I have picked out just the highlights to present here. The full analysis is available for download at the end of this post, but I warn you, it is quite boring.
Notice: I am an employee of Oracle, but this blog does not represent the views of my employer.
The following are the bright spots in the collection of ToS:
- Netsuite: there are reports that this company has onerous licensing practices, but I see no evidence that. Of the 8 contracts I reviewed, Netsuite's is by far the best written and the most consumer friendly. They have the best data retention policies and termination procedures.
- Boomi, Netsuite, Taleo: offer warranties for the various aspects of their systems, and not just "as-is". (see Boomi item 6.1, Netsuite section 3, Taleo item 11)
- All but Concur: all of these services affirm that you own the data that you upload. This is key. However, there are a couple of vendors that reserve too many rights to use your data, see below.
- Boomi, Coghead, Netsuite, Salesforce, Taleo: these companies indemnify the customer in cases where the application is found to infringe on a 3rd party's IP, and the customer is sued. Taleo is the only vendor of the 8 that does not demand to be indemnified in return from someone suing them for your use of the system.
The following are terms that you should be wary of when entering into a service contract. Try to negotiate better terms:
- Box.net, Coghead, Concur, Salesforce, Taleo, Zoho: these companies have contracts that can change at any time without any notice. In a way, this could be the ugliest line item of them all because the company could write in whatever nasty thing they want. But I will leave it at "bad" until one of the companies does something evil with it. (see Box.net item A, Coghead item 6.2, Concur item 8, SFDC item 21, Zoho item Mod ToS)
- Salesforce, Taleo: have a line item that allows the company to advertise your name as a customer, merely by signing up for a paid account. Customer references should be earned, not mandated. (SFDC item 1, Taleo 7.1)
- Salesforce: prohibits direct competitors from using the Service. But at the rate SFDC is expanding offerings, will you become a competitor tomorrow? For example, anyone that offers software development tools became a competitor when they launched force.com. (see SFDC item 2)
The following is the list of contract terms that are unacceptable. I would not recommend using the following services unless you negotiate better contract terms. [Update:to be clear, I don't think these companies are out to do evil, I am merely sounding the alarm to their contract terms]
- Box.net: [Update: Box.net has fixed this issue in their contract, by narrowing dramatically the scope of their rights to your content] by uploading content that you own to this service you are giving Box.net an irrevocable license to use, copy, create derivative works of, sublicense, etc etc of your content. Think about that. The only redeeming argument is that this contract is for personal, not business use. But they put this item in there for a reason - why? Imagine uploading your personal pictures and then seeing one in the next promotional campaign for Taco Bell. This could happen because Box.net has the right to sublicense as they wish. (see section D)
- Coghead: if Coghead terminates your account, you have just 2 days to send written notice to request your data. Otherwise they can permanently delete all of your data. What's the rush? (item 7.3)
- Concur: (caveat: this is the Trial license, which can only be assumed to match closely the production license) has the most worrisome contract as it relates to your data. It is the only one that has no explicit line to indicate that you still own your data (filed business expenses, in this case). But it does have a line saying that Concur has an irrevocable right to use that data - this includes your personal data and financial info! Why is this in the contract? This seems quite broad for data that is of utmost sensitivity. (see item 5)
Links to the Terms of Service
The following is a list of links for you to inspect the contracts for yourself:
Concur (Trial license): http://www.concur.com/register/Concur-Expense-Trial.php
The following link provides you with the spreadsheet I built while analyzing the licenses. The spreadsheet contains the list of common license clauses with pointers into the documents on where to find those clauses.
What it shows most of all is the lack of commonality across all of the licenses. Each document has a lot of variance.
Account Suspension/Termination and the Deletion of Data
I found that the process by which accounts are suspended (reversible) or terminated (irreversible) wildly inconsistent and mostly incorrect in my opinion. Because termination is also coupled with data deletion, this process needs to be well understood and incredibly fair to the consumer. My next blog entry will focus on this part of the contract, and establishing a reference workflow.