Most businesses sign SaaS agreements the same way they accept cookie notices: quickly, without reading them, and with the vague assumption that the terms are standard.
To a degree, they are. But "standard" means standard for the supplier. The drafting is deliberate. The asymmetries are intentional. And the clauses that matter most are often buried in schedules, order forms or cross-references that are easy to miss.
This article identifies the six areas where the default position most consistently disadvantages customers — and what to do about each of them.
Auto-renewal & notice periods.
Most SaaS subscriptions renew automatically at the end of each term unless cancelled within a specified notice window. That window is typically 30 to 90 days before renewal — and it is often shorter than the procurement or budget approval cycle required to make a considered decision about whether to continue.
The practical effect is that businesses frequently find themselves committed to another year of a service they intended to exit, simply because the cancellation deadline passed unnoticed. The supplier benefits not through any deliberate act of deception but through frictionless inertia.
Extend the notice period, or introduce a right to terminate for convenience at any time on reasonable notice. As a minimum, require the supplier to give written notice that renewal is approaching — 60 days before the deadline is a reasonable starting point. Some suppliers will also include price increase provisions tied to auto-renewal, allowing them to apply uplift without further consent. These should be capped — RPI or a fixed percentage — and subject to a right to terminate if the increase exceeds a defined threshold.
Data ownership & portability.
It may seem obvious that the data a customer inputs into a SaaS platform belongs to the customer. In practice, the position is often more complicated than that.
Standard agreements typically include language granting the supplier a broad licence to use customer data for purposes that can extend well beyond provision of the service. This may include aggregated analytics, model training, product development or benchmarking. These licences are sometimes buried in privacy policies rather than the main agreement — which means they can be amended unilaterally by the supplier on notice.
The data portability position is similarly problematic. Many agreements say nothing about what format data will be exported in, whether APIs are available for extraction, or what happens to data after termination. A supplier who controls the exit process controls the switching cost.
Restrict data use to provision of the contracted service only. Require data to be available for export in a machine-readable, non-proprietary format. Specify a post-termination data retention window — 30 to 90 days is common — during which the customer can retrieve their data, followed by secure deletion with written confirmation.
Service level agreements & uptime.
SaaS providers almost universally publish uptime commitments — 99.9% availability is the benchmark most cite. What is less obvious is what those commitments actually mean in practice, and what remedy applies when they are breached.
Uptime is almost always measured excluding scheduled maintenance, certain categories of "emergency" maintenance, and outages attributable to factors outside the supplier's direct control. The definition of "available" may be narrower than expected — a service that is running but performing so slowly as to be unusable may not constitute downtime under the SLA.
The standard remedy for SLA breach is service credits: typically a percentage of the monthly fee credited against future invoices, usually only claimable if the customer reports the outage within a specified window, and often capped at a fraction of one month's charges. These credits rarely reflect the actual cost of an outage to the customer's business.
Push for SLA credits that are meaningful relative to the value of the service. Include a right to terminate if the supplier fails to meet SLA thresholds over a sustained period — three consecutive months of material underperformance is a defensible position. Ensure the definition of "available" captures performance degradation as well as complete unavailability.
Liability caps & exclusions.
Liability caps in SaaS agreements are almost always expressed as a multiple of the fees paid — commonly the fees paid in the preceding 12 months, sometimes less. For a business paying £5,000 per month, that cap is £60,000. If a supplier outage, a data breach or a service failure causes a material business disruption, that sum is unlikely to come close to covering the loss.
The problem is compounded by exclusions. Most agreements exclude liability for indirect loss, consequential loss, loss of profit, loss of data and loss of business. For a SaaS product embedded in a customer's operations, these exclusions can effectively render the cap meaningless — because the real losses are almost always in the excluded categories.
It is worth noting the asymmetry: the customer's payment obligations are rarely subject to equivalent caps or exclusions.
Seek a higher cap — two times annual fees is a more defensible starting point for operationally significant services. Carve out data breach and confidentiality breaches from the exclusions entirely, and ensure uncapped liability applies to death and personal injury as required by law. The exclusion of indirect loss should, at minimum, not apply to losses that were reasonably foreseeable at the time of contracting.
Change of control & assignment.
SaaS providers are frequently acquired. When that happens, the acquiring entity steps into the supplier's position — including the contractual relationship with the customer. Standard SaaS agreements typically permit the supplier to assign the agreement on a change of control without customer consent.
The consequences can be significant. The acquirer may operate a competing product, may change pricing or product roadmap, may have different data handling practices, or may be subject to different regulatory regimes. A customer who selected a supplier on the basis of its independence, its privacy practices or its technology stack may find themselves committed to a very different organisation.
Include a right to terminate on notice if a change of control occurs — particularly where the acquirer is a competitor or where the customer has concerns about data sovereignty. At minimum, require prior written notice of any assignment and a period during which the customer may review the position before the assignment takes effect.
Unilateral variation of terms.
Perhaps the most underappreciated asymmetry in standard SaaS agreements is the right of the supplier to vary the terms on notice. This is distinct from price changes — it applies to the substantive terms of the agreement, including service descriptions, data handling practices, acceptable use policies and security standards.
Variation clauses are common and often loosely drafted. They may permit changes to take effect with as little as 14 days' notice, published by update to the supplier's website rather than direct communication. The customer's only remedy is typically to terminate — on notice, often subject to a cancellation fee — or to accept the new terms by continued use.
This structure means that the agreement signed at the outset may bear little resemblance to the terms governing the relationship two or three years later.
Require that any material variation to the terms is communicated directly and in writing, with a notice period that is proportionate to the significance of the change. Include a right to terminate without penalty if a variation materially and adversely affects the customer. "Material" should be defined — it should extend beyond pricing to cover data handling, SLA commitments and core service functionality.
The wider point.
None of the clauses described above are unusual. They appear, in broadly similar form, in the standard terms of most major SaaS providers. They are not hidden — they are simply dense, cross-referenced, and presented in a context where customers are accustomed to clicking through.
The asymmetry is structural. The supplier drafts the agreement, knows where the leverage sits, and has optimised the standard terms accordingly. The customer, engaging with a product they have evaluated and chosen, is often focused on the price and the features rather than the contractual mechanics.
For low-value, low-risk SaaS subscriptions this may be an acceptable trade-off. For services that are operationally significant — those that touch customer data, underpin critical workflows or represent material annual spend — it is not. The cost of negotiation is modest. The cost of an unanticipated renewal, an outage with no adequate remedy, or a data breach with a capped liability, can be substantially higher.
The starting position in any SaaS negotiation should be that the standard terms are a first draft, not a final offer. Suppliers who refuse to negotiate at all on commercially significant contracts may be revealing something about how they view the relationship.
This article is for general informational purposes only and does not constitute legal advice. You should seek independent legal advice on matters specific to your circumstances.