Are you legal?

A few things to consider when developing a SaaS platform

It was fantastic to present a webinar to the kiwiSaaS Community last week, since the original plans for me to speak at the SouthernSaaS conference last year were shelved due to COVID.

For those who missed it, here are ten things you should know when developing your SaaS platform:

1) Get your legal house in order from day one‍

This is your IP, and the best way to protect it (and its value) is by getting good legal advice from the outset. Getting the legal stuff right: (a) is important to your customers; (b) is vital to your investors, shareholders, and potential purchasers; and (c) could be of interest to the authorities, like the Office of the Privacy Commissioner (privacy issues), the Commerce Commission (consumer and fair trading issues) and the Department of Internal Affairs(gambling issues if your SaaS platform touches on gambling).

‍2) Choose your cloud provider wisely‍

Think about:

• security (how does the cloud provider protect your platform, data and customer data?);
• compliance (how does the cloud provider comply with your requirements and regulatory requirements?);
• architecture (what support do you get for your platform, including upcoming versions?);
• service levels and service credits (what is the cloud provider’s availability for your platform and does that availability allow you to offer your availability commitments to your customers?);
• support (when the service goes down what level of support will you receive, and can you pay more for a higher level of service?);and
• cost (what are the cloud provider’s fees and other charges?).‍

3) Get your development contracts right

If developing in-house, ensure that you own the IP in the platform – check your employment and contractor agreements. If developing any part of the platform using a third party, you need to enter into an appropriate development contract.

Generally speaking, development contracts should address:

• the provision of services and deliverables;
• methodology (waterfall, agile or a hybrid);
• the development specifications to be met within specified timeframes;
• IP ownership of work product;
• acceptance testing of the SaaS platform;
• warranties;
• liability limitations; and
• what happens if it all goes wrong (e.g., termination rights, service credits and transition assistance to another provider).

4) Ensure you have obtained a licence to use any third party components or content

This can include ‍text, photographs, videos,sound recordings, fonts, plug-ins, maps and mapping data, and code libraries. Remember, just because it’s on the internet, it doesn’t mean it’s free! Failure to get a licence could result in an IP infringement claim against you, or your platform being shut down. When obtaining a licence, ensure you have the rights you need for your users because not all licences are the same.

Consider the specific terms of the licence:

• Who can use the components or content and for what purpose?
• What are the licensing fees?
• Are there warranties for non-infringement of IP?
• If you are using APIs or platforms linked to your platform, ensure you understand the terms of access: Is the integration one-way or two-way?
• What is the integration with social media platforms?
• What about the use of user authentication platforms?

5) Understand the licensing regime for any open source software used within your SaaS platform

Open source software is now widely used because doing so is generally fast, efficient and free. But you need to understand your obligations under the open source licence you use – depending on the licence, you may need to redistribute the source code for the entire platform (even if proprietary). You also need to consider that under an open source licence you will typically have no, or only limited,warranties and indemnities – meaning your redress in the event something goes wrong is non-existent or limited.

Think about how secure the code is. And be alive to the fact that in a future acquisition of your SaaS platform, a purchaser may not like your use of open source.

Pro tip: comply with all of the requirements of the open source licence (e.g., attributing the code development to the specified author / developer, setting out the modification status of the code)  – this really assists with any future due diligence on your platform.

6) Think carefully about customer data and how it is being used

Data protection and privacy are now issues that are top of mind for customers. Your terms and conditions should set out how customer data is being treated and used. Think about:

• ownership (who owns the data input by the customer and who owns the data generated by the platform?);
• use cases (how can the data be used, and can the data be used in an aggregated and anonymised manner?);
• identification (can you ensure that the data is de-identified so it cannot be re-identified?); and
• what happens on termination (what are your obligations to provide data to customers on termination?). You should also be asking for a warranty from customers that the data provided to your platform is true, accurate and does not infringe IP, privacy and other rights.‍

7) There is no “one size fits all” when it comes to your terms and conditions

This may not be what you want to hear! But your terms and conditions should be drafted to suit your platform –to accurately reflect your business model and the different types of authorised users (e.g., peer-to-peer platforms where users have different roles). You may even need several sets of terms depending on the subscription models (e.g.,Enterprise SaaS Agreement, End User SaaS Terms and Conditions).‍

8) Make sure your SaaS terms and conditions address at least the following

• ‍‍SaaS migration / set-up / configuration services;
• the subscription term;
• access (mobile or desktop app / browser / IoT interface);
• authorised users / administration portal;
• fees and payment;
• IP / data ownership;
• user generated content;
• service levels (availability / response times);
• warranties;
• limitations and exclusion of liability;
• what happens on termination; and
• specific consents and disclosures (e.g., if your SaaS platform is collecting information, you should obtain customer consent and provide for the requirements of privacy legislation in New Zealand and overseas).‍

9) Consider using an appropriate licensing structure for your business that protects your IP

Using a group structure that ringfences your IP in a separate company that then licences that IP to your trading companies in different jurisdictions can better protect your IP. This is useful because if a customer has a dispute with, or makes a claim against, the trading company with which it has entered a contract for the use of your SaaS platform, then the IP assets are protected in a separate entity.‍

10) Operate within the law when marketing, selling and using your platform

This is easy to say but harder to do – so get legal advice early, often and directly. Consider your obligations under the Fair Trading Act 1986, Consumer Guarantees Act 1993, Privacy Act 2020, Unsolicited Electronic Messages Act 2007, Gambling Act 2003, and Land Transport (Road User) Rule 2004 (the ban on using mobile devices while driving). Disclose all charges clearly and in full upfront. And don’t forget that from 16 August 2022 (this month) the unfair contract terms provisions of the Fair Trading Act 1986 are extended to include B2B (small trade) contracts.

Keep an eye on our website for our guidance about this change.

‍

Social media image credit: Annie Spratt