SaaS Subscription Agreement
A SaaS subscription agreement governs the relationship between a software provider and its customers — the foundational legal document for any subscription software business.
What is a SaaS Subscription Agreement?
A SaaS subscription agreement (or SaaS terms of service) is the contract governing a customer's access to a software-as-a-service platform. It sets out what service the customer receives, the subscription fee and billing terms, uptime commitments, acceptable use policies, data processing obligations, limitations of liability, and termination rights.
Unlike traditional software licence agreements, SaaS agreements must address cloud-specific issues: where data is stored, what happens to customer data on termination, the reliability of the service (uptime SLAs), and the provider's rights to modify or discontinue features. These provisions have become increasingly regulated, particularly around data protection and consumer rights.
For Australian SaaS businesses, the agreement must also comply with the Australian Consumer Law (ACL), which imposes statutory guarantees on the supply of services. Limitation of liability clauses must be drafted carefully to be effective within the ACL framework.
When do you need a SaaS Subscription Agreement?
- ✓Before launching any SaaS product with paying customers
- ✓When migrating from a free product to a paid subscription model
- ✓When offering enterprise or large-scale subscription tiers with different SLAs
- ✓When processing customer personal data, requiring explicit privacy and data processing disclosures
- ✓When offering annual or multi-year subscription plans with different cancellation terms
Key provisions to include
Service Description
What the software does, which features are included in each tier, and what is explicitly excluded.
Subscription Fees & Billing
Pricing model, billing frequency, payment methods, and automatic renewal provisions.
Uptime SLA
Availability commitments (e.g., 99.9%), how downtime is measured, and remedies for SLA breaches.
Data Processing
How customer data is collected, stored, processed, and protected — aligned with the Privacy Act 1988.
Acceptable Use Policy
Prohibited uses of the platform, including abusive, illegal, or harmful conduct.
Limitation of Liability
Cap on the provider's liability for service failures or data breaches, typically limited to subscription fees paid.
Termination
When either party can terminate, what happens to data on termination, and any data export period.
Intellectual Property
Provider retains all IP in the software; customer retains ownership of their data.
Common mistakes to avoid
Not addressing what happens to customer data when the subscription ends — customers need a data export and deletion commitment
Setting uptime SLAs without defining how downtime is measured or what remedies are available for breaches
Failing to include an acceptable use policy, leaving the platform vulnerable to misuse without contractual recourse
Drafting a limitation of liability clause that conflicts with Australian Consumer Law mandatory guarantees, making it unenforceable
Not specifying automatic renewal clearly — Australian Consumer Law requires transparency about subscription auto-renewal
Frequently asked questions
Does Australian Consumer Law apply to SaaS agreements?
Yes. The Australian Consumer Law applies to the supply of services (including SaaS) to consumers. Statutory consumer guarantees cannot be excluded by contract. For B2B SaaS, the ACL also imposes unfair contract term protections for small business customers with standard form contracts. Limitation of liability clauses must be carefully drafted to work within this framework.
What uptime should I commit to in a SaaS agreement?
Common uptime commitments for SaaS products range from 99% (approximately 87 hours of permitted downtime per year) to 99.99% (approximately 52 minutes). The appropriate level depends on your infrastructure, the criticality of your product to customers, and your ability to monitor and maintain the stated uptime. 99.9% is a common baseline for most B2B SaaS products.
What is a data processing addendum and do I need one?
A data processing addendum (DPA) is a separate document that sets out the specific obligations of the software provider when processing personal data on behalf of the customer. It is required when the SaaS product processes personal data on behalf of business customers who are subject to the GDPR or Australian Privacy Act. Enterprise customers and those in regulated industries almost always require a DPA.
Can I automatically renew subscriptions in Australia?
Yes, but automatic renewal must be disclosed clearly before the customer subscribes. The ACCC has taken action against businesses with unclear auto-renewal terms. Your SaaS agreement should state clearly that the subscription renews automatically at the end of each billing period unless cancelled, and provide a clear process for cancellation.
Related documents
Draft your SaaS Subscription Agreement in minutes
Try Neureson free for 3 days — no credit card required.
Start for free →