Tuesday, June 17, 2008

Best Practices for the Suspension or Termination of a SaaS Customer Account

No one wants to predict the failure of the relationship between a SaaS provider and customer. But much like a pre-nuptial agreement helps to quickly and fairly resolve the end of a marriage, a good up front contract helps ensure that both parties are fairly treated when a SaaS contract terminates. For this to work, the contract must have a well defined and fair set of terms for unwinding the relationship that works for both parties and minimizes business disruption. This blog entry proposes a set of rights for both customer and provider to use when establishing the contract terms.

This blog entry is a result of my analysis of a number of SaaS contracts. I covered the analysis in my previous blog entry. Note that I am not a lawyer, just an amateur contract sleuth so please engage a professional when working on your contracts.

SaaS Customer Bill of Rights

Other authors have created full blown Bill of Rights for SaaS customers. For example:

This blog entry is more focused. I am proposing rights that apply to both customer and provider when an account is on its way to being terminated.

Termination Rights for the Customer

I propose the following rights for customers whose account is being terminated:

  • Right to Business Continuity - customers rely on their SaaS products to conduct their business. Therefore, the provider must not have the ability to just terminate the customer's account without warning. A process must be in place to give ample warning before an account is terminated.
  • Right of Data Ownership - the customer must be able to extract their data upon termination, regardless of cause. The format of the extracted data should be as lossless as possible.
  • Right to Walk Away - the customer has the right to discontinue use of the service at the end of their contract. By exercising this right, they don't relinquish their other rights.

Termination Rights for the SaaS Provider

I propose the following rights for the provider that is terminating the account:

  • Right to be Paid - if you read about the SaaS business model, you will discover that cash flow is a major issue for the provider. Providers must carefully manage incoming cash and outgoing expenses. Anything that disrupts the predictability of the business will create major problems. Therefore, the SaaS provider has the right to expect timely payment, perhaps months in advance. If the customer fails to honor this right, the provider can quickly move the account into a suspended state.
  • Right to Protect the Service - if a customer account engages in malicious behavior or violates terms in the contract, the provider has the right to protect their service. In cases where the account is causing ongoing harm to the service (Denial of Service attacks), the provider must be able to immediately suspend the account. For less urgent issues, the provider should provide an appropriate warning before suspending the account.
  • Right to Fire a Customer -  businesses need to adapt to changing markets, and sometimes this means adapting or discontinuing products that aren't successful. For customers that no longer fit the profile of the business, the providers need to be able to discontinue their relationship with these customers. However, this process must honor the customer's right to business continuity.


Further Discussion

Hopefully each of these rights are obvious in their benefit. A couple demand more discussion.

Data Deletion - Where is the Mechanic's Lien?

Most Terms of Service assert that the customer owns their data. I am no lawyer, but ownership appears to be full legal ownership, like you would own a car or a house. See Netsuite's ToS as an example, but a clause like this is seen in almost every contract:

"Customer Data shall at all times be considered the property of the Customer."

However, some ToS documents allow the provider to destroy that data without providing the customer a copy in cases where the account is terminated for breach of the terms or failure to pay. This does not appear to be fair to the customer (as the SaaS provider is the prosecutor, judge and jury in this decision), and is inconsistent with physical property law in the U.S. (intl folks bear with me, I am focused solely on U.S. law here).

For example, if you don't pay a carpenter that performed work on your house, that carpenter does not have the right to burn your house to the ground. Instead, there is a process called the Mechanics Lien that requires the tradesman to pursue the money through a legal process, and he cannot harm the property in question. You could argue that data does not carry the same legal rights as physical property, but at least in some jurisdictions the law appears to treat data the same:

It seems that if a provider destroys their customer's data they open themselves to some legal liability. On the other hand, perhaps expressly reserving the right to destroy the data in the ToS alleviates the liability for the provider?  Is it worth the risk of finding out?

Regardless, destroying a customer's property is not a good business practice. Providers should treat the data like any of the customer's physical property. It should be returned undamaged because it legally belongs to the customer.

Business Continuity

Some Terms of Service allow for immediate termination of a customer's account with or without cause. In others, short periods of time like 30 days is all the notice necessary before the customer can be turned out. For mission critical applications, this is troublesome.

I feel there are a couple of key principles here to consider.

  • For no-cause terminations, the provider must provide as much advanced notice as it will take a typical customer to migrate to a new service. For services with high switching costs, this will be a period of many months.
  • For cases where the customer is in violation of the contract, the account should move into a suspended state before termination. This allows the customer to remedy the violation before the account is terminated. Suspensions are reversible, terminations are not.

These two principles are not widely implemented, but are critical in order to provide the customer with fair treatment.


Negotiate your Customer Contract

These listed rights are all well and good, but they won't likely appear in your contract by default. The contracts I have seen are largely skewed in the providers' favor because they were written by the providers. As a customer, I feel it is worth your time working towards more favorable terms. As shown in this blog entry, don't forget to negotiate the exit terms in the contract to ensure a viable migration when the time comes to end the project.


Technorati Tags: ,,,


Daintree Peters said...

Excellent post - the maturity of the model (on-demand) will be as much determined by the commercials / process as the technology.

Anonymous said...


I am very impressed with the amount of work and care you have put into your blogs. Really. You are also brave enough to venture into the legal side of computing. I am a lawyer and do consulting specifically about IT contracts. What you are getting at here is really an "artisan's" lien, not a mechanics lien which has to do with real estate. Just as under state law (haven't done a survey of exactly which ones) an auto mechanic can keep your car and sell it to satisfy the bill, potentially a SaaS or on demand provider can legally keep on to customer data. Also I am in the beginnings of researching the question of how possibly providers can acquire rights or even ownership of data, e.g., author of compilation in the form of a database.