Over on LairdOnDemand, Peter has posted the findings of his research into the terms of service (ToS) of eight different SaaS providers. ToS are the sort of things that bore the tears out of everyone but lawyers, but they’re also the things that can come back and haunt a business over time.

Peter found some interesting results (reproduced under the fold). I would say that his analysis, while thorough, doesn’t take into account the fact that the requirements of a paid service provider (NetSuite for example) should be much higher than a free SaaS provider (Zoho for example). Congrats on the excellent analysis Peter, and a word of caution to those considering SaaS providers – do your due diligence thoroughly.

The Good

The following are the bright spots in the collection of ToS:

  • Netsuite: there are reports that this company has onerous licensing practices, but I see no evidence that. Of the 8 contracts I reviewed, Netsuite’s is by far the best written and the most consumer friendly. They have the best data retention policies and termination procedures.
  • Boomi, Netsuite, Taleo: offer warranties for the various aspects of their systems, and not just “as-is”.
  • All but Concur: all of these services affirm that you own the data that you upload. This is key. However, there are a couple of vendors that reserve too many rights to use your data, see below.
  • Boomi, Coghead, Netsuite, Salesforce, Taleo: these companies indemnify the customer in cases where the application is found to infringe on a 3rd party’s IP, and the customer is sued. Taleo is the only vendor of the 8 that does not demand to be indemnified in return from someone suing them for your use of the system.
The Bad

The following are terms that you should be wary of when entering into a service contract. Try to negotiate better terms:

  • Box.net, Coghead, Concur, Salesforce, Taleo, Zoho: these companies have contracts that can change at any time without any notice. In a way, this could be the ugliest line item of them all because the company could write in whatever nasty thing they want. But I will leave it at “bad” until one of the companies does something evil with it.
  • Salesforce, Taleo: have a line item that allows the company to advertise your name as a customer, merely by signing up for a paid account. Customer references should be earned, not mandated.
  • Salesforce: prohibits direct competitors from using the Service. But at the rate SFDC is expanding offerings, will you become a competitor tomorrow? For example, anyone that offers software development tools became a competitor when they launched force.com.
The Ugly

The following is the list of contract terms that are unacceptable. I would not recommend using the following services unless you negotiate better contract terms:

  • Box.net: by uploading content  that you own to this service you are giving Box.net an irrevocable license to use, copy, create derivative works of, sublicense, etc etc of your content. Think about that. The only redeeming argument is that this contract is for personal, not business use. But they put this item in there for a reason – why? Imagine uploading your personal pictures and then seeing one in the next promotional campaign for Taco Bell. This could happen because Box.net has the right to sublicense as they wish.
  • Coghead: if Coghead terminates your account, you have just 2 days to send written notice to request your data. Otherwise they can permanently delete all of your data. What’s the rush?
  • Concur: (caveat: this is the Trial license, which can only be assumed to match closely the production license) has the most worrisome contract as it relates to your data. It is the only one that has no explicit line to indicate that you still own your data (filed business expenses, in this case). But it does have a line saying that Concur has an irrevocable right to use that data – this includes your personal data and financial info! Why is this in the contract? This seems quite broad for data that is of utmost sensitivity.
Ben Kepes

Ben Kepes is a technology evangelist, an investor, a commentator and a business adviser. Ben covers the convergence of technology, mobile, ubiquity and agility, all enabled by the Cloud. His areas of interest extend to enterprise software, software integration, financial/accounting software, platforms and infrastructure as well as articulating technology simply for everyday users.

3 Comments
  • Crazy! Just keep it simple people.
    These are ours: http://www.proworkflow.com/PWF_PRO_terms.cfm

  • Ben – thanks for the plug. You are right – Netsuite vs. Zoho vs. Box.net all have different ToS requirements because they:
    1) vary in cost
    2) vary in complexity
    3) vary in how mission critical they are to a biz
    4) vary in switching costs, in case an account is terminated
    I hope to get my follow up posts out soon – I will focus on how factors 3 and 4 need to heavily influence the procedures for terminating an account.

    Julian – I think keeping it simple generally favors the provider, with “as-is” warranties and little to no rights for the customer around account termination. With the more mission critical solutions I would feel more comfortable as a customer with a Netsuite-style agreement.

    As for the ProWorkflow ToS:

    Good – “Any data entered in your live account database or uploaded to the service remain yours and can be supplied if needed as a digital file upon request”
    I like the ability to request a download of your data, none of the other 8 had this.

    Bad – “ProActive Software reserves the right to terminate accounts (Trial and Paid) at will.”
    I think (and will soon blog about) that there needs to be at least a wind down period if a SaaS provider wants to fire their customer. If the customer is engaged in bad activity (DOS attacks etc) then a suspension period should precede termination so that the customer can investigate and dispute or remedy the issue.

  • One more thing – within 12 hours of my original post, Box.net remedied the onerous clause in their contract. They clarified that their use of your data is restricted to what is necessary to fulfill the service of the site on your behalf. Good job, Box.net.

Leave a Reply