Free SaaS Agreement Template

SaaS Agreement

Date: [Date]

Parties

(1) [Full legal name of Provider], a company incorporated and registered in England and Wales with company number [number], whose registered office is at [registered office address] (the "Provider"); and

(2) [Full legal name of Customer], a company incorporated and registered in [England and Wales / Scotland / Northern Ireland / specify other jurisdiction] with company number [number], whose registered office is at [registered office address] (the "Customer").

Each referred to individually as a "Party" and collectively as the "Parties".

1. Definitions and Interpretation

1.1 In this Agreement, unless the context otherwise requires, the following definitions apply:

"Authorised Users" means those employees, agents, and independent contractors of the Customer who are authorised by the Customer to use the Service, as further described in the Service Particulars.

"Business Day" means a day other than a Saturday, Sunday, or public holiday in England when banks in London are open for business.

"Confidential Information" means all information of a confidential nature (whether written, oral, visual, or in electronic form) disclosed by or on behalf of one Party to the other Party under or in connection with this Agreement, including trade secrets, know-how, technical information, business plans, financial information, and customer data, but excluding information that: (a) is or becomes generally available to the public other than through a breach of this Agreement; (b) was already in the receiving Party's possession before disclosure; (c) was independently developed without reference to the disclosing Party's Confidential Information; or (d) was received from a third party who was not bound by any obligation of confidence.

"Customer Data" means all data, information, and materials (including personal data) that the Customer or any Authorised User uploads, submits, stores, or transmits through the Service, or that is generated by the Customer's use of the Service.

"Data Protection Legislation" means the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003, and all applicable laws and regulations relating to the processing of personal data and privacy, as amended or replaced from time to time.

"Documentation" means the user guides, online help files, and other documentation made available by the Provider to the Customer describing the features, functionality, and operation of the Service.

"Fees" means the subscription fees payable by the Customer to the Provider for the Service, as set out in the Service Particulars.

"Initial Term" means the initial subscription period specified in the Service Particulars.

"Intellectual Property Rights" means patents, trade marks, service marks, registered designs, utility models, design rights, copyrights, database rights, rights in know-how, trade secrets, and all other intellectual property rights, in each case whether registered or unregistered and including all applications for and renewals or extensions of such rights, and all similar or equivalent rights or forms of protection in any part of the world.

"Renewal Period" means each successive period of renewal as specified in the Service Particulars.

"Service" means the cloud-based software application provided by the Provider to the Customer under this Agreement, as described in the Service Particulars.

"Service Level Agreement" or "SLA" means the service level commitments set out in clause 6 and the Service Particulars.

"Service Particulars" means the schedule attached to this Agreement setting out the specific details of the Service, Fees, Authorised Users, service levels, and other particulars.

"Subscription Term" means the Initial Term together with any Renewal Periods.

1.2 In this Agreement, unless the context otherwise requires:

(a) a reference to a statute or statutory provision includes any subordinate legislation made under it and any modification, consolidation, amendment, extension, or re-enactment of it from time to time;

(b) the words "include", "includes", "including", and "in particular" shall be construed as being by way of illustration or emphasis only and shall not limit the generality of the preceding words;

(c) a reference to "writing" or "written" includes email but not fax; and

(d) a reference to a Clause is a reference to a clause of this Agreement.

2. Term and Renewal

2.1 This Agreement shall commence on the date set out above and shall continue for the Initial Term specified in the Service Particulars, unless terminated earlier in accordance with clause 15.

2.2 At the end of the Initial Term, this Agreement shall automatically renew for successive Renewal Periods, unless either Party gives the other Party written notice of non-renewal at least [30 / 60 / 90] days before the end of the then-current Initial Term or Renewal Period.

2.3 The Provider may increase the Fees at the start of each Renewal Period by giving the Customer not less than [30 / 60] days' prior written notice. If the Customer does not accept the revised Fees, the Customer may terminate this Agreement by giving written notice before the start of the relevant Renewal Period.

