Components of SaaS agreements

1. Customer Agreement

It is the soul of any SaaS contract that explains the roles and responsibilities you and the service provider have. It also explains the procedures that need to be formally agreed upon during the process of contract creation.

The majority of the SaaS providers include this agreement in their contracts in name of ‘Master Agreement’, ‘Terms of Service’, ‘Consumer Agreement’, or simply ‘Agreement’

Customer Agreements are generally one of the longer sections of SaaS contracts. It contains some or all the following crucial sections:

  1. Data ownership, Processing, and Handling: 
    The goal here is to explain the data handling details and measures followed to ensure compliance with GDPR or other Data Protection Laws. It might allow reciprocity of intellectual property rights to some extent.
  1. Fee and Payment:
    This section explains the pricing, subscription plans, and details on renewal terms, upgrading, or downgrading of plans.
  1. Suspension and Termination:
    This helps when either of the parties decides to suspend or terminate the contract. It can be due to abnormal use, security risks, or when any of the terms agreed in the SaaS contract have not complied. Some contracts add a clause about the data transfer and data backup during termination. You can find this section under various terminologies like ‘Suspension and Removals’, 'Termination’, or ‘Termination and Removals’.
  1. Indemnification:
    This section defends the software provider against various legal disputes, damages, and incompetencies.
  1. Warranties and Disclaimer:
    This section educates you on the terms not included in the agreement. It’s helpful to double-check the clauses neglected to avoid misinterpretation.
  1. Limitation of Liability:
    This area specifies a range or limit on the amount of resource of compensation you can claim from the vendor. You should always evaluate this clause to save yourself from negligence and security breaches.

Related Read: Complete SaaS agreement checklist

2. Acceptable Use Policies (AUPs)

It contains a long list of guidelines on how you should use the software or solution. It will cover aspects like:

  1. How much information about the vendor or the agreement are you allowed to disclose?
  2. How should you handle, process, and store your data?
  3. Are you allowed to use third-party monitoring or analytics tools?
  4. How to manage and export all your data during uncertainties ( disaster plan management)
  5. Can you expect the vendor to offer compensation when the purpose of the solution isn’t met?
  6. How much access do you have to their customer and tech support? Are they obliged to answer and address all your queries?

3. Cloud Service Level Agreements (SLAs)

This agreement is between you and the vendor that has agreed to provide a minimum level of service. It entails the goals related to security, privacy, uptime, and availability.

The agreement also specifies the maximum amount you can claim as compensation. It'll help you with the process of reporting, obtaining immediate backups, and the turnaround time for resolution.

 However, most SaaS contracts never mention these in their legal policies. That’s why you should always negotiate to get the terms in writing.

4. Privacy Policies

You will find many SaaS contracts having their privacy terms in a separate document. It highlights their commitment to maintaining the privacy of all collected data. It will also mention how much information is collected, used, disclosed, and shared. 

Expert Opinion: To have a bird's eye view of these terms on all your contracts, Spendflo streamlines the entire procurement process through an automated platform, Slack, dedicated CSM, and real-time support.

Once you get on board with us, you’ll have access to an intuitive dashboard that will help you to:

  1. Instantly locate and have access to all the documents and contracts under one roof.
  2. Ditch the Excel sheets and find any software you need within seconds using our advanced category-wise search functions.

9 Clauses to Evaluate and Negotiate in a SaaS contract

1. Scope of the service

It is always on top of every SaaS Customer Agreement. 

Why? It sets the ground rules on what features you can expect from the software and the SaaS vendor. 

Imagine searching for a project management tool. You shortlist 2 among the hundreds available and purchase the one that fits your budget.

A year later your employee submits the yearly SaaS usage report. Your jaw drops when you realize the tool that you purchased wasn’t just a project management tool. 

60% of what you had been paying was for features like email list building, bug tracking, and budgeting which you never wanted in the first place.

This is when evaluating the scope of service, understanding what is and is NOT included in the SaaS subscription plan helps.

What to expect?

  1. A separate clause on your responsibilities for the data and the agreements with the third party involved
  2. Explanation of the features and functions included in the current plan. Some providers customize the 'scope of services section after you agree upon the services you wish to receive. It’s always advised to maintain a specific column on what the software does NOT include.
Source: Asana

When to negotiate?

Case: No clarity

It's a red flag when contracts tell nothing about the services included and are simply filled with vague language. Never agree to any broad commitments during the contract process as it burdens you at the time of claims. Request for a revision that is clear in writing and language leaving no room for misinterpretation or confusion.

Expert Opinion: What happens when you have already procured a tool without evaluating the scope of services? 

Luckily, there is a chance for re-negotiation. But if all your contracts are hidden under endless email threads, you’ll have to spend a dozen hours to find the right one.

