Contracts🌍International

Terms of Service for SaaS: What Must Be in Yours

9 March 2026

12 min read

A SaaS Terms of Service is not a formality — it is your primary legal defence against misuse, disputes, and liability. These are the 10 clauses every SaaS product must have, and the mistakes that leave founders legally exposed.

Terms of Service for SaaS: What Must Be in Yours

Why Your SaaS Terms of Service Is Your Most Important Contract

Every time a user clicks "I agree," they are entering a legally binding contract with your company. That contract is your Terms of Service (ToS) — and for SaaS companies, it governs your entire commercial relationship with every customer.

Done right, your ToS:

Defines the scope of your service and what you are not responsible for

Limits your financial liability to manageable amounts

Gives you the legal right to suspend or terminate accounts

Protects your intellectual property

Establishes how disputes are resolved

Done wrong — or not done at all — a single enterprise customer dispute can expose your company to damages that dwarf your annual revenue.

Who Needs a SaaS-Specific ToS?

Any company that:

Provides software, tools, or platforms as a service (subscription or free)

Allows users to create accounts and access functionality online

Hosts user data or user-generated content

Charges recurring subscription fees

A generic "website terms" template is not adequate for a SaaS product. SaaS ToS must address subscription billing, service availability, data handling, and multi-seat licensing — none of which appear in standard website terms.

The 10 Essential SaaS ToS Clauses

1. Scope of License

Your ToS must precisely define what users are permitted to do with your software. A SaaS licence is not a purchase — it is a limited, non-exclusive, non-transferable right to access and use the service.

The licence clause must specify:

Who is permitted to use the service (account holder, named users, or any employee of the subscribing entity)

Permitted use cases (internal business use only, or resale/white-label permitted?)

Explicit prohibitions: no reverse engineering, no copying the underlying code, no using the service to build a competing product

Without a clear licence scope, you have no contractual basis to prevent a competitor from using your product to build against you.

2. Subscription, Billing and Auto-Renewal

This clause is legally critical in many jurisdictions. It must clearly state:

Subscription tiers and what each includes

Billing frequency (monthly, annual) and exact billing dates

Auto-renewal terms — many jurisdictions (EU, UK, US states) require that auto-renewal be disclosed prominently and that users can cancel without penalty

How and when prices may change (standard practice: 30 days notice)

What happens when payment fails (grace period, service suspension, data handling)

Refund policy — "all fees are non-refundable" is standard for SaaS but some EU consumer protection laws require refund rights for B2C sales

EU-specific note: Under EU Consumer Rights Directive, if you sell to consumers (not just businesses), you may have mandatory 14-day withdrawal rights obligations. B2B SaaS typically avoids this but verify your customer base.

3. Acceptable Use Policy (AUP)

Your AUP defines what users cannot do with your service. It is the foundation of your right to suspend or terminate accounts. It must explicitly prohibit:

Using the service for illegal activities

Uploading malware, viruses, or malicious code

Attempting to access other users' accounts or data

Scraping, crawling, or overloading your infrastructure

Using the service to process data in violation of applicable law (including GDPR)

Harassment, hate speech, or illegal content (for platforms with user-generated content)

Without a clear AUP, you have no contractual basis to terminate a user who is misusing your platform — leaving you exposed to both liability and operational disruption.

4. Service Availability and SLA

SaaS customers increasingly expect uptime guarantees. Your ToS must address service availability honestly and protect you from liability for downtime you cannot control:

No guaranteed uptime clause — for early-stage SaaS, avoid committing to specific uptime percentages unless you have the infrastructure to back them up

Planned maintenance — reserve the right to take the service offline for maintenance with reasonable notice

Force majeure — exclude liability for outages caused by third-party infrastructure failures (AWS outages, internet failures, etc.)

For enterprise SaaS with formal SLA commitments, these provisions become a separate SLA document — but the ToS must still address the baseline availability position.

5. Intellectual Property Ownership

Two IP positions must be crystal clear:

Your IP:

The service, its underlying technology, interface, trademarks, and all content you create remain your exclusive property. Users receive a licence to use — not any ownership rights.

