MARCH 21, 2024

ADVANCED SAAS
AGREEMENTS:
TOP 5 MOST COMMON
ISSUES

Sponsored by
© 2 0 2 4 C O N T R A C T N E R D S U N I T E D L LC . T H I S M AT E R I A L I S F O R T R A I N I N G , N OT L E G A L A D V I C E . 1
Volume Time Elevate your CLM
experience with
Do More Go Faster

Malbek
Risk
Be Prepared
 Refine productivity.

 Transform risk into opportunity.

 Make your strategic impact.

Quality Cost  Elevate your CLM experience.

Run Better Save Money
 AGENDA

 Data Overview & Distinctions

 Top 5 Most Common Issues:
1. Data Obligations
2. Data Rights
3. Indemnification
4. Limitation of Liability
5. Term and Termination
 Speaker Q&A
 Foster Performs “Indemnify Me” Live

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 3
3
DATA OVERVIEW

Poll #1

4
 The risk analysis in SaaS
centers on data
because data is regulated
and because of cyberattacks.
 ASSESSING DATA RISK

Understand the Data:

• TYPE - What kind of data will the Customer be sharing with the SaaS?
• LOCATION - Where will the individuals reside?
• QUANTITY - How much of the data will be shared?
• SAAS HANDLING OF DATA – What cloud provider does the SaaS use?
Where are servers located? Do they store backups?

Determine the Legal Requirements:

• CLAUSES – Customize the SaaS agreement to address relevant data.
• ATTACHMENTS – Which documents need to be attached to the Master?
• INTERNAL REVIEWS – What sort of internal reviews and checks need to be
done? Such as third party risk assessment.

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 6
 TYPES OF DATA
Data Category Description
Personally Identifying • Any representation of information that permits the identity of an individual to whom the information
Information (PII) applies to be reasonably inferred by either direct or indirect means.
• May require a Data Processing Agreement.
Protected Health Information • Individually identifiable health information
(PHI) • Application of HIPAA
• Requires Business Associate Agreements
Payment Card Information • Debit, credit card, or prepaid card “primary account number”
• The CVV or CVV2 number
• PIN
• Card expiration date
• Individual cardholder’s name
Non-Public Information (NPI) • NPI may include CI, PII, PCI or PHI but it may not
• Be aware of the investment context of NPI and Material NPI
• Understand what NPI is concerned and the degree to which it includes regulated information (e.g.
social security numbers)
Confidential Information/ • Defined in the contract as negotiated by the parties.
Sensitive Information • Sensitive Information is defined to mean a subset of Confidential Information with distinct factors.
• CI/SI is often an umbrella term that includes PII and PHI in its definition.

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 7
 DATA AND ITS RELEVANCE IN SAAS

• The Health Insurance Portability and Accountability Act (HIPAA) covers

communication and the exchange of information between you and “covered
entities,” which include doctors, hospitals, pharmacies, insurers, and other similar
businesses.
• The Fair Credit Reporting Act (FCRA) covers information in your credit report. It
limits who is allowed to see a credit report, what the credit bureaus can collect, and
how information is obtained.
• The Family Educational Rights and Privacy Act (FERPA) details who can request
student education records. This includes giving parents, eligible students, and
other schools the right to inspect education records maintained by a school.
• The Gramm-Leach-Bliley Act (GLBA) requires consumer financial products, such as
loan services or investment-advice services, to explain how they share data, as well
as the customer’s right to opt out. The law doesn’t restrict how companies use the
data they collect, as long as they disclose such usage beforehand.

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 8
 DATA AND ITS RELEVANCE IN SAAS

• The Electronic Communications Privacy Act (ECPA) restricts government wiretaps

on telephone calls and other electronic signals (though the USA Patriot
Act redefined much of this).
• The Children’s Online Privacy Protection Rule (COPPA) imposes certain limits on a
company’s data collection for children under 13 years old.
• The Federal Trade Commission Act (FTC Act) empowers the FTC to go after an app
or website that violates its own privacy policy.

On a related note: Make sure your privacy statement matches what your business is doing. Moreover, make sure the
business understands your privacy statement and what it requires of them.

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 9
 DATA AND ITS RELEVANCE IN SAAS

Data privacy regulations are proliferating!

