Startup Contracts & Agreements
Well-drafted contracts protect your startup from liability, preserve your IP, ensure compliance, and prevent costly disputes. This guide covers essential agreements for SaaS companies, vendor relationships, confidentiality, and strategic partnerships.
Why Contracts Matter for Startups
Contracts protect your business:
- Limit liability: Cap damages to fees paid (instead of unlimited exposure)
- Protect IP: Ensure you own your code, product improvements, and customer data
- Ensure compliance: GDPR/CCPA data processing agreements avoid regulatory fines
- Prevent disputes: Clear termination, payment, and renewal terms reduce conflicts
Common contract mistakes that cost startups:
- Missing liability caps (sued for $10M over software downtime)
- No IP assignment from contractors (they own the code they wrote)
- Inadequate DPA (Data Processing Agreement) for GDPR compliance (β¬20M fines)
- Auto-renewal traps (vendor charges continue after intended cancellation)
Contract Types by Business Need
Revenue Generation
SaaS Agreements:
- Customer master service agreements (MSA)
- Terms of service (ToS) and acceptable use policies (AUP)
- Service level agreements (SLA) with uptime guarantees
- Data processing agreements (DPA) for GDPR/CCPA compliance
Professional Services:
- Statement of work (SOW) for consulting, implementation, customization
- Fixed-fee vs time-and-materials pricing
- Deliverable acceptance criteria
Cost Management
Vendor Contracts:
- Software licenses (cloud infrastructure, dev tools, SaaS subscriptions)
- Service agreements (consulting, outsourcing, agencies)
- Hardware and equipment leases
- Payment terms, auto-renewal, and termination provisions
Procurement best practices:
- Volume discounts and committed use discounts (AWS, GCP, Azure)
- Annual vs monthly pricing (10-20% savings for annual commit)
- Termination rights (avoid auto-renewal lock-in)
Risk Mitigation
Confidentiality Agreements:
- Non-disclosure agreements (NDA) for fundraising, partnerships, hiring
- Mutual vs unilateral NDAs
- Confidentiality periods (2-5 years standard)
- Permitted disclosures (employees, advisors, legal/financial consultants)
Indemnification and Liability:
- Indemnification clauses (IP infringement, data breaches, third-party claims)
- Liability caps (12 months fees, fees paid, or fixed dollar amount)
- Exclusions from cap (willful misconduct, IP infringement, data breaches)
Growth & Partnerships
Partnership Agreements:
- Strategic partnerships (co-marketing, joint ventures, channel partnerships)
- Revenue sharing and referral agreements
- IP licensing and white-label agreements
- Exclusive vs non-exclusive partnerships
Integration Agreements:
- API terms of service (rate limits, SLA, support)
- SDK and developer agreements
- Marketplace and app store terms
Essential Contract Provisions
1. Definitions Section
Purpose: Establish clear meanings for key terms used throughout the agreement.
Critical definitions:
- "Services": Scope of SaaS platform, features, and support
- "Customer Data": Data uploaded or created by customer using Services
- "Confidential Information": Non-public information disclosed under agreement
- "Subscription Fees": Recurring charges for access to Services
- "Effective Date": Contract start date (signature, payment, or access grant)
Why it matters: Ambiguous terms lead to disputesβclear definitions prevent misinterpretation.
2. Scope of Services
Purpose: Define what your company will (and won't) provide.
B2B SaaS example:
Company will provide Customer with:
(a) Access to the SaaS platform via web browser
(b) Standard support (email, 2 business day response time)
(c) 99.5% uptime SLA (measured monthly, excluding maintenance windows)
Company will NOT provide:
(a) Custom development or feature requests
(b) On-premise installations or white-label versions
(c) Data migration from legacy systemsWhy it matters: Scope creep = unpaid work. Clearly define inclusions and exclusions.
3. Intellectual Property Ownership
Purpose: Specify who owns the software, customer data, and any customizations.
Standard B2B SaaS clause:
IP Ownership:
(a) Company retains all rights to the SaaS platform, including all improvements
and modifications (even if based on Customer feedback).
(b) Customer retains all rights to Customer Data.
(c) Company may use aggregated, anonymized data for analytics and product improvement.Why it matters: Without this clause, customers may claim ownership of features they requested.
4. Warranties and Disclaimers
Purpose: Define what you guarantee (and what you don't).
