to let business carry the day. Sometimes you may decide that it is better to ask for a provision that doesn’t really apply to the particular transaction than to stand firm. The difficulty with this approach is that the vendor might view your request from a big picture standpoint and might apply it to all future transactions or it might require drafting that doesn’t fit your needs.
Perhaps the best way to find a solution is to think creatively; be a problem-solver. If the parties recognize the mutual benefits at stake, they often can find a solution (or numerous solutions) that work for both sides that promote a win-win outcome. When you get caught up in the high-stakes of negotiations, you should step back and try to take a broader perspective. This approach espouses finding common ground in the transaction. A negotiated compromise should never leave either side feeling that something has been unreasonably won or lost.
Be sure to set an agenda in advance of the meeting that outlines your objectives, what you will be presenting, what you want to ask of the other party, what your maximum and minimum concessions are, who will be in attendance and what format you will be following. This preparation will facilitate the negotiating discussions, allowing them to proceed without interruption or distraction. Also, an agenda can help limit indecision and prolonged deadlocks that can happen when one party does not prepare.
Common Traps
Knowledge is king and avoiding common pitfalls in negotiating terms for a subscription, reseller, or license agreement will save you time and money in the long run. Here are a few common pitfalls to avoid:
- Failing to deliver a Request for Proposal (RFP) or Request for Quote (RFQ) in writing that clearly denotes the items you are soliciting for award. Too often, vendors do not respond to all items requested in an RFP or RFQ because the RFP or RFQ is too vague. For example, your RFP or RFQ should detail how many concurrent users may access the system at any given time, if there is an advance payment required before access is granted, what happens if you fail to issue an RFP for renewal on time, and how the parties address intellectual property ownership. Too much ambiguity surrounding items addressed in an RFP or RFQ puts the onus on the vendor to guess what the customer wants, which presents a risk of disagreement later when the customer asserts that the delivered services are not what the customer wanted.
- Entering into agreements with vendors without consulting your legal department, procurement department, or outside counsel. If you are not authorized under applicable law or contract (i.e., a Delegation of Procurement Authority, Delegation of Procurement Authority, or Delegation of Procurement Authority) to sign or amend contracts and agreements to procure goods or services, then consult your authorized persons immediately to avoid issues (i) with your supervisor regarding whether you misrepresented your authority , (ii) with the vendor regarding the validity of the procurement action, and (iii) with your agency procurement office regarding potential breach of your Delegation of Procurement Authority. Generally speaking, in the absence of an authorized contract specialist issuing an RFP, RFQ, or purchase order on characteristically standardized language, the terms and conditions outlined in the RFP, RFQ, or purchase order should be taken to procurement officials or outside counsel on a "stop, drop, and roll" basis to determine if they are acceptable before agreeing to them on behalf of your agency.
- Assuming the vendor’s terms are standard terms and conditions and not customized just for you. Most companies have boilerplate terms and conditions, but the devil is in the details. Read the terms and conditions and disclaimers carefully, even though the vendor may regularly do business with your agency. In today’s data world, technology agreements are laden with restrictions concerning what the receiving party can do with confidential information and exceptions are rare. You assume your vendor will not keep your data once the agreement expires. However, this is not the case: the vendor may be permitted to retain all your data indefinitely and sell it to third parties or use it for its own purposes. If you are coming to the table to negotiate a contract of adhesion, be aware that the terms are negotiable and, barring legal limitations, talk with your counterparts to determine if the terms and conditions are sufficient to protect your interests and the interests of your agency.