• Data is regulated by over100 countries. GDPR out of the European Union gets the
most attention, but globally, most countries regulate data privacy.
• Domestically, 13 states have signed privacy legislation and 20 have active bills.
Many other states have committees at work on new laws.
Cyber security is also regulated.
• HIPAA, GLBA, and Homeland Security Act – all require you to have safeguards for the
data you collect, maintain and store.
• NY Cybersecurity Law – requires banks, financial services companies, & insurance, to
have cybersecurity plans that meet certain minimum requirements, such as meeting
specific standards around encryption of data and Multi-Factor Authentication.
© 2 0 2 4 C O N T R A C T N E R D S U N I T E D L LC . T H I S M AT E R I A L I S F O R T R A I N I N G , N OT L E G A L A D V I C E . 10
 DATA AND ITS RELEVANCE IN SAAS

Cyberattacks are on the rise!

• It’s reported that 3 out of 4 organizations have
fallen victim to a ransomware attack, up 61% in two
years. 64% of affected companies paid the ransom,
but nearly 40% weren’t able to recover their data.
– The State of Email Security 2022 | Mimecast
• The global average cost of a data breach is $4.45
million per attack.
– Cost of a Data Breach Report 2023 | IBM

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 11
MOST COMMON ISSUE #1

DATA
OBLIGATIONS

Poll #2

12
 DATA OBLIGATIONS IN SAAS

Obligation SaaS Provider Customer

Protect confidentiality Yes Yes
Maintain security Yes Yes
Ensure accuracy of data inputs No Yes
Ensure accuracy of data output Maybe Maybe
Notification of data breach Yes No
Comply with applicable law (privacy laws) Yes Yes
Enter into supplemental agreements (BAA, Maybe Maybe
DPA, ISA)

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 13
 SPECIFIC DATA OBLIGATIONS IN SAAS

Data Category Regulation Secondary Agreement

Protected Health HIPAA Business Associate

Information Agreement
Personally Identifying Varies by jurisdiction of the Data Handling and
Information data subject Processing Agreement
Confidential information, Various depending on Information Security
sensitive information, and nature of the data and Agreement
non-public information. jurisdiction.

Poll #3

© 2 0 2 4 C O N T R A C T N E R D S U N I T E D L LC . T H I S M AT E R I A L I S F O R T R A I N I N G , N OT L E G A L A D V I C E . 14
 EXAMPLE DATA OBLIGATIONS IN SAAS

X.5 Customer Obligations. Customer is solely responsible for any and all information,
including Customer Data, submitted to Company in connection with the Company Solutions.
Customer shall use best efforts to assure that all Customer Data: (i) is accurate, complete, and
correct; (ii) does not infringe upon or violate the proprietary or intellectual property rights
including trade name, trademark, copyrights, or patent interests of any third party, and that
Customer has obtained any necessary consents to share the Customer Data; and (iii) does not
contain obscene, unlawful, harassing, defamatory, discriminatory, or libelous content.

Pro SaaS Provider Tip:

• Make accuracy of input incumbent on the Customer to protect against undesired use
that could give rise to liability for the SaaS provider.

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 15
 EXAMPLE DATA OBLIGATIONS IN SAAS

X.6 Company Obligations. To the extent it hosts Customer Data, Company agrees to
implement and maintain reasonably appropriate safeguards and security measures designed to
meet the requirements of all laws and regulations of the United States, and any state thereof,
applicable to Company’s use, reuse, non-disclosure, and protection of such Customer Data.

Pro Customer Tip:

• If there are certain laws and regulations that you want the SaaS provider to comply with,
consider calling them out in a Data Security Addendum or equivalent document.
• When you’re dealing with data that requires a supplemental agreement, having a lean
provision in your Master Terms ensures you avoid any unintended conflicts with the
terms in any BAA, DPA, or ISA.

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 16
MOST COMMON ISSUE #2

DATA
RIGHTS

17
 DATA RIGHTS RELATED TO SAAS

• Third-Party Data
• Customer Data
• De-identified or Anonymized Data
o Feedback
o Training

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 18
 THIRD-PARTY DATA RIGHTS RELATED TO SAAS

Personally Identifying Information (“PII”)

• Data subjects not party to the Agreement whose PII/PHI is
present in the SaaS, AND who are in a jurisdiction providing
rights to PII.
• Rights exist under the applicable law.
• Customers may request a Data Handling and Processing
Agreement (“DPA”) to demonstrate compliance with
applicable laws and to have clarity on the roles and
responsibilities (“processor” and “controller”).

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 19
 THIRD-PARTY DATA RIGHTS RELATED TO SAAS

Protected Health Information (“PHI”)

• Data subjects not party to the Agreement whose PHI is
present in the SaaS in the United States.
• Rights exist under HIPAA
• Customers will request a Business (“BAA”) to demonstrate
compliance with HIPAA.

