If your business builds Software as a Service (SaaS) products, there are quite a few measures that you should be taking to legally protect it. This post will give you a high level overview of how to protect your SaaS business.
1. Have Agreements for Incorporation and Equity
You should ensure that you have all the requisite documents about your incorporation and equity structure in place. This includes:
- Articles of Incorporation, that you filed with the state you are registered in.
- Corporate Bylaws
- Stock Plan and Ledger
- Stock Purchase Agreements with each founder and employee receiving stock.
- Shareholder Agreement – determining the rights of shareholders and defining when those rights can be exercised.
- Cap Table (more below)
- Board Resolutions (more below)
2. Have an Up to Date Cap Table
A Cap Table is a table providing an analysis of a company’s percentages of ownership, equity dilution, and value of equity in each round of investment by founders, investors, and other owners. You should have this in place, even if just you and your co-founders are the only ones who own stock. You’ve got options for Cap Tables:
- Download a free spreadsheet from many sources online. Here’s one from Cooley.
- Use software (recommended) like Carta, Captable.io, or CapShare.
3. Register your Copyrights, Trademarks, and Patents
Registering your intellectual property with the appropriate offices helps protect your company against copycats, infringement, and more. Here’s an article we wrote about Intellectual Property for Startups.
4. Define your Trade Secrets
Your trade secrets are not registered with any governing body, but are kept secret. For example. Coca Cola’s and KFC’s recipe are trade secrets that should not be divulged by their employees.
Define what your business’ trade secrets are, and build in protections of your trade secrets to your employment agreements.
5. Transfer your Intellectual Property
If you’re planning to take venture funding, your investors will want the company to own the intellectual property – rather than you personally.
Make sure you transfer any registered intellectual property, and any future intellectual property that is being created by your team to the company.
6. Have Employment Packages with Invention Assignment Agreements and Confidentiality Agreements
Every employee, and independent contractor, you have should sign appropriate agreements assigning their inventions to your company, and promising confidentiality about what they work on with you.
That way, if things go sour, or if they have more nefarious plans – they don’t take your trade secrets and go to, or build a competing product based on proprietary knowledge.
These agreements should have clear information around:
- Licensing of your SaaS to the customer
- Restrictions of use of your application
- Limitations of liability
- Disclaimers of warranties
- Intellectual Property and Copyright rights
- What law governs the contract
- Notice of changes to terms
- Business contact information
- What happens if your customer violates terms
- How the customer can end the contract, and penalties around it
9. Have a Service Level Agreement
A Service Level Agreement (SLA) is the promise of service you’re making to your customers regarding the quality, availability, and responsibilities of your company.
Some of the information an SLA should include:
- The service you are providing
- Promised uptime
- How to report issues or submit support questions
- Response and issue resolution time-frame
- What happens if you don’t meet your commitments
Have a Thorough Service Level Agreement. Here is an article we wrote about the anatomy of an SLA.
10. Take Data Privacy Compliance Seriously
As mentioned above, data privacy is more important than ever. Your SaaS product should be following industry best standards in protecting your customers data – including encryption, backups, logging, high availability, disaster recovery, etc. Build data privacy compliance into your product, and meeting the requirements set by upcoming regulations are going to be a breeze.
Here is an article we wrote about 3 things your startup needs to know about data privacy compliance.
11. Audit your Vendors for Data Privacy
You are responsible for your customers data. Chances are, you’re using vendors (like AWS, Twilio, Google Cloud, GSuite, etc.) to run your SaaS – which includes your vendors in your chain of liability.
This means that if they have a breach, you have a breach. Make sure you are auditing your vendors for data privacy practices and standards. Here is an article we wrote about data privacy security of your vendors.
12. Have Internal Policies and Procedures
Having appropriate internal policies and procedures are important to make sure your company runs smoothly. These policies include:
- Employment Policies – including following all the laws and regulations around employment law.
- Data Privacy and Information Security
- Disaster Recovery
- Business Continuity
- Information Technology
13. Have Someone Enforce your Policies and Procedures
Having an in-house Human Resources professional, or a Chief Security Officer in place to enforce your policies and procedures will protect unnecessary and unnoticed mistakes. This is an important hire, and it takes the responsibility of monitoring and enforcing away from you.
14. Practice Corporate Governance
Corporate Governance is making sure you following the rules set forth in your bylaws as you run your company. This includes hiring decisions, fundraising, and more. Here is an article we wrote about corporate governance for startups.
15. Update your Agreements and Policies Regularly
Having a counsel on board to update your agreements and policies regularly is key. This helps you keep up with new regulations, protect updates to your product, and generally legally stay on top of protections available to you.
16. Have Insurance
There are several different types of insurance policies available to your business. Business insurance, just like car, home, renters, life, etc. insurance can help protect you if the unexpected happens. Check out my post on business insurance here.
Let us Help.
This was by no means a comprehensive list on all the things you should do to protect your SaaS business – but it’s a place to start.
Kader Law can help you understand what you need to do, and guide you to appropriate channels through our Outside General Counsel offering. Contact us today if you’d like to learn more.
This post is not legal advice, and does not establish any attorney client privilege between Law Office of K.S. Kader, PLLC and you, the reader.