This is a sample of the SaaS Vendor playbook. Five of the twenty-four rules are shown below, in the three-position format: Ideal (your preferred outcome), Fallback (an acceptable compromise), and Walk away (terms you should never sign).
The full playbook covers liability, indemnity, IP, data protection, sub-processors, security, audit, support SLAs, fees and renewal, exit and data return, governing law, and force majeure. Customise each rule to your own risk tolerance before going live.
§ 8 · Liability cap
Limitation of liability
The most an injured party can recover. Defines the relationship's worst-case economics.
Ideal
Mutual cap at 2× annual fees, with carve-outs for IP indemnity, data breach, gross negligence, wilful misconduct, and breach of confidentiality.
Fallback
Mutual cap at 12 months of fees, with the same carve-outs.
Walk away
Vendor cap below 12 months of fees, or no carve-outs for IP / data breach. Symbolic caps (e.g. $100) are not negotiated — they’re refused.
§ 7 · IP indemnity
Vendor IP indemnification
Vendor's promise to defend you if a third party claims their software infringes IP rights.
Ideal
Vendor indemnifies against any third-party claim that the Service infringes a patent, copyright, trademark, or trade secret. Carve-outs limited to customer’s unauthorised modifications.
Fallback
Patents and copyrights only, with carve-outs for customer-prohibited combinations.
Walk away
No IP indemnity, or indemnity capped at a token amount. The risk transfers to you for something only the vendor controls.
§ 11 · Sub-processors
Sub-processor disclosure & objection rights
Who else processes your data, and your right to know when that list changes.
Ideal
Full sub-processor list in Annex I of the DPA, with at least 30 days’ notice before adding new sub-processors and a right to terminate the contract for objections that aren’t resolved within 30 days.
Fallback
Sub-processor list maintained at a stable URL incorporated into the DPA, with email notification on additions and a 30-day objection window.
Walk away
No sub-processor disclosure, no objection mechanism, or generic “Vendor and its affiliates” without a specific list.
§ 14 · Termination & data return
Exit and data portability
What happens to your data when the relationship ends.
Ideal
On termination, vendor provides full data export in a structured, machine-readable format within 30 days, at no cost. Up to 90 days of transition assistance at standard rates. Full deletion (including backups) within 60 days post-export, with written certification.
Fallback
Data export at no cost within 60 days; transition assistance available; deletion certified within 90 days.
Walk away
Data export charged at vendor discretion, indefinite retention, or no portability commitment. Vendor lock-in by contract design.
§ 4 · Price increase at renewal
Renewal price cap
How much your vendor can raise your price without renegotiation.
Ideal
Renewal price increase capped at the lesser of CPI or 3%; opt-in renewal preferred over auto-renew.
Fallback
Auto-renewal with cancellation notice no greater than 30 days, vendor pre-renewal notice 60 days in advance, and price increase capped at CPI + 3%.
Walk away
Uncapped price increases, or notice windows greater than 60 days. The renewal becomes a trap.