3. Provider Obligations

3.1 The Provider shall, during the Subscription Term:

(a) make the Service available to the Customer and its Authorised Users in accordance with this Agreement and the Service Particulars;

(b) provide the Service with reasonable skill and care, in accordance with the standards implied by sections 13 to 15 of the Supply of Goods and Services Act 1982;

(c) use commercially reasonable endeavours to make the Service available in accordance with the SLA;

(d) provide technical support to the Customer in accordance with the Service Particulars;

(e) implement and maintain appropriate technical and organisational measures to protect Customer Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, theft, or disclosure; and

(f) provide the Documentation to the Customer and keep it reasonably up to date.

3.2 The Provider shall be entitled to perform scheduled maintenance on the Service from time to time, and shall use reasonable endeavours to give the Customer at least [48 hours / 5 Business Days] prior written notice of any planned maintenance that is likely to affect the availability of the Service.

3.3 The Provider may, from time to time, update, modify, or improve the Service, provided that such changes do not materially reduce the overall functionality of the Service during the Subscription Term.

4. Customer Obligations

4.1 The Customer shall:

(a) provide the Provider with all necessary co-operation, information, and access to enable the Provider to perform its obligations under this Agreement;

(b) ensure that the number of Authorised Users does not exceed the number specified in the Service Particulars;

(c) be responsible for maintaining the security and confidentiality of all usernames, passwords, and other login credentials used to access the Service, and shall promptly notify the Provider of any unauthorised access or suspected security breach;

(d) comply with all applicable laws and regulations in connection with its use of the Service, including without limitation the Data Protection Legislation;

(e) be solely responsible for procuring and maintaining its network connections and telecommunications links from its systems to the Provider's data centres, and all problems, conditions, delays, and delivery failures arising from or relating to the Customer's network connections or telecommunications links shall be the Customer's sole responsibility; and

(f) ensure that all Customer Data uploaded to the Service is accurate, lawful, and does not infringe any third party's rights.

5. Acceptable Use

5.1 The Customer shall not, and shall ensure that its Authorised Users do not:

(a) use the Service for any unlawful purpose or in any way that breaches applicable laws or regulations;

(b) attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Service or its underlying software in any form or media or by any means;

(c) attempt to reverse compile, disassemble, reverse engineer, or otherwise reduce to human-perceivable form all or any part of the Service or its underlying software;

(d) access all or any part of the Service in order to build a product or service that competes with the Service;

(e) use the Service to transmit any malicious code, viruses, worms, trojans, or other harmful software;

(f) licence, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit the Service or make it available to any third party except as expressly permitted by this Agreement;

(g) attempt to obtain, or assist third parties in obtaining, unauthorised access to the Service or to any server, computer, or database connected to the Service; or

(h) use the Service in a manner that exceeds reasonable usage limits or that places an unreasonable or disproportionately large load on the Provider's infrastructure.

6. Service Levels and Availability

6.1 The Provider shall use commercially reasonable endeavours to make the Service available [99.9]% of the time during each calendar month, measured on a 24/7 basis, excluding scheduled maintenance windows notified in advance in accordance with clause 3.2 (the "Uptime Commitment").

6.2 If the Provider fails to meet the Uptime Commitment in any calendar month, the Customer shall be entitled to a service credit calculated in accordance with the Service Particulars, provided that the Customer submits a written request for such credit within [30] days of the end of the affected month.

6.3 Service credits shall be applied as a credit against future Fees and shall not be payable as a cash refund. Service credits shall be the Customer's sole and exclusive remedy for the Provider's failure to meet the Uptime Commitment.

6.4 The Uptime Commitment shall not apply to any unavailability caused by: (a) the Customer's breach of this Agreement; (b) failures in the Customer's equipment, network, or internet connectivity; (c) force majeure events as described in clause 17; (d) scheduled or emergency maintenance; or (e) suspension of the Service in accordance with clause 14.