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 20
 THIRD-PARTY DATA RIGHTS RELATED TO SAAS

Publisher Data
• Data from publishers not party to the Agreement
• Publishers retain all their rights to the data via pass-through
terms and may require a separate license.
• Examples:
• Proprietary codes (CPT Codes in Healthcare)
• Proprietary forms (ACORD in Insurance)

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 21
 CUSTOMER DATA RIGHTS IN SAAS

Customer Data Rights considerations

• Customer Data should be a defined term that is
straightforward in meaning.
• These are rights of both the Customer and the SaaS
provider that permit and restrict SaaS provider use of
Customer Data

Pro Customer Tip:

Make sure you understand the rights to Customer Data at termination and that if the data must
be returned, that’s stated along with if such is to be done for a fee.

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 22
 Definition of “Customer Data”

“Customer Data” means all data, information or materials input into the SaaS Solution or
otherwise provided by Customer to Company in connection with the Agreement, expressly
including the administrator information.

Drafting Tips:
• Broad in scope.
• Covers information not input into the SaaS Solution as well.
• Includes administrator information, which is not always relevant but important when there is
a third-party contractor managing the administration of the SaaS Solution.

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 23
 Customer Data Section – Pro SaaS Provider

X.2 Customer Data. Customer exclusively owns all right, title and interest in and to the
Customer Data, including where contained or stored in the SaaS Solutions as provided to
Company and subject to Subsection X.3 De-Identified Data. Company may use Customer
Data as necessary to fulfill its obligations under this Agreement and for any other lawful
internal business purpose including in connection with developing or enhancing new or
existing SaaS Solutions, subject to Section C, Confidentiality.

Drafting Tips:
• Gives the Customer full ownership of Customer Data shared with the SaaS Company and notes
the carveout in section on De-Identified data which provides for the SaaS Company’s ownership
of De-Identified Data (more on this to come).
• Permits the SaaS Company to use the Customer Data as necessary to deliver the SaaS Solution
and for internal business purposes broadly.
• Notes the need to comply with any Confidentiality obligations.

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 24
 Customer Data Section – Pro Customer

X.2 Customer Data. Customer exclusively owns all right, title and interest in and to the
Customer Data, including where contained or stored in the SaaS Solutions as provided to
Company and subject to Subsection X.3 De-Identified Data. Company may use Customer
Data as necessary to fulfill its obligations under this Agreement and for any other lawful
internal business purpose including in connection with developing or enhancing new or
existing SaaS Solutions, subject to Section C, Confidentiality.

Drafting Tips:
• Customer has full ownership of Customer Data shared with the SaaS Company and notes the
carveout in section on De-Identified data which MAY provide for the SaaS Company’s
ownership of De-Identified Data (more on this to come).
• Customer may want to strike this but may agree if required to take part in the use of the relevant
SaaS Solution that requires this right from all Customers (analytics, benchmarking, etc.).
• If not agreeing to De-identified Data then don’t agree to such broad permission. If there’s
something the parties want to permit, you can introduce specific language to address that
need.
©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 25
 DE-IDENTIFIED DATA RIGHTS IN SAAS

De-identified Data
• Should be a defined term that is straightforward in meaning.
• Rights to receive data at termination.
• Rights to restrict SaaS provider use of Customer Data.

Other types (not covered today):

Training Data or Feedback Data

© 2 0 2 4 C O N T R A C T N E R D S U N I T E D L LC . T H I S M AT E R I A L I S F O R T R A I N I N G , N OT L E G A L A D V I C E . 26
 MOST COMMON ISSUE #3

INDEMNIFICATION

Poll #4

27
 INDEMNIFICATION 101

• Making the other party whole

• Standing in the shoes of the other party and bearing the full harm, damages, and loss.
• It would be unjust for the other party to bear the consequences.

• Allocation of risk
• It represents a fair allocation of risk between the parties.
• The indemnifying party should be expected to control the risks that give rise to the
indemnified claim.

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 28
 INDEMNIFICATION IN SAAS

• Third Party IP Infringement

• Breach of Confidentiality
• Misuse of Data
• Inaccurate Data
• Security Incident
• Data loss
• Data theft
• Damage to data
• Violation of Applicable Law

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 29
 Customer Indemnification Section – Pro SaaS
Provider

Pro SaaS Provider Tip:

Given the rise in cyber attacks, imposing an indemnification obligation on your customer with
respect to security and encryption may make sense. It can help set expectations for what
responsibilities lie with each party as it pertains to security and/or encryption.

