Limitation of Liability Provisions for SaaS

SaaS apps are popular, but they come with a risk because your customers become so dependent on your apps. Your liability in running a SaaS app could be endless - from system failure to unsatisfied users.

A Limitation of Liability clause protects your SaaS business from these legal dangers by contractually binding a user to being unable to seek certain damages from you.

If you face an online disaster that arose from circumstances beyond your control, you're already paying money to solve the problem. The last thing you need is a string of lawsuits from users who are affected by the disaster.

Here is an explanation of Limitation of Liability clauses and how to integrate them into your agreements.

Types of Limitation of Liability for SaaS

Every transaction, especially if it involves software or online services, requires a contract. The contract reduces risk and outlines expectations.

In the case of SaaS, these terms are present in Terms & Conditions (also known as Terms of Use or Terms of Service) or an End User License Agreement (EULA).

Generally, in any contractual relationship, including SaaS apps, users may collect damages if they can prove them. If left to this default, you can face liability for shutdown time, system crashes, and even failing to fully meet a user's expectations. Since many of these may not be within your control, keeping to general contract theory can leave you vulnerable.

The Limitation of Liability clause enhances your legal protection in these situations. Adding one to your agreements gives users fewer grounds to pursue damages against your business.

Limitation of Liability provisions ban particular types of claims or place a cap on the possible amount of money damages awarded to a user. There are provisions that integrate both of these elements.

Oracle has a broad Limitation of Liability clause in its Terms of Use agreement. It limits damages arising from users experiencing loss of profits, data access or revenue as a result of using its SaaS. This is a direct prohibition which does not include a cap on damages:

Developers choosing a cap on damages usually include the same prohibitions as in the Oracle sample above. They also expand protection because they often have additional concerns.

DocuSign hosts documents requiring e-signatures. Since these can cover everything from loan agreements to property transactions, a failure could prove damaging. That's why DocuSign takes additional precautions to protect itself:

This Limitation of Liability clause from DocuSign prohibits direct, indirect, incidental, special, punitive or consequential damages, while also providing protection against errors, personal injury, and unauthorized access. In addition, it includes a $100.00 cap on damages not prohibited in the agreement.

How you draft your Limitation of Liability clause depends on the risks involved with your unique SaaS product.

What SaaS Companies Need to Know About Limitation of Liability

The most common reason for SaaS companies to take this protective approach (by including the Limitation of Liability clause in their legal agreements) is the impact of outages or crashes.

There are times when the app becomes overloaded or a power outage makes it impossible for app services to function.

The Limitation of Liability provision in a Terms & Conditions agreement protects against these situations that are often beyond a developer's control.

Another reason, one that arose with the DocuSign example, is to waive liability connected to data loss.

This does not mean a developer takes no responsibility in maintaining that data and reducing the risk of its disappearance. It's only stating that while you will take all necessary precautions, there are situations where this is beyond your control and if it happens, you do not claim liability.

A short Limitation of Liability provision does not necessarily mean a developer is unconcerned. Sometimes they take a restrictive approach where there are no allowable causes of action for damages.

Salesforce takes this approach because it prohibits pretty much any claim for damages, including data loss or computer failure. This embraces the most common purpose of a Limitation of Liability well:

Other developers are not limited to one jurisdiction. While there are places that allow prohibitions limiting liability, others do not allow that.

Dropbox is a cloud file storage and sharing service that enjoys international appeal. There are businesses and individuals who store all their files, photos, and multimedia in a Dropbox folder, so impacts of data loss and failure are immense. In some places, that is actionable under the law. Its Limitation of Liability provision covers laws that do not allow those limits:

If you use clickwrap for your agreements, users accept your agreements (including Terms & Conditions that include Limitation of Liability clauses) upon setting up an account with your SaaS app.

Relying on the browsewrap method is likely not the best strategy, especially if limiting liability is important to your business.

Where to Add the Limitation of Liability Clause in SaaS Legal Agreements

Limitation of Liability provisions can be found in the Terms and Conditions or the End-User License Agreement (EULA) and many SaaS apps maintain both agreements. As a general best practices, you'll want your Limitation of Liability clauses in the document that contains most of your controlling rules.

