I'm often asked questions about SaaS (Software as a Service) agreements.
What I have to prompt SaaS webmasters to ask is - "Is my SaaS agreement the only website legal document I need?" To most Saas site webmasters, the answer may be surprising.
What Is a SaaS Agreement? A SaaS Agreement is a customer agreement, and for this reason, it's usually the focal point for webmasters of SaaS websites.
However, they're rarely called a "customer agreement" or even a "SaaS agreement".
More often than not, they're titled as a "membership agreement", "subscription agreement", or "services agreement".
SaaS agreements are typically presented to the user during the registration process in electronic form - usually with a significant portion partially visible from a scroll box.
The user is not permitted to continue with registration until there is an acceptance that is indicated by checking the "I ACCEPT" checkbox (or by clicking on an "I ACCEPT" button).
In order to require the user to make an affirmative action to indicate acceptance, the checkbox for "I ACCEPT" is presented either as unchecked, or if there is a checkbox for "DECLINE" (instead of a button), it's checked as the default choice.
The Typical Fact Pattern For SaaS Websites If we look at the typical fact pattern associated with SaaS websites, the readily apparent facts are these: * there is an unrestricted, public area of the site that is accessible to all site visitors, * there is a restricted, private area that is accessible only by registered users with a valid user ID and password, and * in the process of registration, personal information of the registrant is collected (i.
name and email address at the least, and if payment is made, credit card information).
Additional SaaS Documents Additional SaaS documents may be recommended or required depending on additional facts and circumstances.
They are: * DMCA Notice And Registration Form - for sites that allows visitors to post text or files to the site (e.
Copyright Office; * Service Provider Privacy-Security Agreement - for sites that outsource hosting or website services that also permit these service providers to access the website server and website internals that archive personal information; and * Red Flag Identity Theft Policy - for sites that are "financial institutions" or "creditors" with "covered accounts" under the U.
S Fair Credit Reporting Act, as amended by the Fair and Accurate Credit Transactions Act of 2003 (FACTA), it's required that they adopt and implement an identity theft policy and program prior to the extended deadline of August 1, 2009; "creditors" with "covered accounts" include sites that permit payment over time such as monthly or quarterly.
Conclusion Webmasters of SaaS sites should think of legal compliance in terms of a "system" - not just in terms of a single SaaS agreement.
This "system" should include at least four agreements that are recommended or required for each SaaS site for legal compliance and legal protection of the webmaster and owner of the SaaS site.
Depending on facts and circumstances, there may be as many as three additional documents that are recommended or required for each SaaS site.
These documents do not operate alone.
They should be consistent from document to documents, and should work together as a "system" for maximum effectiveness.
This article is provided for educational and informative purposes only.
This information does not constitute legal advice, and should not be construed as such.
Copyright © 2009 Chip Cooper