As a SaaS supplier, ensure that your contract gives you adequate rights and licenses to the data your customer provides you so that you can do all the things you need to do to provide the SaaS and other related services. If you collect usage data or will be aggregating your customer’s data into (hopefully, anonymous) data sets, make sure that you get the appropriate rights to do so as well.
What rights in your data does the SaaS supplier need and why?
Your SaaS supplier colllects data from you to process and provide you the results. Your supplier may also collect “meta” data or usage data and statistics, IP addresses and performance metrics. The data you provide the SaaS Supplier is owned by you, and the SaaS contract will likely say so explicitly.
Your SaaS contract will provide the Supplier with the necessary consents to collect data and the rights and licenses to use the data.
The assumption is that the licenses provided to the supplier limit its use to only providing the SaaS services. However, these rights are usually worded as a broad catch-all clause such as a “license to use the data in order to provide the services and to use as otherwise set out in the Agreement.” It’s important to review the contract to see in what other ways the supplier intends to use the data.
The Supplier could use your data for the following reasons:
- to provide the SaaS and other related services such as support
- use your usage data and other meta data to provide support and improve its services.
- aggregate your data to be used in various ways, such as benchmarking
Considering the type of data you provide the supplier, you may or not be comfortable with any use that is not related to directly providing the service. You should review the contract to make sure that you are not providing the supplier with more rights than you want to give it.
To learn more and join in the discussion, check out my LinkedIn post.