The differences between a Limitation of Liability in a Terms and Conditions and the same in a EULA are very subtle and nearly indistinguishable.

Here are a few examples.

Limitation of Liability in SaaS Terms & Conditions

Use the Terms & Conditions Generator to generate a Terms & Conditions with a Limitation of Liability clause added.

The Terms and Conditions contains rules for using a SaaS as well as payment terms, e.g. whether a user pays for your service annually or monthly. It may also contain remedies if the service does not work, as well as the Limitation of Liability clause.

Since the Terms and Conditions often include the payment terms, the Limitation of Liability clause may address refunds as well.

Box, a similar file sharing SaaS like Dropbox, includes all the general liability waivers. However, if there's a service shortcoming, Box is willing to compensate a user with a credit for three months of service or $5.00:

Terms and Conditions also integrate the Privacy Policy by reference.

It's also not unusual for a Limitation of Liability clause to include a provision against collecting damages for data breach.

ZenDesk alerts users that they assume the risk when they provide personal information:

Focus@Will contains nearly all the elements of a Limitation of Liability clause discussed here:

• There are general limits, like punitive and special damages,
• There is also a cap on the damages. Users can collect no more than what they paid for the SaaS.
• Also included is a limitation in case of data breach

You can be as generous or restrictive with your Limitation of Liability clause as you consider appropriate. If you handle sensitive information, mention that users take a risk providing that data and that you cannot be held liable for privacy breaches beyond your control.

Limitation of Liability in SaaS EULA

Use the EULA Generator to generate an EULA agreement.

Companies offering a mix of SaaS products and other services may place the Limitation of Liability clause in the EULA agreement.

This is because they need to protect themselves from liability not only in the context of their SaaS app but also any software or other products that are sold outright rather than just subject to a subscription plan.

For example, Adobe offers a SaaS called Adobe Creative Cloud along with its popular Adobe Acrobat Reader.

Its EULA covers all its products, including this SaaS paid for by a monthly subscription. The Limitation of Liability in that agreement is broad and references software rather than services. It's designed to cover all Adobe products:

The EULA of Apple is also designed to cover everything from iTunes music to the most complex apps through its App Store. Much like Adobe, there is a mix of SaaS as well as outright purchases and simple Cloud apps.

Apple's Limitation of Liability clause in its EULA agreement is also broad and also contains a $50.00 damage cap:

Limitations of Liability in EULA agreements are frequently broad and often appear long, but that's not always the case.

Parallels is a remote application service that allows customers to access their desktop or laptop anywhere as long as they have a mobile device. While the developer is interested in liability protection, it keeps these provisions short and to the point:

There is also the option of placing the Limitation of Liability clause in both the Terms and Conditions and the EULA.

Best Practices on Limitation of Liability for SaaS

There is a fine line between liability protection and failing to take responsibility. Even when a development is beyond your control, it's not unreasonable for a user to request some type of compensation, even if it's not for lost profits or larger losses.

That's why you still need to balance customer service with legal protection.

Even if you will not accept liability for a data breach, for example, you still need to take precautions to avoid that. If data breach occurs, you must start damage control and warn your users so they can also take protective action.

There's always the possibility of something going wrong, so you need a policy in case that occurs.

Here are examples of what you can offer your users even when you waive liability:

• Subscription credits.

  If there's a shutdown or data loss, offering one month free where you do not charge the usual subscription can go a long way.

  In serious cases where you charge annually, reduce that amount. This might cost you less than losing users.

• Trial periods.

  A 7 to 30-day trial subscription allows users to try out your SaaS app before they purchase or subscribe.

  This way, you do not have refund requests or damage claims arising out of a product that was not appropriate for the user's intentions.

• Be cautious.

  In jurisdictions with comprehensive privacy protection, you may not be able to waive liability for data breaches and other privacy violations.

  Also, medical information is strictly protected no matter where you operate.

  Adding language that your Limitation of Liability is not enforceable where it illegally protects you from fines and sanctions.

The Limitation of Liability clause is an essential provision for your Terms and Conditions or EULA agreements.