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 30
 Indemnification by SaaS Provider – Pro SaaS Provider

X.1 Company Indemnification. Company shall defend, indemnify, and hold harmless
Customer and its permitted assigns from and against any and all Claims arising out of or in
connection with any third-party claims that the SaaS Solutions, in the form used by Customer in
accordance with the Agreement, infringes or misappropriates the intellectual property rights of a
third party.
X.1.1 Infringement Claim. Company has the right, in its sole discretion, to do any of the
following when an infringement Claim is raised: (i) obtain the right for Customer to use the
allegedly infringing portion of the SaaS Solutions, (ii) replace the SaaS Solutions with a
modified version so long as it does not decrease the functionality, or (iii) terminate the
Agreement as to the allegedly infringing SaaS Solutions. In such event, Vertafore makes
no admission and disclaims all liability that any actual infringement occurred.

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 31
 Indemnification by SaaS Provider – Pro Customer

X.1 Company Indemnification. Company shall defend, indemnify, and hold harmless
Customer and its permitted assigns from and against any and all Claims arising out of or in
connection with any third-party claims that the SaaS Solutions, in the form used by Customer in
accordance with the Agreement, infringes or misappropriates the intellectual property rights of a
third party, or arising out of Company’s breach of its duties or obligations under section
{reference Confidentiality} or {reference Security}, or Company’s violation of applicable law.
X.1.1 Indemnification Claim. Company has the right, in its sole discretion, to do any of the
following when an infringement Claim is raised: (i) obtain the right for Customer to use the
allegedly infringing portion of the SaaS Solutions in a timely manner, (ii) replace the SaaS
Solutions with a modified version in a timely manner so long as it does not decrease the
functionality, or (iii) if neither option (i) nor (ii) are viable within a reasonable timeframe,
Customer may choose to terminate the Agreement as to the allegedly infringing SaaS
Solutions in which case Company shall provide a pro rata refund of the fees. In such
event, Company makes no admission and disclaims all liability that any actual infringement
occurred.
©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 32
MOST COMMON ISSUE #4

LIMITATION OF
LIABILITY

33
 LIMITATION OF LIABLITY IN SAAS

• Disclaimers
• Caps on damages
• Super caps
• Specific remedies

Note: Make sure the parties have insurance and that they are required to carry
appropriate amounts.

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 34
 Limitation of Liability Disclaimer – SaaS
Provider Favorable

IN NO EVENT SHALL COMPANY BE LIABLE TO CUSTOMER FOR ANY INDIRECT,

INCIDENTAL, CONSEQUENTIAL, RELIANCE OR PUNITIVE DAMAGES OR LOST OR
IMPUTED PROFITS OR LOST DATA.

Pro Customer Tip:

Try to negotiate out any reference to lost, damaged, or stolen data from the consequential
damages disclaimer. Depending on the circumstances, loss of data may be a direct damage as
opposed to be indirect, consequential, or special.

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 35
 Limitation of Liability Disclaimer – Pro Customer

EXCEPT FOR FRAUD, GROSS NEGLIGENCE, WILLFUL MISCONDUCT,

INDEMNIFICATION OBLIGATIONS, OR BREACHES OF CONFIDENTIALITY AND
SECURITY, IN NO EVENT NEITHER PARTY SHALL COMPANY BE LIABLE TO
CUSTOMER THE OTHER FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL,
RELIANCE OR PUNITIVE DAMAGES OR LOST OR IMPUTED PROFITS OR LOST DATA.

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 36
 Limitation of Liability Cap on Damages – Pro SaaS
Provider

EXCEPT WITH RESPECT TO COMPANY’S INDEMNIFICATION OBLIGATION IN

SUBSECTION X.1 IP INFRINGEMENT, COMPANY AND ITS REPRESENTATIVES,
EMPLOYEES, MEMBERS, MANAGERS, OFFICERS, AND DIRECTORS AGGREGATE,
CUMULATIVE LIABILITY IN CONNECTION WITH ALL AGREEMENTS, AND THE SAAS
SOLUTIONS SHALL BE CAPPED AT THE TOTAL AMOUNT OF THE FEES PAID BY
CUSTOMER TO COMPANY UNDER THE ORDER GIVING RISE TO SUCH LIABILITY
DURING THE MOST RECENT TWELVE (12) MONTH PERIOD.

