What You Need to Know About SaaS Licenses

Tuesday Mar 5, 2013 by Joel Lehrer - Partner, Goodwin Procter

Whether you’re a founder thinking about using third party software for your start-up, or thinking about how best to structure licenses to your software, it’s important to consider how “Software as a Service” or “SaaS” licenses differ from traditional software licenses and understand the legal issues related to using them.

Traditional software licenses are structured to permit a licensee to receive and use a copy of the licensed software on their own servers and systems. This arrangement presents both technical and economic drawbacks. To name a few:

• The software has to be tested and certified to operate on various platforms.
• Updates and maintenance require a structured distribution process. 
• The licensee often has to justify a large initial capital outlay to “purchase” the license.   

As software applications transitioned from the conventional client/server model to browser-based delivery, developers realized that providing applications as a “hosted” software service (known as “Software as a Service” or “SaaS”) is a more efficient approach because:

• Customers essentially subscribe to the SaaS and are able to treat the license costs as periodic expenses over time.
• The developers can provide bug fixes and updates to all the licensees at once. 
• With the advent of cloud-based services that provide storage, processing and other core services for application developers, the developers no longer need to provide the platform on which their own application operates. 

But, along with these benefits come certain legal issues that need to be addressed when providing or procuring SaaS-based applications. These are:   

• A licensor granting licensees access to network services, servers, application code and data within its infrastructure should be clear about limits to the rights being granted, and what explicit restrictions there may be related to user access, including access by affiliates, consultants, shared user IDs, off-line access, etc.

• A licensee using a hosted service to process and store its confidential data should ensure that there are proper warranties in place regarding the security of their data, consistency with privacy policies, as well as clear processes related to data breaches, disaster recovery and termination services when and if the licensee decides to change service providers. This is especially crucial in instances where the licensor has contracted with third party infrastructure providers and can pass on warranties and limitations to its licensees.

• Licensees should understand that very little opportunity exists for custom development, but often professional services are available for implementation, training, etc., and often the licensor will document programming interfaces that allow for third-party application development and integration.  In some instances, “private-labeling” of an application may be offered for larger implementations.

• Terms regarding pricing support, service levels and potential credits for downtime may be more flexible given the “subscription” model.

• Traditional indemnities may not be appropriate, as the “system” and “use” is occurring on the licensor’s property, licensees may be uploading content on to licensor’s systems, and many services may be provided by third parties.

• Licensors should tie liabilities to amounts collected under the agreement over some reasonable period of time, and expressly disclaim statutory warranties and indirect/consequential damages.

In short, while many of the provisions of SaaS-based license agreements are similar to traditional software agreements, the new distribution of responsibilities among the licensor, licensee and other service providers should warrant a thoughtful review of the terms and conditions to ensure a proper allocation of rights, risks and protections among the parties.

Joel Lehrer is a Partner with Goodwin Procter.  You can find this post, as well as additional content on Goodwin Procter's Founder Workbench website located here.  You can also follow Joel on Twitter (@joeleguy) by clicking here.

< back to all blog entries