However, it ultimately depends on what kind of SaaS application you're developing. You'll need different legal agreements depending on what exactly your SaaS app does.
Dropbox, for example, allows users to upload and share files such as text files, movie files, and image files. This means that Dropbox should have a legal agreement that covers user-generated content.
Mailchimp allows users to send email marketing messages through its app. This means that Mailchimp should have a legal agreement in place that places restrictions on what types of emailing its users can do (such as no spamming).
For example, how will you handle a customer who misses payments for your SaaS app subscription? Will you revoke access immediately, or will there be a grace period? Will you allow customers to end the contract in the middle of a billing cycle and obtain a refund, or will there be a monetary penalty for interrupting the cycle?
SurveyMonkey's Your Responsibilities clause spells out what requirements users have while using the service. These responsibilities include general things such as not circumventing account limitations, using the service to build a competitive product or scraping data from interfaces or websites:
SurveyMonkey has a very detailed clause that outlines how accounts can be suspended or terminated, and what the results of such will be.
One section discusses how users can terminate their own accounts and how refunds will be handled. A separate section discusses SurveyMonkey's rights to terminate or suspend accounts for different reasons, and how the company will go about this:
As a separate clause, SurveyMonkey notes how it will handle inactive accounts by emailing users first and then possibly terminating the accounts:
Buffer includes a clause that addresses how users can cancel subscription services and accounts:
Similarly to how SurveyMonkey includes a separate clause for how it handles inactive accounts, Buffer has one to address delinquent accounts:
When SurveyMonkey updates any of these clauses or makes changes to its services, it's covered by the following clauses that reserve the right to make the changes. Users are also told how they'll be notified of any relevant changes:
Here's an example from Buffer:
You can also include a clause that acknowledges copyright infringement to protect both you and your users. Here's the clause from the Dropbox Terms of Service:
If your SaaS app allows customers to upload content - pictures, text, documents, videos, audio and so on - you should address copyright, intellectual property and any limited licenses you wish to reserve in the user-generated content.
Buffer lets users know that they retain any copyright and proprietary rights in their content.
However, Buffer also grants itself a "worldwide, non-exclusive, royalty-free, fully paid right and license (with the right to sublicense) to host, store, transfer, display, perform, reproduce, modify for the purpose of formatting for display, and distribute your User Content, in whole or in part, in any media formats and through any media channels now known or hereafter developed."
If Buffer didn't disclose this, the company would likely run into legal problems if it started using user content for such wide-ranging purposes as it reserves.
Here's how Dropbox does this in a clearly-labeled Controlling Law clause:
SurveyMonkey discloses the governing law as well as the jurisdiction and its legal name in a clause:
At Step 1, select the Website option and click "Next step":
Answer the questions about your website and click "Next step" when finished:
Answer the questions about your business practices and click "Next step" when finished:
Communications: Inform your app users that they may receive promotional emails from you, but that they can unsubscribe from communications.
Click on the Cookie Consent link at the top of our website. Our Free Cookie Consent Solution will open:
Choose your consent preference: Implied or Express:
Customize your Cookie Consent widget with your website name, banner notice type and color palette:
Copy your Cookie Consent code and add it to your website page code before the closing of the </body> tag.
Cookies are often used for advertising purposes such as personalized marketing. If you participate in personalized marketing or remarketing, let your users know that you do this and how they can opt out.
SurveyMonkey includes a separate Personalized Marketing clause that does this:
Along with personalized marketing, you should disclose if you participate in direct marketing or commercial communications. This can be sending emails, text message, mobile push notifications and other forms of direct communication.
Let users know how they can opt out of these communications if they want to, as Buffer does here:
Sometimes a SaaS app will be sold or merged. This can be concerning for your users, as they may not be ok with their personal information being transferred to someone else.
Let your users know that a business transfer may happen and how their personal information will be affected by it. You can do this in a simple Business Transfers clause.
Here's how Buffer discloses that this may happen and lets users know they'll have the opportunity to opt out of the transfer of their information. This clause is placed immediately before a clause that discusses third party sharing of information, which also addresses the topic of sharing data with other businesses:
Unbounce discloses this in a very short and basic clause. It's simple, but it's adequate:
Your app users will care greatly about the security of their data. SaaS apps are commonly used by businesses to process a lot of important and confidential data.
While you don't need to get specific about the security protocols you have in place with your app, let users know that you do take measures to keep their data safe.
ConvertKit notes that security protocols are in place to help keep data secure. It places the responsibility of protecting account security on the users, and provides contact information for reporting unauthorized account uses or security breaches:
Unbounce has a more detailed Security clause that doubles almost like a disclaimer of liability for security. It notes that Unbounce is not responsible for unauthorized use of information, and that the company is released from liability in connection with the use of personal data:
Asana has a Data Security clause that mentions the GDPR, includes a link to its audit data document and also links directly to its complete Security Statement page where additional information can be found.
A very common and important clause in most legal agreements is the clause that reserves the right to change the legal agreement in the future.