Typical SaaS warranties:
- Performance warranty: Software will substantially conform to documentation
- Malware-free: Software free from viruses, malicious code
- Authorization: Company has right to grant license
Disclaimers (ALL CAPS for enforceability):
EXCEPT AS EXPRESSLY SET FORTH ABOVE, COMPANY DISCLAIMS ALL WARRANTIES,
EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, AND NON-INFRINGEMENT.Why it matters: Disclaimers limit implied warranties and prevent customers from claiming unwritten guarantees.
5. Liability Limitations and Caps
Purpose: Cap your maximum exposure to customer claims.
Standard liability cap:
Liability Cap: Company's total liability shall not exceed the fees paid by
Customer in the 12 months preceding the claim.
Exclusions: Cap does not apply to:
(a) IP infringement claims
(b) Breach of confidentiality
(c) Gross negligence or willful misconduct
(d) Data breach caused by Company's security failuresTypical caps:
- B2B SaaS (small customers): 12 months fees or $50K minimum
- B2B SaaS (enterprise): 24 months fees or $500K+ negotiated cap
- Consumer SaaS: $100 or fees paid (whichever is less)
Why it matters: Without a cap, you face unlimited liability for any breach or failure.
6. Indemnification
Purpose: Define who pays if third parties sue over the contract.
Mutual indemnification (balanced):
Company Indemnifies Customer for:
- Third-party claims that the Software infringes IP rights
- Claims arising from Company's breach of data privacy laws
Customer Indemnifies Company for:
- Claims arising from Customer's misuse of the Software
- Claims related to Customer Data (e.g., Customer uploaded infringing content)Why it matters: Indemnification shifts defense costs and liability to the responsible party.
7. Termination and Renewal
Purpose: Define how and when the agreement ends.
Termination rights:
- For convenience: Either party may terminate with 30-90 days' notice
- For cause: Immediate termination if material breach uncured after 30 days
- For non-payment: Company may suspend/terminate if customer doesn't pay within 15 days of due date
Auto-renewal clause:
Automatic Renewal: This Agreement will automatically renew for successive
1-year terms unless either party provides written notice of non-renewal
at least 30 days before the end of the current term.β οΈ Auto-renewal trap: Many states (CA, NY, IL) require advance notice (15-60 days) for auto-renewals. Include notice provisions to comply.
Why it matters: Unclear termination terms lead to disputes over final payments and data return obligations.
Contract Strategy by Stage
Pre-Seed: Templates & Self-Service
Contracts needed:
- Terms of service (ToS) for product website
- Privacy policy (GDPR/CCPA compliant)
- Mutual NDA template (for investor meetings, partnerships)
- Contractor agreements (with IP assignment)
Contract approach:
- Use standard templates (YC, Orrick, Cooley, NVCA)
- Self-service terms (click-wrap acceptance for customers)
- Legal review for first customer contract only
Budget: $5K-$15K (template customization, first contract review)
Seed-Series A: Standard Agreements
Contracts needed:
- Master service agreement (MSA) template for B2B customers
- Data processing agreement (DPA) for GDPR/CCPA
- Vendor contracts (AWS, Stripe, Salesforce, Zendesk)
- Employee offer letters and equity agreements
Contract approach:
- Standard MSA for customers <$50K ACV (annual contract value)
- Limited negotiation (accept standard terms or walk away)
- Legal review for customer contracts >$50K ACV
Budget: $25K-$75K (MSA/DPA templates, contract review, vendor negotiations)
Series B+: Enterprise Agreements
Contracts needed:
- Enterprise MSA (custom terms for $100K+ ACV customers)
- Service level agreements (SLA) with uptime guarantees and credits
- Business associate agreements (BAA) for HIPAA-covered customers
- Strategic partnership agreements (co-marketing, integrations, resellers)
Contract approach:
- Custom MSA for enterprise customers (negotiate liability caps, SLA, security terms)
- Redline vendor contracts (negotiate discounts, termination rights, liability)
- In-house legal or legal ops team (review 20-50+ contracts/month)
Budget: $100K-$500K/year (in-house counsel or legal ops, contract management software)
Core Contract Areas
πΌ SaaS Agreements
Master service agreements, terms of service, and SLAs for B2B SaaS
- MSA structure and key provisions
- Service level agreements (SLA) and uptime guarantees
- Data processing agreements (DPA) for GDPR/CCPA
- Pricing models (per-user, usage-based, tiered)
- Liability limitations and indemnification
π€ Vendor Contracts