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 37
 Limitation of Liability Cap on Damages – Pro
Customer
EXCEPT FOR WITH RESPECT TO COMPANY’S INDEMNIFICATION OBLIGATIONS IN
SUBSECTION X.1 IP INFRINGEMENT, COMPANY AND IT’S THE PARTIES, AND THEIR
OPTION 1

REPRESENTATIVES, EMPLOYEES, MEMBERS, MANAGERS, OFFICERS, AND DIRECTORS

AGGREGATE, CUMULATIVE LIABILITY IN CONNECTION WITH ALL AGREEMENTS, AND THE
SAAS SOLUTIONS SHALL BE CAPPED AT [MULTIPLE] THE TOTAL AMOUNT OF THE FEES
PAID OR PAYABLE BY CUSTOMER TO COMPANY UNDER THE ORDER GIVING RISE TO
SUCH LIABILITY DURING THE MOST RECENT TWELVE (12) MONTH PERIOD.

EXCEPT FOR WITH RESPECT TO COMPANY’S INDEMNIFICATION OBLIGATIONS IN

SUBSECTION X.1 IP INFRINGEMENT, COMPANY AND IT’S THE PARTIES, AND THEIR
OPTION 2

REPRESENTATIVES, EMPLOYEES, MEMBERS, MANAGERS, OFFICERS, AND DIRECTORS

AGGREGATE, CUMULATIVE LIABILITY IN CONNECTION WITH ALL AGREEMENTS, AND THE
SAAS SOLUTIONS SHALL BE CAPPED AT THE AMOUNT EQUAL TO THE GREATER OF I)
ONE MILLION DOLLARS, OR II) THREE TIMES THE TOTAL AMOUNT OF THE FEES PAID OR
PAYABLE BY CUSTOMER TO COMPANY UNDER THE ORDER GIVING RISE TO SUCH
LIABILITY DURING THE MOST RECENT TWELVE (12) MONTH PERIOD.
©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 38
 Super Cap – Pro SaaS Provider

EXCEPT WITH RESPECT TO COMPANY’S INDEMNIFICATION OBLIGATION IN

SUBSECTION X.1 IP INFRINGEMENT, COMPANY AND ITS REPRESENTATIVES,
EMPLOYEES, MEMBERS, MANAGERS, OFFICERS, AND DIRECTORS AGGREGATE,
CUMULATIVE LIABILITY IN CONNECTION WITH ALL AGREEMENTS, AND THE SAAS
SOLUTIONS SHALL BE CAPPED AT THE TOTAL AMOUNT OF THE FEES PAID BY
CUSTOMER TO COMPANY UNDER THE ORDER GIVING RISE TO SUCH LIABILITY
DURING THE MOST RECENT TWELVE (12) MONTH PERIOD; PROVIDED HOWEVER
THAT COMPANY’S LIABILITY FOR ANY CLAIMS OR DAMAGES ARISING UNDER A
BREACH OF ITS DUTIES AND OBLIGATIONS IN SECTION X CONFIDENTIALITY &
SECURITY SHALL BE CAPPED AT THE AMOUNT EQUAL TO THE LESSER OF I) TWO
TIMES THE FEES ACTUALLY RECEIVED BY COMPANY FROM CUSTOMER IN THE 12
MONTHS PRECEDING THE CLAIM, OR II) TWO MILLION DOLLARS.

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 39
 Super Cap – Pro Customer

EXCEPT FOR WITH RESPECT TO COMPANY’S INDEMNIFICATION OBLIGATIONS IN

SUBSECTION X.1 IP INFRINGEMENT, COMPANY AND IT’S THE PARTIES, AND THEIR
REPRESENTATIVES, EMPLOYEES, MEMBERS, MANAGERS, OFFICERS, AND
DIRECTORS AGGREGATE, CUMULATIVE LIABILITY IN CONNECTION WITH ALL
AGREEMENTS, AND THE SAAS SOLUTIONS SHALL BE CAPPED AT THE TOTAL
AMOUNT OF THE FEES PAID OR PAYABLE BY CUSTOMER TO COMPANY UNDER THE
ORDER GIVING RISE TO SUCH LIABILITY DURING THE MOST RECENT 12 MONTH
PERIOD, PROVIDED HOWEVER THAT COMPANY’S LIABILITY FOR ANY CLAIMS OR
DAMAGES ARISING UNDER A BREACH OF ITS DUTIES AND OBLIGATIONS IN SECTION
X VIOLATION OF ITS CONFIDENTIALITY &OR SECURITY OBLIGATIONS SHALL BE
CAPPED AT THE AMOUNT EQUAL TO THE LESSER GREATER OF I) TWO TIMES THE
FEES ACTUALLY RECEIVED BY COMPANY FROM CUSTOMER PAID OR PAYABLE BY
CUSTOMER TO COMPANY IN THE 12 MONTHS PRECEDING THE CLAIM, OR II) TWO
MILLION DOLLARS.

