SaaS on a EULA? Get Some New Pants!
A good contract is like a good pair of pants. When the pants fit right and look good, you wear them all the time and hardly notice them. But if they’re too tight, you won’t buy them and if they’re too loose they fall down and leave you exposed. And if they’re just wrong – like trying to pair hockey pants with a suit coat – nobody knows what to do with you.
As more and more software companies deliver SaaS instead of software CDs, why do I still see so many EULAs? They aren’t quite as bad as hockey pants with a suit, but I’d say they approach wearing hockey pants for skiing. Yes, they’re warm and in the winter sports category but they leave a lot of bare leg and have way too much unnecessary padding.
First let’s talk about the fundamental differences between licensed software and SaaS. One is a right to take a copy of some technology to your home or office, install it on your computer and use it all by yourself (or with the other users in your company). Your data stays with you. The other is a service provided by a vendor which allows you to input and review data that is processed somewhere else. No software is delivered. No copies of technology are made for the users. But your data is processed and stored outside of your computer.
So, one is a license – a right to get a copy and use IP – and the other is a service – that processes and stores information. They really are different pants even if software is involved in both.
The legal community has done a good job of drilling the importance of protecting IP into software developers. Yes, intellectual property rights are what make that wonderful technology valuable. Tie them up tight in your license agreement, use license keys and other mechanisms to control users and audit them to make sure they aren’t proliferating without paying.
But do you know the best way to protect IP? Don’t share it. Don’t let anyone see it or get a copy. In other words, use it to deliver a service: SaaS. No license is required when IP isn’t shared (There go the huge pads on the hockey pants). And granting a license for IP that isn’t delivered could result in the unintended requirement to deliver it (Those pants fall right down around the ankles).
The legal community hasn’t done a good job of advising SaaS users of the risks of losing control of their data and the means to process it themselves. SaaS customers under a EULA don’t get any assurances about how the vendor will protect their data (Those hockey pants are too short for the slopes). They don’t know what kind of backup procedures the provider has or how to get their data back in a meaningful format. Because the contract won’t address data issues at all, it doesn’t even say that the client owns its data (Get me some ski pants!).
In summary, my last pants analogy: if you’re selling SaaS with a EULA, get some new pants.
By Cindy Wolf
Cindy Wolf is a Colorado lawyer with more than 25 years experience representing large and small domestic and multinational companies. Her expertise is in helping companies enter the cloud safely, either as providers or users. She also practices in the areas of corporate law and commercial contracting, with an emphasis on international issues. She can be reached at firstname.lastname@example.org.
- Data Protection and Session Fixation Attacks - June 27, 2016
- 15 Cloud Data Performance Monitoring Companies - June 21, 2016
- Cross-Site Scripting – Why Is It A Serious Security Threat For Big Data Applications? - June 21, 2016
- What’s Ahead For Predictive Analytics And Why It Matters For Businesses - June 17, 2016
- Do Not Rely On Passwords To Protect Your Online Information - June 15, 2016