Procurement strategies, vendor negotiations, and contract management
- Cloud infrastructure contracts (AWS, GCP, Azure)
- SaaS vendor negotiations (Salesforce, Zendesk, Slack)
- Payment terms and auto-renewal provisions
- Termination rights and data portability
- Volume discounts and committed use pricing
π NDA Templates
Confidentiality agreements for fundraising, hiring, and partnerships
- Mutual vs unilateral NDAs (when to use each)
- Confidentiality periods (2-5 years standard)
- Permitted disclosures and exclusions
- Standard clauses and redlines to avoid
- NDA templates and sample language
π Partnership Agreements
Strategic partnerships, co-marketing, and revenue sharing agreements
- Strategic partnership structures (referral, integration, reseller)
- Revenue sharing and commission models
- Exclusive vs non-exclusive partnerships
- IP licensing and white-label agreements
- Partner enablement and support obligations
Contract Negotiation Strategies
Negotiation Leverage by Deal Size
| Annual Contract Value | Your Leverage | Negotiation Approach |
|---|---|---|
| <$10K | High (customer is small) | Standard terms, no negotiation. Click-wrap acceptance. |
| $10K-$50K | Medium-High | Limited negotiation. Accept 2-3 redlines max (liability cap, termination notice, payment terms). |
| $50K-$250K | Medium | Moderate negotiation. Accept standard enterprise requests (security exhibit, custom SLA, higher liability cap). |
| $250K+ | Medium-Low | Full negotiation expected. Custom terms (security audits, custom features, dedicated support, professional services). |
Common Customer Redlines (and How to Respond)
1. Unlimited liability (customer removes liability cap)
β Customer request: Remove liability cap entirely.
β Your response: "We can increase the cap to 24 months of fees paid (from 12 months), but cannot accept unlimited liability. Our insurance and risk profile don't support uncapped exposure."
Compromise: Increase cap to 24 months or $500K (whichever is greater) for enterprise deals.
2. Data breach indemnification
β Customer request: Company indemnifies customer for all data breach costs (notification, credit monitoring, legal fees, regulatory fines).
β Your response: "We can indemnify for data breaches caused by our security failures, but not for breaches caused by customer's misuse (weak passwords, phishing, insider threats)."
Compromise: Indemnify for breaches resulting from Company's failure to maintain industry-standard security controls. Exclude customer-caused breaches.
3. Custom SLA with aggressive uptime (99.99%+)
β Customer request: 99.99% uptime SLA (4.38 minutes downtime/month).
β Your response: "Our standard SLA is 99.5% uptime (3.6 hours/month). We can offer 99.9% (43 minutes/month) with additional redundancy at 20% price premium."
Compromise: 99.9% uptime for 10-20% additional fee. Include maintenance windows and force majeure exclusions.
4. Broad indemnification (all customer claims)
β Customer request: Company indemnifies customer for "any and all claims arising from this Agreement."
β Your response: "We indemnify for IP infringement and data breaches caused by us. We cannot indemnify for claims arising from customer's misuse, content, or data."
Compromise: Limit indemnification to third-party claims for IP infringement, data breaches caused by Company, and Company's gross negligence.
Compliance & Risk Management
GDPR/CCPA Compliance (DPA Requirements)
Data Processing Agreement (DPA) must include:
- Scope of processing: What data is processed (personal data, categories, purposes)
- Data subject rights: How customer can exercise access, deletion, portability rights
- Security measures: Encryption, access controls, incident response
- Sub-processors: List of third-party vendors who process data (AWS, Stripe, SendGrid)
- Data retention and deletion: When data is deleted (contract termination + 30 days)
Standard Contractual Clauses (SCCs):
- Required for transfers of EU personal data to US companies
- EU-approved contract templates ensuring adequate data protection
- Most SaaS vendors use SCCs + DPA together
For detailed GDPR/CCPA compliance, see: Privacy Laws Guide
Auto-Renewal Compliance (State Laws)
State auto-renewal laws require advance notice:
| State | Notice Period | Penalty for Non-Compliance |
|---|---|---|
| California | 15-60 days (depending on contract length) | Up to $2,500/violation |
| New York | 30 days | Up to $500/violation |
| Illinois | 30 days | $1,000-$50,000/violation |
| Oregon | 30 days | Up to $25,000/violation |
Best practice: Send auto-renewal notice 60 days before renewal (satisfies all state laws).