At Spendflo we centralize all your past and present contracts under an easily accessible panel. When you wish to re-evaluate the scope of services, you can :

  1. Head over to Spendflo’s tailored contract management dashboard 
  2. Simply type the category of the software you are looking for in the search bar
  1. Get Advanced search results and save 10+ hours on contract management and re-negotiation.

2. Service Level Policies

When the software purchase fails to deliver the services that you both had agreed upon (for example - response times are very long), you should know who is responsible for reporting such incidents.

This clause also explains the necessary practices the vendors should follow to tackle and resolve these issues. Though most SaaS contracts don’t agree to ‘guarantee’ on any metrics, the bare performance is always maintained.

What to expect?

Any SLA should guarantee minimum performance like uptime, issue detection, security performance, disaster management, and data recovery

Source: Xero


Monitoring technology: When it’s your responsibility to detect and report issues, you must have permission to use monitoring technology to have a proof for your claims.

Source: Hotjar

When to negotiate?

Case #1: Contracts that don't have service level policies. 

Send RFP with expected service levels as part of the request. This will influence the pricing, offering, and also the vendor’s capability to respond.

Case #2: You are not allowed to deploy monitoring technologies.

Negotiate to at least use them under strict conditions. If not, ask for an alternative solution to support your claim.

3. Changes to Services, APIs, or Agreements

You use all your negotiation and tactical skills to craft a SaaS contract that you both agree on finally. But months after your purchase, the vendor decides to make changes to the terms and offerings.

Most never ask for your approval and the others notify you a few days before implementation. It leaves you no choice but to either accept or terminate the contract.

The former choice diminishes your freedom to re-negotiate and the latter forces you to face the procurement process all over again.

What to expect?

Some contracts like this one from Databox allow the vendor to modify the terms of contracts at any time. You are responsible for checking the updated version on their website.

Source: Databox

Contracts like this one from Scoro agree to inform at least 14 days before the update becomes effective.

Source: Scoro

When to negotiate?

Case #1: The contract does not include the clause to notify you before the changes come to action.

Ensure that the agreement specifies that advance notice (minimum of 30 days) will be given for all changes initiated by the provider. 

Case#2: The SaaS provider is not flexible with the expiry of the previous version you agreed upon.

Ensure that the vendor takes efforts to continue operating the applicable service or features for an extended period (minimum of 12 months) after the effective date of the change.

Case #3: The service offering is modified or removed

Negotiate and confirm that your data and content related to the service altered/removed will not be deleted and efforts will be made to provide a backup.

4. Pricing model

If you are going with a customized plan in  SaaS, the contract drafted should include:

  1. What the subscription plan includes,
  2. How and when the vendor will deliver the services,
  3. Precision on add-on pricing, maintenance costs, and more.

What to expect?

Vendors get to decide when and how much to modify the Pricing plan. Some SaaS companies like  Xero make efforts to notify of the revised pricing.

Source: Xero

When to negotiate?

Case #1: The subscription plan is set to be auto renewed without the approval of the revised pricing.

Negotiate with the vendor and include a clause to re-evaluate the contract when the pricing terms are changed. Re-negotiating under these cases is an option. You can also either agree with modifications or terminate the contract.

Case # 2: The pricing terms are not explained in detail.

The contract should stress the overhead costs, pay-as-you-go terms, and variable costs.  The use of such resources should be either limited to prevent accidental overruns, or the vendor should offer a facility to monitor usage and alert you about a potential overrun.

PRO TIP: Want to effectively negotiate and procure the best SaaS tools that are high on value and reasonable in pricing?

Our data shows that it requires 80+ productive hours for you as an organization with 100+ SaaS tools to buy, negotiate pricing, and track renewals every month. And yet, there are chances you’d be exposed to Shadow IT, overspending, and opaque SaaS pricing.

But this doesn’t have to stay this way any longer.

Spendflo’s expert SaaS buyers do all the heavy lifting for you and can save your team hundreds of hours so you can focus on the growth and expansion of your business.

We assist your procurement team in negotiating the pricing terms on all 100+ contracts so you have visibility over your expenses and never end up spending for the tools you don’t use.

5. Liability

This contract clause is highlighted by most SaaS companies. It is to protect the vendor from the compensation offered to you in cases of contract breaches.

What to expect?

Liability Provisions. The vendor is not liable for any deletion, damage, or destruction of your content, and data. Also, some contracts mention the aggregate liability(the maximum amount the vendor is liable for).

Source: Mailchimp

Disclaimers. This section states that the service offerings are provided “AS IS” and sometimes specifies that the vendor makes no warranties on the security of your content.

Source: Mailchimp

When to Negotiate?

Case#1 Negligence.  

During the contracting process, ensure that the disclaimers exclude cases when the provider is negligent

Case#2 Unreasonable limitations.

Verify that the liability clause is reciprocal and it’s not just you protecting the vendor, but the other way around too. Compare it with the legal environment in which the liability limitations apply, to prevent the contract from unreasonable limitations of liability.

