Check a SaaS agreement online — vendor contract review
SaaS MSAs are written by the vendor, for the vendor. The same five problems repeat across hundreds of templates. Green Flagged scans your order form and MSA against a SaaS-specific checklist so you can negotiate before signing.
8 red flags we look for in SaaS agreements
Liability cap of 12 months of fees
Industry standard; for high-stakes data, push for 2-3x annual fees or a separate IP/data-breach carve-out.
Auto-renew with 90-day cancellation window
Combined with annual prepay, this can lock you in for another year if you blink. 30-day window is fairer.
Vendor owns derived data and usage metrics
Usage data, telemetry, aggregated insights — vendor will often claim full rights. Negotiate a license for vendor use; you retain ownership.
Uncapped fee increases at renewal
Annual increases capped at CPI + 3% is reasonable. "At vendor's then-current rates" is not.
Data return only in proprietary format
Insist on data export in machine-readable, non-proprietary format (CSV, JSON) at termination.
Vendor's standard SLA with no remedies
If the SLA has no credit/penalty for missed uptime, it's marketing copy, not a service level.
Limitation of liability excludes IP indemnity
Carve out IP infringement indemnity from the liability cap — that's the one thing you actually need uncapped protection on.
Subcontractors named only in a side document
Sub-processor lists buried elsewhere often change. Require notification of new sub-processors with a right to terminate.
What to read in this SaaS agreement
Subscription term and auto-renewal
Initial term, renewal terms, notice period. 30-day cancellation window is fair; 60-90 is hostile.
Fees and increases
Cap increases (CPI + N%, or fixed %). Prepaid vs in-arrears matters at termination.
Data, security, and privacy
Data ownership stays with you. Vendor needs only a license to operate the service. DPA must be in place if processing personal data.
Service levels
Uptime % with definitions, exclusions, and remedies (service credits, termination right at threshold). Without remedies, an SLA is decorative.
Liability and indemnification
Mutual cap at 12 months fees with IP-indemnity carve-out. Reps and warranties section should not silently lower the cap.
Termination and data return
Termination for cause, for convenience, for material breach. Data return in usable format within 30-60 days.
Frequently asked about SaaS agreement
What's a fair SaaS liability cap?
12 months of fees paid is the industry default. For mission-critical or sensitive-data services, push for 2-3x annual fees, or a separate higher cap for IP and data-breach claims.
How do I avoid being locked into auto-renewal?
Negotiate a 30-day cancellation window (most vendors will agree); calendar the opt-out date when you sign. Move to monthly billing if the vendor allows, even at a small premium.
Does the vendor own my data?
No — your data is yours. The vendor needs a license to operate the service, nothing more. Push back on "derived data," "aggregated insights," or any clause granting the vendor rights beyond service operation.
Should I sign without a DPA if we're EU?
No. If the vendor processes personal data on your behalf, a written DPA (Data Processing Agreement) under GDPR Article 28 is required. The standard contractual clauses must be attached for non-EU transfers.
What's a real SLA vs a marketing SLA?
A real SLA has: defined uptime measurement, defined exclusions, service credits scaled to severity, and a termination right if uptime drops below a floor for N consecutive months. Without remedies, it's just a number on a page.
Ready to check this SaaS agreement?
Drop a PDF, DOCX, or paste plain text. Free first scan. No account required.