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 40
 Specific Remedies – SaaS Provider Favorable in Blue
and Customer Favorable in Red
EXCEPT WITH RESPECT TO COMPANY’S INDEMNIFICATION OBLIGATION IN
SUBSECTION X.1 IP INFRINGEMENT, COMPANY AND ITS REPRESENTATIVES,
EMPLOYEES, MEMBERS, MANAGERS, OFFICERS, AND DIRECTORS AGGREGATE,
CUMULATIVE LIABILITY IN CONNECTION WITH ALL AGREEMENTS, AND THE SAAS
SOLUTIONS SHALL BE CAPPED AT THE TOTAL AMOUNT OF THE FEES PAID BY
CUSTOMER TO COMPANY UNDER THE ORDER GIVING RISE TO SUCH LIABILITY
DURING THE MOST RECENT TWELVE (12) MONTH PERIOD; PROVIDED HOWEVER
THAT ADDITIONALLY, IN THE EVENT OF AN ACTUAL SECURITY BREACH INVOLVING
CUSTOMER DATA OR CONFIDENTIAL INFORMATION, COMPANY SHALL INDEMNIFY
CUSTOMER FOR ALL COSTS RELATED TO THE INVESTIGATION OF SUCH BREACH
[AS WELL AS], [AT CUSTOMER’S ELECTION], [THE FURNISHING OF NOTICE TO
AFFECTED INDIVIDUALS, AND/OR [THE OFFER TO SUCH AFFECTED INDIVIDUALS OF
ONGOING MONITORING SERVICES (E.G. CREDIT BUREAU MONITORING).

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 41
MOST COMMON ISSUE #5

TERM &
TERMINATION

42
 TERM AND TERMINATION

Term:
• Initial Term – Usually multiple years
• Auto-Renewal vs. Option to Renew
• Relationship of Pricing to Term

Auto-Renewal Risk Mitigations for Customer:

• Longer notice period for non-renewal
• SaaS Provider notify Customer of upcoming auto renewal
• Internal auto renewal and notification tracking
• Transition Assistance Period
©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 43
 TERM AND TERMINATION

Common Termination Rights:

• Termination for Convenience - No
• Termination for Breach - Yes
• 30-day cure period
• Mutual
• Transition Assistance Period
• Paid vs. unpaid

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 44
 CUSTOMER TERMINATION OPTIONS

• If infringement claim impacts the SaaS and SaaS

Provider unable to repair or replace in a timely
manner
• Pattern of or egregious SLA failure
• SaaS Provider unable to comply with applicable
law (aka privacy/security)
• Assignment to another party
• Force majeure that is not curable within a
reasonable period of time

©2024 CONTRACT NERDS UNITED LLC. THIS MATERIAL IS FOR TRAINING, NOT LEGAL ADVICE. 45
Thank you and see you next time!

46
SPEAKER BIOS

STERLING MILLER, CEO & Senior Counsel at Hilgers Graben PLLC

Sterling Miller is a three-time General Counsel who spent almost 25 years in-house. He has published
five books and writes the award-winning legal blog, Ten Things You Need to Know as In-House Counsel.
He is currently the CEO and Senior Counsel at Hilgers Graben PLLC. Besides legal work, he regularly
consults with legal departments and coaches in-house lawyers. Sterling received his J.D., with honors,
from Washington University in St. Louis. You can follow him on
Twitter @10ThingsLegal and LinkedIn where he regularly shares his commentary and insights on legal
issues

FOSTER SAYERS, VP of Legal Operations at symplr

Foster is a corporate attorney, inventor, and entrepreneur. He is currently Vice President of Legal
Operations at symplr. He is also the co-founder of Tactile VR, a company bringing the sense of touch to
VR training. He also shares his legal expertise in articles and CLE courses. Previously, he served as
General Counsel and Chief Evangelist at Pramata, which followed over five years at Vertafore where he
served as Corporate Counsel and led negotiations for the majority of the company’s commercial
contracts. He has negotiated thousands of agreements during an in-house career that began fifteen
years ago as an intern for corporate counsel reviewing terms and conditions in RFPs. He enjoys playing
guitar and creating legal parody videos.
47