7. Data Protection

7.1 The Parties acknowledge that for the purposes of the Data Protection Legislation, the Customer is the controller and the Provider is the processor of any personal data contained within the Customer Data (where "controller" and "processor" have the meanings given in the UK GDPR).

7.2 The Provider shall process personal data only on documented instructions from the Customer (including as set out in this Agreement and the Service Particulars), unless the Provider is required to process personal data by applicable law, in which case the Provider shall, to the extent permitted by law, inform the Customer of that legal requirement before processing.

7.3 The Provider shall, in relation to any personal data processed in connection with its obligations under this Agreement:

(a) ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;

(b) implement and maintain appropriate technical and organisational measures in accordance with Article 32 of the UK GDPR to ensure a level of security appropriate to the risk, including as appropriate: (i) the pseudonymisation and encryption of personal data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services; (iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and (iv) a process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing;

(c) not engage any sub-processor without the prior specific or general written authorisation of the Customer, and where general authorisation is given, inform the Customer of any intended changes concerning the addition or replacement of sub-processors and give the Customer the opportunity to object to such changes in accordance with Article 28(2) of the UK GDPR;

(d) ensure that any sub-processor engaged by the Provider is bound by data protection obligations no less onerous than those set out in this clause 7, by way of a written contract in accordance with Article 28(4) of the UK GDPR;

(e) assist the Customer in responding to requests from data subjects exercising their rights under Chapter III of the UK GDPR, taking into account the nature of the processing;

(f) assist the Customer in ensuring compliance with Articles 32 to 36 of the UK GDPR (security, breach notification, data protection impact assessments, and prior consultation), taking into account the nature of the processing and the information available to the Provider;

(g) notify the Customer without undue delay after becoming aware of a personal data breach, providing sufficient information to allow the Customer to meet its obligations to report the breach to the Information Commissioner's Office and, where required, to data subjects under Articles 33 and 34 of the UK GDPR;

(h) at the choice of the Customer, delete or return all personal data to the Customer after the end of the provision of the Service, and delete existing copies unless applicable law requires storage of the personal data; and

(i) make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the UK GDPR and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer.

7.4 The Provider shall not transfer personal data outside the United Kingdom unless: (a) the Customer has provided prior written consent; and (b) appropriate safeguards are in place in accordance with Chapter V of the UK GDPR, including any international data transfer agreement or addendum approved by the Secretary of State.

7.5 The Customer warrants that it has all necessary consents, lawful bases, and notices in place to enable the lawful transfer of personal data to the Provider for the duration and purposes of this Agreement.

8. Intellectual Property

8.1 The Customer acknowledges and agrees that the Provider and its licensors own all Intellectual Property Rights in the Service, the underlying software, the Documentation, and all improvements, modifications, and derivative works thereof. Nothing in this Agreement shall operate to transfer any Intellectual Property Rights from the Provider to the Customer.

8.2 The Provider grants to the Customer a non-exclusive, non-transferable, non-sublicensable right to access and use the Service during the Subscription Term solely for the Customer's internal business purposes, subject to the terms and conditions of this Agreement and any usage limits specified in the Service Particulars.

8.3 The Customer owns all rights, title, and interest in and to the Customer Data. The Customer grants to the Provider a non-exclusive, royalty-free licence to use, copy, store, transmit, display, and process the Customer Data solely to the extent necessary to provide the Service and to perform its obligations under this Agreement.

8.4 The Provider shall not use Customer Data for any purpose other than the provision of the Service, and shall not access Customer Data except as necessary to provide the Service, to prevent or address service or technical problems, or as compelled by law.

9. Confidentiality

9.1 Each Party undertakes that it shall not at any time during the Subscription Term, and for a period of [2 / 3 / 5] years after termination or expiry of this Agreement, disclose to any person any Confidential Information of the other Party, except as expressly permitted by this clause 9.

