03 February 2020
SaaS apps that allow user interaction or the creation of user-generated content are great ways to build your brand and create a community for your users around that brand.
But when you have users using your service or SaaS app, especially if they can interact with others, setting out an Acceptable Use Policy of some kind is very important.
This kind of policy allows you, the company, to set clear expectations of what kind of behaviour is okay, as well as allowing you to ban or suspend accounts that infringe the policy or act in a destructive way towards you or towards other users.
You can either create an entire standalone Acceptable Use Policy focused on acceptable use cases or just include a clause in your current Terms and Conditions agreement.
Whichever you choose, let's take a look at what you'll need to cover.
Here's an example of an Acceptable Use clause within the Terms of Service of InVision:
You can see that the clause from InVision is very broad and very strict. Not all policies need to be written in this way. Many businesses are now ensuring that their legal terms are written in plain language.
Let's take a look at some more examples.
The first thing your clause should lay out clearly is what kind of behaviour is acceptable.
For example, you could outline that you want your users to "play nice" and be respectful towards each other. This sets the tone that respectful and considerate behaviour is the foundation upon which everyone should operate.
Here's an example from Flickr that provides a good example of the type of non-legal language that you may want to use, and how they set out the acceptable behaviour:
If your Acceptable Use Policy or specific clause is written in clear, simple terms, your users are more likely to understand it and pay attention.
Flickr has covered general user behaviour (asking users to be polite and respectful), as well as legal concepts such as intellectual property (asking users to only upload content that they have created).
Setting out clearly what your users can do can help them to make a clear distinction between what your service allows and what it does not.
Let's take a look at some of the unacceptable behaviour that you'll also want to cover in your policy.
This clause is a little trickier, as you need to be clear on what you don't allow while being broad enough to capture unanticipated situations that are not acceptable.
If you keep your Acceptable Use Policy too narrow, you may end up with situations in which users are interfering with the performance of your service or the ability of other users to use it, but you have no legal ability to terminate their account.
Let's take a look at an example of an Acceptable Use Policy from Dropbox. Dropbox's policy is primarily focused on behaviour that is not allowed, rather than behaviour that is allowed:
Dropbox has included a list of all of the types of behaviour that they don't accept. Consider which of the above may apply to your SaaS app and which things a user might be able to do. In particular, anything that interferes with the uptime of your service should be banned, as well as anything that could violate any laws.
Here's another example from Google Cloud Platform on Android:
This one is similar to the Dropbox example before, as it focuses on what behaviour is not allowed when using the service.
It's up to you whether you want to include both acceptable and unacceptable behaviour in your policy or clause, but whatever you decide to do ensure that your wording is clear and unambiguous.
Some SaaS apps may be involved in highly regulated industries, and their Acceptable Use Policies may need to touch on industry legislation and standards.
For example, at Twilio, their service (a SaaS app) allows voice chat, call recording, SMS, MMS, video calling, and phone number lookup among other things. This means that they need to ensure their users don't infringe CAN-SPAM, the Telephone Consumer Protection Act, and the Do-Not-Call Implementation Act.
Compliance with these pieces of legislation is reflected in the Acceptable Use Policy of Twilio:
You can also see that Twilio covers off industry standards, third-party policies, and guidelines published by the Mobile Marketing Association and other industry associations.
If your SaaS is in the healthcare or medical industry or is targeted at children, you'll also have particularly rigorous legal standards that you (and your customers) will need to comply with.
If your app allows users to share content with others or post content publicly, you'll also need to clearly set out what types of content are prohibited.
Here's an example from the Acceptable Use Policy of Pinterest:
Finally, all SaaS apps are likely to want to prohibit any conduct that disrupts the app or the service completely. Here's an example from the Acceptable Use Policy of Atlassian:
You can see that they disallow anything that compromises the integrity of the system, tampering, and using bots to send significant numbers of requests to the server (DDoSing).
If any users are found engaging in this type of behaviour, Atlassian reserves the right to permanently or temporarily terminate or suspend a user's account or access to the services without notice or liability.
This leads into our next point: consequences in the case of a breach.
The next clause that you need to include is a clause for setting out what the response will be if an account is misusing the app or the service or breaching your terms of acceptable and unacceptable use.
It's common practice to include a "Suspension" or "Termination" clause where you can stop providing your services to a user at any point if they breach your terms or are disruptive to other users.
Here is an example from Confirmit's Acceptable Use Policy for their Confirmit Horizons solution:
The main thing you want to cover is that you can cancel the agreement or remove any offending content that the user has uploaded onto your service. You should also make sure that you reserve the right to bring legal action in any case, which sets out that you are serious about offending behaviour and that breaches of your agreement will not be tolerated.
No matter what you decide to include in your policy, you should make sure that your policy is personalised and tailored for your app.
Covering off acceptable and unacceptable use for your app is simple, straightforward, and a very important part of managing your users' interactions with each other and your app. By setting out clearly what kind of behaviour is acceptable, and what the consequences will be for unacceptable behaviour, you are more likely to have users who comply.
Or, if your users aren't complying, you can terminate their account and abilities to use the app. This protects you, your app, and your other users.
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.