Legal Redline beta
Join waitlist →
§ Resources · Featured guide
§ 01 · Pinned

The four clauses that actually matter in a vendor SaaS.

Skip the boilerplate. Of the forty-odd clauses in a typical SaaS contract, four decide the relationship: liability cap, indemnity, auto-renew, and exit. Get these right, the rest is housekeeping.

14 min read · Updated 3 March 2026

Open any vendor SaaS contract and you’ll find about forty clauses. Definitions, access, fees, taxes, services, support, security, data, IP, warranties, indemnity, liability, termination, suspension, force majeure, governing law, dispute resolution, notices, assignment, severability, entire agreement, amendments, waiver, counterparts, and so on. Most are boilerplate. Most don’t need negotiation.

Four of them do. These four decide whether the contract works for you when something goes wrong, and what happens if you ever want out. Get them right.

1. Liability cap

The liability cap is the contract’s answer to the question: “If this goes wrong, what’s the most you can sue us for?”

Default vendor language often looks like this:

The Vendor’s aggregate liability under this Agreement shall not exceed the greater of one hundred dollars ($100) or the fees paid by Customer in the three (3) months preceding the event giving rise to the claim.

That cap is meaningless. $100 against a multi-million-pound deployment isn’t liability; it’s symbolic. Three months of fees, on a contract that runs years, creates an asymmetry where the vendor’s incentives to maintain the service barely align with your loss exposure.

What to push for

  • Cap at 12 months of fees, minimum. Twelve months represents one full subscription cycle — enough that a vendor takes service interruption seriously.
  • Carve-outs from the cap for specific harms. The cap should not apply to: (i) the vendor’s indemnification obligations (especially IP), (ii) breach of confidentiality, (iii) gross negligence or wilful misconduct, (iv) breach of data protection obligations.
  • Mutual cap structure. The same cap should apply to both parties. If the vendor insists their cap is lower than yours, you’re being asked to assume more risk than they will.

Example redline

The aggregate liability of either party under this Agreement shall not exceed twelve (12) months of fees paid hereunder. This limitation shall not apply to: (a) indemnification obligations under Section 7; (b) the Vendor’s gross negligence or wilful misconduct; or (c) breach of the confidentiality provisions of Section 9.

2. Indemnity

Indemnity is the vendor’s promise to defend and pay if a third party sues you about something arising from the vendor’s product. The most important indemnity in any SaaS contract is the IP indemnity: the vendor warrants that their software doesn’t infringe anyone else’s patents, copyrights, or trade secrets.

Vendor templates often narrow the IP indemnity to the point of uselessness. Watch for:

  • IP indemnification only covers registered patents and copyrights. (Trade secrets are a major source of risk; ask why they’re excluded.)
  • Indemnity is voided if the customer modifies the product or uses it with non-vendor tools. (Reasonable in spirit; over-broad in typical drafting.)
  • Indemnity is voided for “combinations” with customer data or systems. (Unreasonable for a multi-tenant SaaS — the entire product is “combined” with your data.)

What to push for

  • IP indemnity covers any third-party claim that the Service infringes a patent, copyright, trademark, or trade secret.
  • Carve-outs are limited to (i) customer’s unauthorised modifications, (ii) combinations the vendor specifically prohibited in writing, and (iii) use after notice that the use infringes.
  • Remedies if a claim succeeds: vendor must (a) procure the right to continue use, (b) modify the service to be non-infringing, or (c) refund the unused portion of fees. The customer should not be left holding the bag.

Example redline

Vendor shall defend, indemnify, and hold Customer harmless from and against any third-party claim that the Service infringes a registered patent or copyright infringes any patent, copyright, trademark, or trade secret, except to the extent such claim arises from (i) Customer’s unauthorised modification of the Service, (ii) combinations the Vendor has specifically prohibited in writing, or (iii) Customer’s continued use after written notice from Vendor that such use infringes.

3. Auto-renew

Auto-renewal is covered in detail in our dedicated guide, but the short version: the contract should not silently renew at a price you didn’t agree to, on a date you didn’t notice.

The minimum redline:

  1. Cap renewal price increases at the lower of CPI or 3%.
  2. Shorten the cancellation notice to 30 days, or convert to opt-in.
  3. Require the vendor to send 60-day pre-renewal notice.

4. Exit

How do you leave? Exit clauses are where vendor contracts most often diverge from customer interests, because the vendor has no interest in making it easy.

Five things to nail down:

  • Termination for convenience. Can either party terminate with notice and no cause? Vendors often prohibit customer-side termination for convenience while allowing it for themselves. Push for either mutual rights or no right (mutual is cleaner).
  • Termination for breach. Standard wording: 30 days’ written notice and an opportunity to cure. Make sure cure is realistic for the breach in question.
  • Data export. On termination, the vendor must provide your data in a usable format (JSON, CSV, or a documented API export) within 30 days. Some vendors charge for this; the contract should cap or eliminate that fee.
  • Transition assistance. For larger deployments, the vendor should provide reasonable transition assistance for a defined period (typically 60–90 days post-termination), at agreed rates.
  • Data deletion. After the export period, the vendor must delete all customer data, including from backups (subject to a reasonable backup-retention carve-out), and provide written certification.

Example redline

On termination for any reason, the Vendor shall, at the Customer’s request and for a fee determined by the Vendor without additional charge: (a) provide the Customer with a complete export of Customer Data in a structured, commonly-used, machine-readable format within thirty (30) days of termination; (b) provide reasonable transition assistance for up to ninety (90) days at the Vendor’s standard professional services rates; and (c) within sixty (60) days of completion of the export, securely delete all Customer Data from its systems and provide the Customer with written certification of such deletion.

The four-clause review

These four clauses can be reviewed in any vendor SaaS contract in fifteen minutes. If they’re acceptable, the rest of the contract usually is too — the parties who write thoughtful clauses on the four that matter rarely write hostile boilerplate on the rest.

If any of the four are materially off-market, the negotiation starts there. The boilerplate can wait.

Back to resources
Vendor SaaS Contract Review: The 4 Clauses That Matter Most — Legal Redline