9.2 Each Party may disclose the other Party's Confidential Information:

(a) to its employees, officers, agents, consultants, and professional advisers who need to know such information for the purposes of exercising the Party's rights or carrying out its obligations under this Agreement, provided that the disclosing Party takes all reasonable steps to ensure that such persons comply with the confidentiality obligations set out in this clause 9; and

(b) as may be required by law, a court of competent jurisdiction, or any governmental or regulatory authority.

9.3 Neither Party shall use the other Party's Confidential Information for any purpose other than the performance of its obligations under this Agreement.

10. Fees and Payment

10.1 The Customer shall pay the Fees to the Provider in accordance with the payment terms set out in the Service Particulars.

10.2 All Fees are exclusive of value added tax (VAT), which shall be added to the Provider's invoices at the prevailing rate where applicable.

10.3 The Provider shall invoice the Customer [monthly in advance / quarterly in advance / annually in advance / as specified in the Service Particulars], and the Customer shall pay each invoice within [14 / 30] days of receipt.

10.4 If the Customer fails to pay any amount due under this Agreement by the due date, the Provider may, without limiting its other rights and remedies:

(a) charge interest on the overdue amount at the rate of [4]% per annum above the Bank of England base rate from time to time, accruing daily from the due date until payment is received in full, whether before or after judgment; and

(b) suspend access to the Service until all outstanding amounts (including accrued interest) are paid in full.

10.5 The Customer shall pay all amounts due under this Agreement in full without any set-off, counterclaim, deduction, or withholding, except as required by law.

11. Warranties and Disclaimers

11.1 The Provider warrants that:

(a) the Service will be provided with reasonable skill and care;

(b) the Service will perform substantially in accordance with the Documentation; and

(c) the Provider has the right and authority to enter into this Agreement and to grant the rights and licences set out herein.

11.2 The Customer warrants that it has the right and authority to enter into this Agreement, that it will use the Service in accordance with this Agreement and all applicable laws, and that the Customer Data will not infringe any third party's rights or violate any applicable law.

11.3 Except as expressly set out in this Agreement, all warranties, conditions, terms, representations, and undertakings, whether express or implied (including by statute, custom, or usage) are, to the fullest extent permitted by applicable law, excluded from this Agreement, including any implied warranty of merchantability, fitness for a particular purpose, or non-infringement.

11.4 The Provider does not warrant that the Service will be uninterrupted, error-free, free from vulnerabilities, or entirely secure, or that it will meet the Customer's specific requirements beyond those set out in the Documentation and the Service Particulars.

12. Limitation of Liability

12.1 Nothing in this Agreement shall limit or exclude either Party's liability for:

(a) death or personal injury caused by its negligence;

(b) fraud or fraudulent misrepresentation;

(c) any liability which cannot be limited or excluded by applicable law, including under the Unfair Contract Terms Act 1977; or

(d) any breach of clause 7 (Data Protection) or clause 9 (Confidentiality) to the extent that such liability cannot lawfully be limited.

12.2 Subject to clause 12.1, the Provider's total aggregate liability to the Customer arising out of or in connection with this Agreement, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall not exceed [the total Fees paid by the Customer in the 12-month period immediately preceding the event giving rise to the claim / a specified monetary cap of [amount]].

12.3 Subject to clause 12.1, neither Party shall be liable to the other for any:

(a) loss of profits, revenue, business, anticipated savings, or goodwill;

(b) loss or corruption of data (except for the Provider's obligations in respect of Customer Data under this Agreement);

(c) loss of contracts or business opportunity; or

(d) indirect, special, or consequential loss or damage,

in each case whether or not such loss was foreseeable or the Party had been advised of the possibility of such loss.