6. Transparency of Security Measures

“All the necessary security practices are followed” isn’t the security clause you would want to agree on. 

With increasing cyber threats, you should have all the necessary information on the security measures followed. At Spendflo, we compile and process all documents and contracts allowing the compliance process to move faster and more efficiently.

What to expect?

  • Their process of managing risks, especially security-related risks. Standards data regulatory compliance include the NIST Risk Management Framework, or the Secure Controls Framework (SCF).
  •  Use of data encryption within your data facilities to protect confidential information
  •  Notification about security breaches, violations, or suspicious activity.

When to Negotiate? 

Case#1: Lack of Clarity.

Security, privacy, and general data protection regulations should be explicit, and in separate documents. 

Case #2: Data Backup.

If the service provider within the contract term has the right to suspend your access to services due to a security breach, they need to arrange an emergency mechanism to resolve the issue or provide a safety backup to all the potential data risks.

7. Data Backup and  Residency

This convenience clause under the Data Protection section will have the following:

  1. Where their data or cloud resides at a given time,
  2. Whether this location is fixed or can vary over time to balance or reduce costs (including moving data across borders),
  3. How much liberty do you have to restrict the migration of such data?
  4. Under which instances will they provide backups?

What to expect?

Vendors store and process your data in the operator’s country. The contract might also mention the instances or emergencies under which these data are migrated to other countries.

Source: Ahrefs

When to negotiate?

Case #1The vendor has infrastructures in many countries or jurisdictions.

The contract should specify where your personal data is stored. It should also offer you the ability to specify, in the agreement, the locations in which the data must or must not reside.

Case#2: The vendor is not transparent with their processing.

The Contract upon request should describe whether they are using partners or subcontractors for some of their tasks and a list of such partners should be available to review.

Case #3: Data Access during legal claims.

Ensure that the provider will not access your data, except when required by law and duly requested by law enforcement authorities. 

Under such circumstances the agreement should specify that the provider will give immediate notice, allowing you an opportunity to file for a stay of the request, where permitted by law.

8. Customer support

Understanding the extent to which your supplier is willing to provide support during crucial times can have a significant influence on which software to choose.

What to expect?

Vendors in some contracts  are not obliged to but choose to provide minimum tech and customer support

Source: Dashlane

Contracts like this from Xero give 24/7 support except during the downtime

Source: Xero

When to negotiate?

Case#1: The contract doesn’t guarantee support during a crisis.

Most legal disputes can be resolved through customer support. Negotiate to include terms on data breach or loss and the measures needed to be taken by the provider to safely transfer and backup your data.

Case#2: Negligence by the provider.

The agreement must instruct the vendor to maximize support, especially when it's their fault.

9. Automatic Renewal

Auto-Renewal hidden in the name of the ‘Evergreen clause’ is the recipe for increased cancellation penalties and a lost opportunity to evolve.

Your business objectives, expectations, and goals might significantly change in a year. And you’ll be unnecessarily charged when there might be other companies aligning better with your needs.

What to expect?

An auto-Renewal clause like this mentioned by SEMRush allows you to terminate recurring subscriptions only when agreed in writing after the negotiation process.

Source: SEMRush

Some contracts strategically include the “automatically renew-forever” clause, which when ignored before signing can cost a lot of money.

When to negotiate?

Case #1: Your SaaS contract has an evergreen clause.

Negotiate with the vendor and get the clause removed before signing the contract. If the company refuses, you have two options. First, “calendar” the specific date to provide notice that you will not be continuing with the subscription. 

Second, you can simply refuse to sign the contract and choose another software that doesn’t require auto-renewal.

Case#2: The contract doesn’t specify the notification of the auto-renewal.

Negotiate to at least be notified 30 days before the renewal. It gives time for you to think about whether or not to continue using the service.

PRO TIP: Spendflo’s Procurement specialists recommend starting renewal conversations at least 90-120 days before the end date so you’ll have enough time to check for new options in the market and rightsize your spending.


Contracts despite being lengthy and boring to read, it’s never a wise choice to skip. The 9 clauses mentioned in this article will help to evaluate and negotiate the key points in every SaaS contract. However, it is always advised to read the entire contract before any SaaS purchase.

If you have more than 100 SaaS products in usage, delegate the contract negotiation and management process to Spendflo’s expert Buyers.

Ajay Ramamoorthy
Lead Graphic Designer
Here's what the average Spendflo user saves annually:
$2 Million
Your potential savings

Dust those extra SaaS costs off

(without adding 3 more tools to your stack).

Our free savings analysis tells you how much you’re guaranteed to save with Spendflo. Learn more about cleaning up and automating your tech stack from our experts.

Get a free saving analysis
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Need a rough estimate before you go further?

Here's what the average Spendflo user saves annually:
$2 Million
Your potential savings