How to Protect your SaaS Business

If your business builds Software as a Service (SaaS) products, there are quite a few measures that you should be taking to legally protect it. This post will give you a high level overview of how to protect your SaaS business.

1. Have Agreements for Incorporation and Equity

You should ensure that you have all the requisite documents about your incorporation and equity structure in place. This includes:

• Articles of Incorporation, that you filed with the state you are registered in.
• Corporate Bylaws
• Stock Plan and Ledger
• Stock Purchase Agreements with each founder and employee receiving stock.
• Shareholder Agreement – determining the rights of shareholders and defining when those rights can be exercised.
• Cap Table (more below)
• Board Resolutions (more below)

2. Have an Up to Date Cap Table

A Cap Table is a table providing an analysis of a company’s percentages of ownership, equity dilution, and value of equity in each round of investment by founders, investors, and other owners. You should have this in place, even if just you and your co-founders are the only ones who own stock. You’ve got options for Cap Tables:

• Download a free spreadsheet from many sources online. Here’s one from Cooley.
• Use software (recommended) like Carta, Captable.io, or CapShare.

3. Register your Copyrights, Trademarks, and Patents

Registering your intellectual property with the appropriate offices helps protect your company against copycats, infringement, and more. Here’s an article we wrote about Intellectual Property for Startups.

4. Define your Trade Secrets

Your trade secrets are not registered with any governing body, but are kept secret. For example. Coca Cola’s and KFC’s recipe are trade secrets that should not be divulged by their employees.

Define what your business’ trade secrets are, and build in protections of your trade secrets to your employment agreements.

5. Transfer your Intellectual Property

If you’re planning to take venture funding, your investors will want the company to own the intellectual property – rather than you personally.

Make sure you transfer any registered intellectual property, and any future intellectual property that is being created by your team to the company.

6. Have Employment Packages with Invention Assignment Agreements and Confidentiality Agreements

Every employee, and independent contractor, you have should sign appropriate agreements assigning their inventions to your company, and promising confidentiality about what they work on with you.

That way, if things go sour, or if they have more nefarious plans – they don’t take your trade secrets and go to, or build a competing product based on proprietary knowledge.

7. Have an Up to Date Terms of Use and SaaS Agreement

Your Terms of Use and SaaS Agreement are essentially the software licensing agreement for your SaaS product.

These agreements should have clear information around:

• Licensing of your SaaS to the customer
• Restrictions of use of your application
• Limitations of liability
• Disclaimers of warranties
• Intellectual Property and Copyright rights
• What law governs the contract
• Notice of changes to terms
• Business contact information
• What happens if your customer violates terms
• How the customer can end the contract, and penalties around it

Having a strong Terms of Use is essential to protecting your SaaS from misuse and making sure you get paid. Here’s an article we wrote about 18 provisions your website terms should have.

8. Have an Up to Date Privacy Policy

Data Privacy is more important than ever – with states, countries, and regions having data privacy regulations that should be strictly followed. Have a strong Privacy Policy defining what you’re collecting, and how you’re using the data. Here’s an article we wrote about the anatomy of a privacy policy.

9. Have a Service Level Agreement

A Service Level Agreement (SLA) is the promise of service you’re making to your customers regarding the quality, availability, and responsibilities of your company.

Some of the information an SLA should include:

• The service you are providing
• Promised uptime
• Monitoring
• How to report issues or submit support questions
• Response and issue resolution time-frame
• What happens if you don’t meet your commitments

Have a Thorough Service Level Agreement. Here is an article we wrote about the anatomy of an SLA.

10. Take Data Privacy Compliance Seriously

As mentioned above, data privacy is more important than ever. Your SaaS product should be following industry best standards in protecting your customers data – including encryption, backups, logging, high availability, disaster recovery, etc. Build data privacy compliance into your product, and meeting the requirements set by upcoming regulations are going to be a breeze.

Here is an article we wrote about 3 things your startup needs to know about data privacy compliance.

11. Audit your Vendors for Data Privacy

You are responsible for your customers data. Chances are, you’re using vendors (like AWS, Twilio, Google Cloud, GSuite, etc.) to run your SaaS – which includes your vendors in your chain of liability.

This means that if they have a breach, you have a breach. Make sure you are auditing your vendors for data privacy practices and standards. Here is an article we wrote about data privacy security of your vendors.

12. Have Internal Policies and Procedures

Having appropriate internal policies and procedures are important to make sure your company runs smoothly. These policies include:

• Employment Policies – including following all the laws and regulations around employment law.
• Data Privacy and Information Security
• Telecommuting
• Disaster Recovery
• Business Continuity
• Information Technology

13. Have Someone Enforce your Policies and Procedures

Having an in-house Human Resources professional, or a Chief Security Officer in place to enforce your policies and procedures will protect unnecessary and unnoticed mistakes. This is an important hire, and it takes the responsibility of monitoring and enforcing away from you.

14. Practice Corporate Governance

Corporate Governance is making sure you following the rules set forth in your bylaws as you run your company. This includes hiring decisions, fundraising, and more. Here is an article we wrote about corporate governance for startups.

15. Update your Agreements and Policies Regularly

Having a counsel on board to update your agreements and policies regularly is key. This helps you keep up with new regulations, protect updates to your product, and generally legally stay on top of protections available to you.

16. Have Insurance

There are several different types of insurance policies available to your business. Business insurance, just like car, home, renters, life, etc. insurance can help protect you if the unexpected happens. Check out my post on business insurance here.

Let us Help.

This was by no means a comprehensive list on all the things you should do to protect your SaaS business – but it’s a place to start.

Kader Law can help you understand what you need to do, and guide you to appropriate channels through our Outside General Counsel offering. Contact us today if you’d like to learn more.

This post is not legal advice, and does not establish any attorney client privilege between Law Office of K.S. Kader, PLLC and you, the reader.