Is Your SaaS Agreement The Only Website Legal Document You Need?

Copyright © 2009 Chip Cooper

I’m often asked questions about SaaS (Software as a Service) agreements. What I have to prompt SaaS webmasters to ask is – “Is my SaaS agreement the only website legal document I need?”

To most Saas site webmasters, the answer may be surprising.

What Is a SaaS Agreement?

A SaaS Agreement is a customer agreement, and for this reason, it’s usually the focal point for webmasters of SaaS websites. However, they’re rarely called a “customer agreement” or even a “SaaS agreement”.

More often than not, they’re titled as a “membership agreement”, “subscription agreement”, or “services agreement”.

SaaS agreements are typically presented to the user during the registration process in electronic form – usually with a significant portion partially visible from a scroll box. The user is not permitted to continue with registration until there is an acceptance that is indicated by checking the “I ACCEPT” checkbox (or by clicking on an “I ACCEPT” button). In order to require the user to make an affirmative action to indicate acceptance, the checkbox for “I ACCEPT” is presented either as unchecked, or if there is a checkbox for “DECLINE” (instead of a button), it’s checked as the default choice.

The Typical Fact Pattern For SaaS Websites

If we look at the typical fact pattern associated with SaaS websites, the readily apparent facts are these:

* there is an unrestricted, public area of the site that is accessible to all site visitors,

* there is a restricted, private area that is accessible only by registered users with a valid user ID and password, and

* in the process of registration, personal information of the registrant is collected (i.e. name and email address at the least, and if payment is made, credit card information).

The Basic SaaS Documents

From the typical fact pattern, the following documents are generally recommended or required for legal compliance and legal protection of the webmaster and owner of the SaaS site:

* Legal Page – linked from the bottom of the home page; provides intellectual property notices (copyright, trademark, patent) and special legal disclaimers; links to Terms of Use and Privacy Policy;

* Terms of Use – linked from the bottom of the home page; provides legal notices and disclaimers for all site visitors (both unregistered visitors and registered users); there is no I ACCEPT button;

* Privacy Policy – linked from the bottom of the home page; notifies all site visitors (both unregistered visitors and registered users) regarding site’s policies for collection, use, sharing, storing, and security of data (both passive and personal); an up-to-date Privacy Policy is an essential element of a SaaS Agreement “system”; and

* SaaS Agreement – customer agreement that binds registered users to terms and conditions for using the site; if the agreement is in the required form and presented as required by well-established case law, it will be an enforceable online contract.

Additional SaaS Documents

Additional SaaS documents may be recommended or required depending on additional facts and circumstances. They are:

* DMCA Notice And Registration Form – for sites that allows visitors to post text or files to the site (e.g. via a Blog or forum), the site may be liable for copyright infringement arising out of these postings based on strict liability copyright principles; the Digital Millennium Copyright Act (DMCA) provides a “safe harbor” from such liability provided the site posts a DMCA notice (usually in the Terms of Use) and files a Registration Form with the U.S. Copyright Office;

* Service Provider Privacy-Security Agreement – for sites that outsource hosting or website services that also permit these service providers to access the website server and website internals that archive personal information; and

* Red Flag Identity Theft Policy – for sites that are “financial institutions” or “creditors” with “covered accounts” under the U.S Fair Credit Reporting Act, as amended by the Fair and Accurate Credit Transactions Act of 2003 (FACTA), it’s required that they adopt and implement an identity theft policy and program prior to the extended deadline of August 1, 2009; “creditors” with “covered accounts” include sites that permit payment over time such as monthly or quarterly.


Webmasters of SaaS sites should think of legal compliance in terms of a “system” – not just in terms of a single SaaS agreement.

This “system” should include at least four agreements that are recommended or required for each SaaS site for legal compliance and legal protection of the webmaster and owner of the SaaS site. Of the four recommended or required documents, the most critical are the SaaS agreement itself and an up-to-date Privacy Policy.

Depending on facts and circumstances, there may be as many as three additional documents that are recommended or required for each SaaS site.

These documents do not operate alone. They should be consistent from document to documents, and should work together as a “system” for maximum effectiveness.

This article is provided for educational and informative purposes only. This information does not constitute legal advice, and should not be construed as such.

Leading Internet, IP and software lawyer Chip Cooper has automated the process of drafting website documents for small websites with his MyLegalFirewall website documents drafting service. Discover how quick, easy, and cost-effective it is to determine which legal compliance documents you need and to draft them online, and claim your FREE Special Report, Determine Which Legal Documents Your Website Really Needs, at ==>