Insurance and Risk Transfer
Insurance policies for contract risk:
- General liability: $1M-$2M (bodily injury, property damage)
- Cyber liability: $1M-$5M (data breach, ransomware, business interruption)
- Errors & omissions (E&O): $1M-$5M (professional services claims, software failures)
- Directors & officers (D&O): $2M-$10M (fiduciary duty claims, securities lawsuits)
Insurance requirements in customer contracts:
- Enterprise customers often require proof of $2M-$5M cyber + E&O insurance
- Add customer as "additional insured" on general liability policy
- Provide certificate of insurance within 10 days of contract execution
Contract Management Best Practices
Contract Repository & Organization
Contract management software:
- DocuSign CLM: Contract lifecycle management (drafting, approval, signature, storage)
- Ironclad: Legal ops platform (contract templates, playbooks, approval workflows)
- Juro: All-in-one contract platform (self-service contracts, e-signature, repository)
Manual alternative (spreadsheet):
- Contract name, counterparty, effective date, expiration date, ACV, renewal terms
- Link to signed PDF in Google Drive or Dropbox
- Renewal alerts (set calendar reminder 60-90 days before expiration)
Contract Review Checklist
Before signing any contract, review:
- [ ] Liability cap: Ensure cap exists (12-24 months fees minimum for vendors, 12 months fees for customers)
- [ ] Indemnification: Mutual indemnification (you indemnify for your breaches, they indemnify for theirs)
- [ ] IP ownership: You own your product improvements; customer owns their data
- [ ] Termination rights: Terminate for convenience with 30-90 days' notice
- [ ] Auto-renewal: Notice period complies with state laws (60 days safe)
- [ ] Payment terms: Net 30 for vendors; Net 30-60 for customers (avoid Net 90+)
- [ ] DPA/GDPR compliance: Data processing agreement included if processing EU data
- [ ] Governing law: Your home state (avoids litigation in customer's jurisdiction)
Contract Templates & Resources
Free Contract Templates
- Y Combinator Contracts (https://www.ycombinator.com/documents): SAFE, Series A term sheet, board consent
- Cooley GO (https://www.cooleygo.com/documents/): Incorporation, founder stock purchase, NDA, consulting agreement
- Orrick StartUp Forms (https://www.orrick.com/en/Total-Access/Tool-Kit/Start-Up-Forms): Incorporation, employment, financing documents
- NVCA Model Documents (https://nvca.org/model-legal-documents/): Term sheet, stock purchase agreement, voting agreement
SaaS Agreement Resources
- SaaS Agreements Guide (/startup-legal-guide/contracts/saas-agreements)
- Vendor Contracts Guide (/startup-legal-guide/contracts/vendor-contracts)
- Termly SaaS Agreement Generator (https://termly.io/products/terms-and-conditions-generator/): Free ToS generator
NDA Templates
- NDA Templates Guide (/startup-legal-guide/contracts/nda-templates)
- Cooley NDA Template (https://www.cooleygo.com/documents/nda-mutual/): Mutual NDA template
Need Help with Contracts?
Contracts are the foundation of customer relationships, vendor management, and risk mitigation. Whether you're drafting your first SaaS agreement, negotiating enterprise contracts, or reviewing vendor terms, Promise Legal can help.
We assist startups with:
- SaaS agreements and terms of service (MSA, SLA, DPA)
- Vendor contract review and negotiation (cloud infrastructure, SaaS tools)
- NDA templates and confidentiality agreements (mutual, unilateral)
- Partnership agreements (strategic partnerships, revenue sharing, integrations)
- Contract negotiation strategy (liability caps, indemnification, SLA terms)
- GDPR/CCPA compliance (data processing agreements, standard contractual clauses)
Related Guides:
- Compliance: GDPR, CCPA, data security, employment law
- Formation: Entity selection, founder agreements, 83(b) elections
- Intellectual Property: Trademarks, patents, trade secrets, open source
- Growth: M&A preparation, international expansion, board governance
Back to: Startup Legal Guide