Question 1

What is a SaaS Subscription Agreement and how is it different from Terms of Service?

Accepted Answer

A SaaS Subscription Agreement is the negotiated or clickwrap contract that governs a customer's ongoing use of a software-as-a-service product. It differs from generic Terms of Service in three substantive ways. First, it addresses subscription mechanics directly — term length, renewal, pricing tiers, usage metrics, overages, price changes — rather than leaving them to a separate order form or pricing page. Second, it includes a Service Level Agreement with uptime commitments and remedies that a website's ToS rarely has. Third, it addresses the data-processing relationship explicitly, typically by incorporating a Data Processing Agreement for GDPR Article 28 and CCPA service-provider obligations. Commercially, ToS is a public-facing document that governs the relationship with any visitor; a SaaS Subscription Agreement is the paid-customer contract that sits alongside it and prevails in conflict.

Question 2

What happened to the FTC's Click-to-Cancel Rule and does it still apply?

Accepted Answer

On July 8, 2025, the Eighth Circuit vacated the Federal Trade Commission's Negative Option Rule — widely known as the Click-to-Cancel Rule — in its entirety in Custom Communications, Inc. v. Federal Trade Commission, No. 24-3137. The court found a fatal procedural error in the FTC's failure to conduct the preliminary regulatory analysis Section 22 of the FTC Act required. The rule did not take effect on its scheduled July 14, 2025 compliance date. On January 30, 2026, the FTC submitted a draft Advance Notice of Proposed Rulemaking to OIRA to restart the rulemaking process. In the meantime, the 1973 Negative Option Rule remains in force, and ROSCA continues to require clear and conspicuous disclosure, express informed consent, and simple cancellation mechanisms.

Question 3

What does California's amended CARL (AB 2863) require as of July 1, 2025?

Accepted Answer

Five categories of new obligation: scope expanded to cover free-to-pay conversions; express affirmative consent to the renewal specifically, separate from contract consent, with 3-year retention; annual reminders regardless of term length, with advance notice of material price changes; cancellation in the same medium as sign-up, including toll-free phone with prompt pickup; any save offer during cancellation requires a prominent click-to-cancel button adjacent. Enforced by the California AG, district attorneys, and private plaintiffs.

Question 4

What does New York's amended auto-renewal law require as of November 5, 2025?

Accepted Answer

Clear-and-conspicuous disclosure of material terms before consent or billing; cancellation through every medium by which consent could be given. For price increases: affirmative consent in advance OR a 14-day cancel-with-pro-rata-refund right after the first charge at the new price. For free trials longer than one month, notice 3 to 21 days before the first chargeable period. Enforced by the New York Attorney General, with a $600,000 Equinox settlement in June 2025 signalling active scrutiny.

Question 5

How does Massachusetts 940 CMR 38.00 affect SaaS subscriptions?

Accepted Answer

Effective September 2, 2025, the strictest US state rule for monthly subscriptions. Terms longer than one month require a reminder 5 to 30 days before the cancellation deadline. For monthly terms (31 days or less), the business must either send the same reminder OR send a receipt after every renewal disclosing the charge amount, the cancellation mechanism, and the calendar date by which cancellation must occur. Violations are unfair or deceptive acts under the Massachusetts Consumer Protection Act.

Question 6

What SLA uptime tier should I commit to?

Accepted Answer

99.5% (about 3.6 hours of downtime per month) for SMB or non-critical tools. 99.9% (about 43 minutes per month) is the mid-market standard. 99.95% (about 22 minutes per month) is typical for enterprise contracts. 99.99% (about 4 minutes per month) is reserved for mission-critical infrastructure with negotiated terms. Each tier pairs with a tiered service-credit schedule, typically capped at 100% of the monthly fee for significant outages. Over-committing to 99.99% without the infrastructure to support it is the most common SaaS drafting mistake.

Question 7

Do I need a Data Processing Agreement alongside a SaaS Subscription Agreement?

Accepted Answer

If the SaaS processes personal data relating to EU, UK, or Swiss individuals on the customer's behalf, yes — GDPR Article 28(3) requires a written data-processing contract with no de minimis exception. Market-standard structure: keep the DPA as a separate document incorporated by reference so it can be updated independently as regulatory requirements evolve. Most US state privacy laws also require a service-provider contract when personal information is shared.

Question 8

What is the standard liability cap in a SaaS Subscription Agreement?

Accepted Answer

Three structures dominate: 12 months' fees paid or payable preceding the claim (market standard), 2x 12 months' fees (customer-favorable), or tiered (2x for data-protection or confidentiality breaches, 1x for other claims). Uncapped carveouts should include indemnification obligations, gross negligence, wilful misconduct or fraud, amounts owed, and (often) breach of confidentiality. Consequential and indirect damages are excluded with carveouts preserving liability for the uncapped tier.

Free SaaS Subscription Agreement Generator

About SaaS Subscription Agreements

Frequently asked questions

Related legal generators