13. Indemnification

13.1 The Provider shall defend, indemnify, and hold harmless the Customer against all claims, actions, proceedings, losses, damages, expenses, and costs (including reasonable legal costs) arising out of or in connection with any claim that the Customer's use of the Service in accordance with this Agreement infringes any United Kingdom Intellectual Property Rights of a third party.

13.2 The Customer shall defend, indemnify, and hold harmless the Provider against all claims, actions, proceedings, losses, damages, expenses, and costs (including reasonable legal costs) arising out of or in connection with:

(a) the Customer's breach of this Agreement;

(b) any claim that the Customer Data infringes the Intellectual Property Rights or other rights of any third party; or

(c) the Customer's use of the Service in breach of clause 5 (Acceptable Use).

13.3 The indemnified Party shall: (a) promptly notify the indemnifying Party in writing of any claim; (b) give the indemnifying Party sole control of the defence and settlement of the claim (provided that the indemnifying Party shall not settle any claim without the indemnified Party's prior written consent, such consent not to be unreasonably withheld); and (c) provide the indemnifying Party with all reasonable assistance at the indemnifying Party's expense.

14. Suspension

14.1 The Provider may suspend access to the Service immediately upon written notice to the Customer if:

(a) the Customer is in material breach of this Agreement, including any failure to pay Fees when due;

(b) the Customer's use of the Service poses a security risk to the Service, the Provider, or any third party;

(c) the Customer's use of the Service may adversely affect the Service or the systems or content of any other customer of the Provider;

(d) suspension is required to comply with applicable law or a request from a governmental or regulatory authority; or

(e) the Provider reasonably suspects that the Customer's account has been compromised.

14.2 The Provider shall use reasonable endeavours to give the Customer advance notice of any suspension and to limit the scope and duration of the suspension to the extent reasonably practicable. The Provider shall restore access to the Service as soon as reasonably practicable after the grounds for suspension have been resolved.

14.3 The Customer shall remain liable for all Fees during any period of suspension caused by the Customer's breach of this Agreement.

15. Termination

15.1 Without prejudice to any other rights or remedies, either Party may terminate this Agreement with immediate effect by giving written notice to the other Party if:

(a) the other Party commits a material breach of any term of this Agreement and (if such breach is remediable) fails to remedy that breach within [30] days of receiving written notice requiring it to do so;

(b) the other Party takes any step or action in connection with its entering administration, provisional liquidation, or any composition or arrangement with its creditors (other than in relation to a solvent restructuring), having a winding-up petition presented against it, applying for or obtaining a moratorium under Part A1 of the Insolvency Act 1986, being wound up (whether voluntarily or by order of the court), being struck off the register of companies, having a receiver appointed over any of its assets, or being subject to any analogous event or proceeding in any applicable jurisdiction; or

(c) the other Party suspends, threatens to suspend, ceases, or threatens to cease to carry on all or a substantial part of its business.

15.2 The Customer may terminate this Agreement at any time by giving not less than [30 / 60 / 90] days' written notice to the Provider, provided that the Customer shall remain liable for all Fees due up to and including the date of termination and, where the Customer terminates during an Initial Term or Renewal Period, [the Customer shall pay the Fees that would have been payable for the remainder of the then-current term / no further Fees shall be payable beyond the notice period].

16. Effects of Termination

16.1 Upon termination or expiry of this Agreement for any reason:

(a) all rights and licences granted to the Customer under this Agreement shall immediately terminate, and the Customer shall immediately cease all use of the Service;

(b) each Party shall promptly return or destroy (at the other Party's option) all Confidential Information of the other Party in its possession or control, and shall certify in writing that it has done so;

(c) the Provider shall make the Customer Data available to the Customer for download in a commonly used, machine-readable format for a period of [30 / 60 / 90] days following the effective date of termination (the "Data Retrieval Period");

(d) following the expiry of the Data Retrieval Period, the Provider shall delete all Customer Data from its systems (including from backup media) within [30] days, except to the extent that applicable law requires the Provider to retain any such data, and the Provider shall certify in writing that deletion has been completed; and

(e) any provision of this Agreement that is expressly or by necessary implication intended to survive termination shall continue in full force and effect, including clauses 1, 7, 8, 9, 11, 12, 13, 16, and 22.

