How closely do (or should) you read SaaS T&C


Badge

This story about an open-source audio editing app (that I use) came up and had me thinking about how often I DON’T read T&Cs (I know). How closely do (or should) you read them when you’re evaluating a new SaaS app?


11 replies

Userlevel 2
Badge +3

I read them fairly thoroughly. I’m constantly looking at legal terms alongside our legal team, and me knowing what I’m looking at or what to point out makes their jobs a heckovalot easier



Open Thread in Slack
Userlevel 3
Badge +3

You should make a guide or do a saasops show on some best practices when looking at saas T&C @jabes



Open Thread in Slack
Userlevel 3
Badge +3

You should make a guide or do a saasops show on some best practices when looking at saas T&C @jabes



Open Thread in Slack
Userlevel 2
Badge +3

My most exciting episode yet 😄



Open Thread in Slack
Userlevel 2
Badge +3

But yes, that’s a great idea!



Open Thread in Slack
Badge +2

With this news we'll certainly reconsider how we review an app before evaluating it. Certainly for products we by the legal team redlines the MSA and T&C's but we don't do that for 'free' software. I think that process needs to change.

Another change we'll do is use a security company to scan any application updates we deploy to ensure the update has not been a victim of a man in the middle attack. No one wants to be another victim of SolarWinds or Kaspersky.



Open Thread in Slack
Userlevel 1
Badge +1

That begs a wider question - Audacity telemetry wouldn't be picked up by an anti-malware scan, because it isn't malware, it just sends back crash reports - something most commercial software does. Doing an application security review that watches what files an app touches, network connections, and other behavior is part of our new-app-onboarding process and that's why.



Open Thread in Slack

I spend a ton of time reading legal t&c's. Granted, I'm a borderline recovering lawyer (long story) but it's very important. I very often redline a lot of things in partnership with our legal team, and sit in/adjacent to legal w/r/t reviewing contracts from other vendors or potential customers in our business. Not only does it give you an edge, but it's super important.



Open Thread in Slack

You'd be surprised how often companies will slip in things like use of your logo or assets, or will have clauses about how they can ingest your company data for other use etc. Which then becomes another problem for you when you're doing something like ISO or other compliance journeys because you have to flag them in a registry and identify where your data is going. Your data isn't just documents or email, it's into any service your people use. Really good to get into the habit of reading this, even better to work with your legal team on even a brief "contracts for normal humans" training (they'd usually be happy to do) and if you're in the 'head of' or above level of leadership, you'd be well served to work through some of the linkedin learning courses on contracts -- there's a great course from the 'running your own business' to 'supplier management' that is a great way to learn enough about this stuff without having a law background.



Open Thread in Slack
Badge +2

Funny you should mention 'use of your logos etc'. We are working on our renewal for a certain SMP and that was in their terms, naturally we got it adjusted :)



Open Thread in Slack
Userlevel 2
Badge +2

Yeah the logo / promotional use is a big pet peeve of mine. Like I’m totally down for it if we have success with the product. But maybe… ask first 😂



Open Thread in Slack

Reply