Most important points

• A SaaS contract regulates the provision of software as an online service instead of a locally installed license. The provider makes software available to the customer via the Internet (cloud service), usually for a periodic fee.

• In legal terms, this is often a rental or service contract: the customer receives the right to use the software and accompanying services (hosting, support) for the duration of the contract, but no ownership of a copy.

• Important contractual points are availability and service level (SLA), data security and data protection, scope of services of the software, support services, updates, remuneration and term/termination.

• The provider specifies liability regulations (e.g. limitation of liability for outages) and the customer undertakes to use the service lawfully (no misuse, compliance with user numbers, etc.).

• For startups that use or offer SaaS, clarity in the terms and conditions or contracts is crucial in order to clearly distribute rights and obligations (e.g. in the event of downtime, data loss).

Subject matter and type of contract

In the Software-as-a-Service (SaaS) model, the provider makes a software application available via the Internet that the customer can use without having to install it themselves. The SaaS contract defines the object of the service: the customer receives access to the provider’s software and associated IT infrastructure. Unlike a traditional software purchase, the customer does not acquire a copy of the software, but only the right to use it for the duration of the contract. In legal terms, a SaaS contract is therefore often classified as a rental contract (transfer of use of software) or as a mixture of rental and service contract. The provider owes the availability of the software, while the customer pays the agreed fee (usually monthly or annually).

Availability, service levels and support

A key issue in the SaaS contract is the availability of the service. As the software runs in the cloud, the customer expects a high level of uptime. Contracts therefore often contain service level agreements (SLAs) that define minimum availability (e.g. 99% annual average). These include

• Maintenance window: Periods in which the service is not available as planned (for updates etc.) are defined.

• Response times in the event of faults: How quickly must support respond and resolve problems (e.g. within 4 hours for critical failures).

• Support level: What support the provider offers (helpdesk, e-mail/telephone support, 24/7 or only during business hours).

• Measures in the event of an SLA breach: The customer is often granted service credits or a right of termination if the provider fails to meet the guaranteed availability.

Data protection and data security

Because the SaaS provider typically also stores and processes the customer’s data on its servers, data protection and IT security are particularly relevant from a contractual perspective. The provider usually acts as a processor within the meaning of the GDPR, which is why a data processing agreement (see above) is required. The following points should be clarified in the SaaS contract itself:

• Data transmission and storage: Encryption technologies (TLS for transmission, encryption of data at rest if necessary), data center location (important due to GDPR, e.g. EU location).

• Backup and emergency concept: how often backups are made, where they are stored, how disaster recovery is planned.

• Access protection: rights and role concepts, authentication methods (e.g. 2-factor).

• Data output at the end of the contract: The customer should have the right to export their data in a commonly used format before the provider deletes it.

Further contractual components and liability

A SaaS contract usually contains further classic provisions:

• Term and termination: e.g. monthly termination or fixed minimum contract terms. Automatic renewals should be clearly regulated.

• Prices and terms of payment: Usage fee (flat rate or usage-based), due dates, price adjustment clauses for longer-term contracts.

• Rights of use: The customer receives a non-exclusive, non-transferable right to use the software for the duration of the contract. At the same time, the customer may not, for example, misuse the software, commit copyright infringements or circumvent security measures.

• Limitation of liability: As a failure of the SaaS can have considerable consequences, providers usually limit their liability to intent and gross negligence or to an amount equivalent to the annual fee. Compensation for indirect damage or data loss is also often excluded, where legally permissible.

• Warranty: In SaaS relationships, rental law rather than the classic warranty applies: the provider guarantees the suitability of the software for use in accordance with the contract. In the event of defects, the customer is entitled to rectification (error correction).

For startups offering a SaaS service, a well-structured contract (or general terms and conditions) is essential to create trust with customers and limit risks. Startups that use SaaS solutions themselves should check the terms and conditions of the contract in order to be aware of rights in the event of disruption and data security standards.