How to Write a SaaS Terms of Service That Actually Protects You

Why Most SaaS ToS Are Useless

If you copied your Terms of Service from another website and changed the company name, you're not alone — and you're not protected.

A properly written ToS serves two purposes: sets clear expectations with customers, and limits your legal exposure when things go wrong. A copied ToS often does neither.

This is not legal advice. Consult a lawyer for binding documents. This is a guide to understanding what matters.

The Clauses That Actually Protect You

Limitation of Liability: The most important clause. Limits the amount a customer can sue you for.

Standard language: 'In no event shall [Company] be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenues.'

Without this: if your product has downtime and a customer claims ₹50 lakh in lost revenue, they can theoretically sue for that amount. With proper limitation: liability is typically capped at the amount the customer paid you in the last 3–12 months.

Service Level (or lack thereof): Don't promise specific uptime numbers unless you have the infrastructure to back them up. Many startups inadvertently create liability by including SLA tables copied from enterprise products. Use 'best-effort basis' language instead.

Acceptable Use Policy: Define what customers cannot do — send spam, reverse engineer the software, harass others, scrape data beyond normal use. This is your defense when a customer uses your platform for something harmful.

Data Ownership: Customer owns their data. You need a license to process it. This matters because enterprise customers will ask, and India's DPDP Act requires clarity on data processing.

Payment Terms: Be explicit about when billing occurs, what happens if payment fails, refund policy, and what 'cancellation' means.

Dispute Resolution: Indian jurisdiction, Indian law for Indian customers. Add a 30-day good-faith negotiation period before formal dispute — resolves most issues without legal fees.

Indian Law Considerations

IT Act 2000: Governs electronic contracts. Your ToS is legally valid if accepted electronically (checkbox or click-through).

Consumer Protection Act: For B2C products, the Act applies and limits what you can exclude. B2B has more flexibility.

DPDP Act: India's privacy law. If you collect personal data of Indian users, your privacy policy must describe what you collect and why.

Common Mistakes

Copying from a US company. References to California law or Delaware arbitration are irrelevant for Indian users.

No governing law clause. Jurisdiction becomes a battle if a dispute arises.

Not updating when product changes. Adding payment handling or health data features requires ToS updates.

Practical Approach

1. Use a credible template (Termly or lawyer-reviewed)
2. Have a local lawyer review before you have 100+ paying customers (₹5,000–15,000)
3. Ensure governing law matches your incorporation
4. Update annually or when you make significant product changes
5. Notify customers when you update it

The ToS won't prevent all disputes. A well-written one resolves most disputes before they become legal problems.