Enterprise SaaS Agreements: Entities vs. Users

Even if a Software as a Service (SaaS) platform is designed for the B2B context, it's important to remember the people using the platform day-to-day. These folks are often called "authorized users." The SaaS agreement should be signed by the entity, but the agreement should clearly address the use of the platform by authorized users. It’s important to address authorized users, and to clearly distinguish between expectations for the entity and expectations for the authorized users. If you don’t make clear distinctions, you may run into some of the following issues:

If the provider has a dispute with an authorized user, is the dispute handled directly with that authorized user or with the entity?
What happens if different authorized users have conflicting requests?
Does an authorized user or the entity pay for the authorized user’s access?

In this post, we discuss a few different options for how best to address the existence of authorized users in SaaS agreements.

Agreement with the Entity

In this setup, the SaaS agreement governs the use of the platform by the entity and by the authorized users but is only signed by the entity. There is no direct contract with the authorized users. The entity is responsible for complying with the terms of the agreement and ensuring that its authorized users do as well.

If an authorized user's actions lead to a breach of the agreement, the entity may be held accountable. For example, the entity should indemnify and defend the provider for any liability the provider encounters as a result of actions taken by the authorized users.

On-the-ground Example

Imagine a scenario where an individual user, let's call them Alex, is using a SaaS platform on behalf of their company. If Alex engages in inappropriate behavior on the platform, such as posting infringing content, the provider might be sued by a third-party rights holder for the existence of the infringing content on the platform. In such cases, the entity should indemnify and defend the provider.

Agreement with the Entity and Terms of Service with Individual Users

This structure involves two agreements:

SaaS agreement with the entity
Terms of Service (TOS) for each authorized user

The SaaS agreement in this structure is identical to the SaaS agreement in the first structure discussed above, but the TOS sets out specific rules and restrictions for authorized users, and will be agreed to by each authorized user.

Typically the TOS includes a “code of conduct” and specific restrictions that each authorized user must comply with. The TOS is helpful because it gives the provider a direct contractual relationship with authorized users. This can make it easier, from a messaging standpoint, to suspend a single authorized user’s account. But the agreement with the entity should give the provider sufficient contractual authority to suspend authorized users, regardless of the existence of the TOS.

On-the-ground example

Let's use the same example above, where Alex uploads infringing content. Even if there is no TOS, the provider can still rely on language in the SaaS agreement with the company to suspend Alex.

However, if there is a TOS that prohibits uploading infringing content, the provider may have an easier time from a messaging standpoint, and a client-relations standpoint, to explain to the company and to Alex that Alex’s individual account will be suspended.

Agreement with Either Entity or Individual Users

As a third common option, some SaaS providers opt for a unified agreement that caters to both individual users and entities. This approach is particularly common among newer providers or those offering services that attract both individual and enterprise users.

Such agreements often state that the user is either agreeing to the terms on their own behalf or on behalf of an entity.

In such agreements, it is important to distinguish between individual users acting on their own and authorized users acting on behalf of an entity. For example, an individual user might pay for their own account, but an authorized user’s account is paid for by the entity.

As another example, an individual user could be directly liable to the SaaS provider for a breach of the agreement, whereas an entity could be liable to the SaaS provider for a breach caused by one of its authorized users. This differentiation is crucial for determining liabilities, payment responsibilities, and breach repercussions.

The Privacy Policy: A Non-Negotiable Imperative

Irrespective of the agreement structure, all users must consent to the platform's privacy policy. Without this consent, there is a much higher risk of violating applicable data privacy laws or encountering a dispute with a user about the use of their personal information. See our post on data privacy laws for more information about the importance of a privacy policy.

Strategic Considerations for SaaS Providers

When considering SaaS agreement structures, SaaS companies need to evaluate their operational setup and scalability needs carefully. Each approach comes with its own set of benefits and considerations.

For example, the third approach discussed above, where there is a single agreement for individual users and entities, may be appropriate for a startup that doesn’t have the operational capacity to handle different agreements for individual users and enterprise customers.

By ensuring that contractual frameworks align with business goals and capabilities, SaaS providers can establish strong partnerships with their customers while also setting expectations for authorized users.

Get the Guide Now Start mastering SaaS agreements with our comprehensive guide.

SPZ Legal offers customized solutions tailored to venture-scale companies grappling with the intricacies of SaaS agreements. With a track record of empowering startups to reach their growth targets, SPZ Legal serves as a reliable ally for founders and CEOs aiming to scale their ventures confidently and compliantly. Reach out to us if you need support with your company’s SaaS agreements.