User content:

Content that users create, upload, or generate within your platform (documents, data, custom configurations) remains the user's property. You require a limited licence to host, process, and display that content as necessary to provide the service.

This is the clause that prevents a disgruntled departing customer from claiming they own the software configuration they built in your product.

6. Data Processing and Privacy

Your ToS must cross-reference your Privacy Policy and, for B2B SaaS specifically, address the GDPR controller-processor relationship:

State whether you are a data controller or data processor (or both) in relation to user data

Reference your Data Processing Agreement (DPA) for business customers — enterprise buyers will require a signed DPA before purchasing

Confirm what data you collect, how it is used, and where it is stored

Address data portability — can users export their data? In what format?

Data handling on termination — how long do you retain user data after account cancellation?

GDPR requirement: If your SaaS processes personal data on behalf of your business customers, you are a data processor and must offer a GDPR-compliant DPA. This is non-negotiable for selling to EU businesses.

7. Limitation of Liability

Without this clause, your exposure is theoretically unlimited. With it, your liability is capped at a manageable amount.

A standard SaaS limitation of liability:

Cap on damages: Total liability limited to fees paid by the customer in the 12 months preceding the claim

Exclusion of consequential losses: No liability for lost profits, lost data, business interruption, or reputational damage

Disclaimer of warranties: The service is provided "as is" without warranties of merchantability, fitness for a particular purpose, or uninterrupted availability

EU/UK note: Consumer protection laws limit the extent to which you can exclude liability for negligence or defective products with B2C customers. These clauses are most effective in B2B contexts.

8. Termination Rights

Define when and how either party can end the relationship:

Termination for convenience: Either party can cancel with notice (typically 30 days for month-to-month; notice aligned with billing cycle for annual)

Termination for cause: You can terminate immediately for AUP violations, payment failure, or illegal activity

What happens to user data on termination: Users typically have 30-90 days to export their data before it is deleted

Effect of termination: All licences end; outstanding fees remain due

9. Dispute Resolution and Governing Law

Specify:

Governing law: Which country's law governs the ToS (Cyprus, England, Ireland, and Delaware are common choices for SaaS companies)

Jurisdiction: Which courts have exclusive jurisdiction to hear disputes

Informal resolution first: Require parties to attempt resolution through written notice before initiating legal proceedings (reduces frivolous claims)

For US-focused SaaS: arbitration clauses and class action waivers are common. For EU-focused SaaS: arbitration clauses are less standard and their enforceability varies by jurisdiction.

10. Changes to the Terms

You will need to update your ToS as your product evolves. Reserve the right to do so:

Specify how users will be notified of changes (email, in-app notice, or website posting)

Give a reasonable notice period before changes take effect (30 days is standard)

State that continued use after the notice period constitutes acceptance

Courts have scrutinised "we may change these terms at any time without notice" clauses — they are increasingly unenforceable in consumer contexts and increasingly unpopular with enterprise buyers.

The Clickwrap vs Browsewrap Question

Clickwrap — users must actively tick a box or click "I Agree" to proceed. This creates clear evidence of consent and is enforceable in virtually all jurisdictions.

Browsewrap — a notice at the bottom of the page says "by using this site you agree to our terms." This is widely considered insufficient and has been repeatedly struck down in court.

For any SaaS with subscription billing or significant liability exposure: use clickwrap. Require users to actively check a box confirming they have read and agreed to your ToS before account creation is complete.

Start with These Three Documents Together

A complete SaaS legal foundation requires:

Terms of Service — governs the commercial relationship

Privacy Policy — covers data protection obligations

Data Processing Agreement — required for B2B customers under GDPR

Launching a SaaS product without all three in place is launching without your legal foundation. Every customer you acquire before these are in place is a customer acquired without a governing contract.

Need a SaaS Terms of Service, Privacy Policy, and DPA package? Our legal team drafts complete SaaS legal documentation customised to your product, pricing model, and target markets — delivered in 48-72 hours.

Need Legal Documents?

Get expert-drafted legal documents customized for your business. From NDAs to GDPR policies, we've got you covered.

View All Services Book Free Call

Back to All Posts