16.2 Termination or expiry of this Agreement shall not affect any rights, obligations, or liabilities of either Party that have accrued prior to the date of termination or expiry.

17. Force Majeure

17.1 Neither Party shall be in breach of this Agreement or liable for delay in performing, or failure to perform, any of its obligations under this Agreement if such delay or failure results from a Force Majeure Event.

17.2 A "Force Majeure Event" means any event beyond the reasonable control of the affected Party, including acts of God, fire, flood, earthquake, storm, epidemic, pandemic, war, armed conflict, terrorism, civil unrest, strikes (other than of the affected Party's own employees), lockouts, failure of utility services or telecommunications networks, acts of government or regulatory authorities, cyberattacks (provided the affected Party has maintained reasonable security measures), and failure of third-party hosting or cloud infrastructure providers.

17.3 The affected Party shall: (a) promptly notify the other Party in writing of the Force Majeure Event and its expected duration; (b) use all reasonable endeavours to mitigate the effects of the Force Majeure Event and to resume performance of its obligations as soon as reasonably practicable; and (c) keep the other Party informed of the steps being taken to resolve the situation.

17.4 If a Force Majeure Event continues for a period of more than [60 / 90] consecutive days, either Party may terminate this Agreement by giving [30] days' written notice to the other Party.

18. Variation

18.1 No variation of this Agreement shall be effective unless it is in writing and signed by or on behalf of each Party to this Agreement.

19. Entire Agreement

19.1 This Agreement (together with the Service Particulars and any other schedules or appendices) constitutes the entire agreement between the Parties in relation to its subject matter and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations, and understandings between them, whether written or oral, relating to that subject matter.

19.2 Each Party acknowledges that in entering into this Agreement it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance, or warranty (whether made innocently or negligently) that is not set out in this Agreement.

20. Notices

20.1 Any notice or other communication given under or in connection with this Agreement shall be in writing and shall be delivered by hand, sent by pre-paid first-class post or other next-working-day delivery service, or sent by email, to the Party due to receive it at its registered office address or such other address as that Party may notify in writing from time to time. A notice shall be deemed to have been received: (a) if delivered by hand, at the time of delivery; (b) if sent by pre-paid first-class post or other next-working-day delivery service, at 9.00 am on the second Business Day after posting; and (c) if sent by email, at the time of transmission, provided that no delivery failure notification is received by the sender.

21. Assignment

21.1 The Customer shall not assign, transfer, mortgage, charge, sub-contract, delegate, declare a trust over, or deal in any other manner with any of its rights or obligations under this Agreement without the prior written consent of the Provider.

21.2 The Provider may assign, transfer, or sub-contract any of its rights or obligations under this Agreement to any third party, provided that the Provider gives the Customer prior written notice and ensures that the assignee or sub-contractor is bound by obligations no less onerous than those set out in this Agreement.

22. Severability, Law, and Jurisdiction

22.1 If any provision of this Agreement (or part of any provision) is or becomes illegal, invalid, or unenforceable, the legality, validity, and enforceability of the remaining provisions of this Agreement shall not be affected. If any provision (or part of any provision) is or becomes illegal, invalid, or unenforceable but would be legal, valid, and enforceable if some part of it were deleted or modified, the provision or part-provision in question shall apply with the minimum modification necessary to make it legal, valid, and enforceable.

22.2 A person who is not a party to this Agreement shall not have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this Agreement.

22.3 This Agreement and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the law of England and Wales.

22.4 Each Party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with this Agreement or its subject matter or formation.

Schedule: Service Particulars

Signed by the duly authorised representatives of the Parties on the date first set out above.

This document was created using a template from website-contracts.co.uk.