Below, we’ll provide a basic overview of Software as a Service (SaaS) law.
Cloud Computing: Understanding the legal implications of Software as a Service (SaaS)
SaaS programs are accessed over the Internet, and the data (i.e. documents, pictures, contacts, notes, billing) is stored on third party servers instead of your computer.
With SaaS, local installations typically aren’t required. SaaS licenses, unlike the traditional software licenses, are usually subscription-based.
SaaS Questions To Consider
SaaS is all about building long-term relationships with customers, which requires a level of trust and reliability between company and customer. The most common Saas concerns are related to secure access. As such, before entering into a cloud-computing subscription, ask the following questions:
- What kind of data security/privacy/confidentiality do you have?
- How often is data backed up? Do you have multiple backup data centers in different geographic locations?
- What is the history of your company?
- Can I obtain my data from your servers to backups on my computer?
- If I cancel my subscription what do you do with my data, and how long do I have to backup that information?
An SaaS company should be able to answer these questions with confidence.
Cloud Computing and Saas Subscription Agreements
The SaaS subscription agreement differs from your typical local software license agreement because SaaS is not a license to use the software, but rather a subscription to access the software. Thus, SaaS agreements must be flexible and limit liability. An SaaS subscription agreement should cover, at the bare minimum:
- Information about the company;
- An explanation of the personal information stored;
- Breach protocols and procedures; and
- Liability Disclaimer.
SaaS agreements can touch upon nearly every area of the law, from intellectual property to criminal law. Most applicable laws deal with data security. SaaS companies can best protect itself best by not overstating its security, as doing so could lead to costly fraud litigation (i.e. Don’t claim that the data is “100% secure” and “guaranteed to be safe” if it’s really not). In other words, don’t write checks your insurance liability policy can’t cash.
The SaaS agreement should describe the company’s security procedures, including whether or not a firewall is used, the frequency of vulnerability tests, and your password-update schedule. Since data security is one of the primary concerns of most SaaS customers, a certain level of transparency must be had between the company and the user.
Get In Touch With An SaaS Lawyer
SaaS is flourishing. If you have legal questions related to the niche, get in touch today.