ContractRisk.io
SaaS AgreementSample review

5.7

/ 10 risk

SaaS Master Subscription Agreement

Customer ↔ CloudWorks, Inc. · Governing law: United States

⚖️ Verdict: Proceed only with key changesLeans: Tilts toward the vendor (CloudWorks)

A standard cloud-subscription contract that leans vendor-side. A thin three-month liability cap and a one-way indemnity are the terms most worth pushing back on; the rest is broadly market-standard.

7

Clauses analyzed

2

High risk

3

Need review

2

Accepted

↓ Download PDF↓ Download WordAll samplesScan your own — free →

Where to focus

Your top negotiation priorities

The flagged clauses ranked by how much they matter. Tackle these first — tap any one to jump to the full breakdown and the suggested safer rewrite.

1

Limitation of Liability

LiabilityHIGH RISK

A three-month fee cap is unusually low — 12 months is the common market floor. Critically, the cap is not lifted for data breaches, confidentiality violations, or IP indemnity, which are typically carved out.

Jump →
2

Indemnification (One-Sided)

IndemnificationHIGH RISK

A one-way indemnity is a major imbalance. At minimum, the vendor should indemnify the Customer for IP infringement by the Services, and the Customer's indemnity should be narrowed to its own data and unlawful use.

Jump →
3

Auto-Renewal & Termination for Convenience

Term & TerminationNEEDS REVIEW

The renewal-notice window is long and the exit rights are asymmetric. Shorten the notice period and require a pro-rata refund if the vendor terminates for convenience.

Jump →

Shared contract report

Clause risk overview

Enterprise-grade contract risk intelligence.

Scan your own contract — free →

Overall risk

NEEDS REVIEWScore: 5.7/107 clauses
High: 2Medium: 3Accepted: 2

Benchmark delta

+0.7

Industry benchmark

5/10

Compound risks

0

Heatmap high

2

Risk heatmap

High
29%
Medium
43%
Accepted
29%

Limitation of Liability

LiabilityScore 9/10Priority 10/10
HIGH RISK
SeverityOverall 9/10
Financial
10.0
Legal
8.0
Ops
6.0
FinancialLegal
  • CloudWorks' total liability is capped at the fees paid in the prior three months, with all indirect damages excluded.
  • For most subscriptions this cap is a small fraction of the harm a breach or outage could cause.
Risk insight: A three-month fee cap is unusually low — 12 months is the common market floor. Critically, the cap is not lifted for data breaches, confidentiality violations, or IP indemnity, which are typically carved out.
Safer rewrite: Increase the cap to at least 12 months of fees, and carve out from the cap (i) breaches of confidentiality or data-protection obligations, (ii) indemnification obligations, and (iii) gross negligence or willful misconduct.
Law ref: UCC §2-719 (limitation of remedies)
Worst case: A security incident exposes Customer Data; recovery is limited to roughly one quarter of fees while actual breach-response and regulatory costs run far higher.

Indemnification (One-Sided)

IndemnificationScore 8/10Priority 10/10
HIGH RISK
SeverityOverall 8/10
Financial
8.0
Legal
9.0
Ops
5.0
LegalFinancial

The Customer must defend and indemnify CloudWorks broadly, including for use of the Services, while CloudWorks gives no indemnity in return — notably none for third-party IP infringement claims, which vendors normally provide.

Risk insight: A one-way indemnity is a major imbalance. At minimum, the vendor should indemnify the Customer for IP infringement by the Services, and the Customer's indemnity should be narrowed to its own data and unlawful use.
Safer rewrite: Make indemnities mutual. CloudWorks shall indemnify the Customer against third-party claims that the Services infringe intellectual-property rights. The Customer's indemnity shall be limited to claims arising from Customer Data or its unlawful use of the Services.
Law ref: Restatement (Second) of Contracts §§ 4, 90
Worst case: A third party claims the platform infringes its patent; the Customer is contractually exposed to defend the vendor rather than the other way around.

Auto-Renewal & Termination for Convenience

Term & TerminationScore 6/10Priority 8/10
NEEDS REVIEW
SeverityOverall 6/10
Financial
6.0
Legal
5.0
Ops
6.0
FinancialOperational

The contract auto-renews for 12 months unless the Customer gives 90 days' notice, while CloudWorks can terminate for convenience on 30 days' notice with no refund of prepaid fees.

Risk insight: The renewal-notice window is long and the exit rights are asymmetric. Shorten the notice period and require a pro-rata refund if the vendor terminates for convenience.
Safer rewrite: Reduce the non-renewal notice period to thirty (30) days. If CloudWorks terminates for convenience, it shall refund prepaid fees for the unused portion of the term on a pro-rata basis.
Worst case: The team misses the 90-day window and is locked into another full year, while the vendor retains the right to walk away on 30 days' notice.

Data Protection & Subprocessors

Data ProtectionScore 6/10Priority 8/10
NEEDS REVIEW
SeverityOverall 6/10
Financial
4.0
Legal
6.0
Ops
5.0
ComplianceLegal

Security is aligned to SOC 2 Type II, which is positive, but CloudWorks may add subprocessors without any advance notice and the Customer has no right to object.

Risk insight: Lack of subprocessor notification is a common compliance gap. Add a notice-and-objection right and a flow-down of data-protection obligations to subprocessors.
Safer rewrite: CloudWorks shall maintain a current list of subprocessors and provide at least thirty (30) days' notice before engaging a new subprocessor, during which the Customer may object on reasonable data-protection grounds. CloudWorks shall impose data-protection obligations on subprocessors no less protective than those herein.
Law ref: GDPR Art. 28(2) (subprocessor authorization)

Service Level Agreement

Service LevelsScore 3/10Priority 4/10
ACCEPTED
SeverityOverall 3/10
Financial
3.0
Legal
2.0
Ops
4.0
Operational
  • 99.9% monthly uptime commitment with service credits as the remedy.
  • This is a market-standard SLA structure for SaaS, though service credits cap the practical recovery for downtime.
Risk insight: Standard uptime commitment and remedy. Confirm the credit schedule is meaningful, but no substantive concern.

Payment Terms

PaymentScore 2/10Priority 3/10
ACCEPTED
SeverityOverall 2/10
Financial
3.0
Legal
1.0
Ops
2.0
Financial
  • Net-30 payment with suspension only after 15 days past due and notice.
  • This is a customary and reasonable payment and suspension structure.
Risk insight: Standard net-30 terms with a notice period before suspension. No changes recommended.

Warranty Disclaimer (AS IS)

WarrantyScore 5/10Priority 6/10
NEEDS REVIEW
SeverityOverall 5/10
Financial
4.0
Legal
6.0
Ops
4.0
Legal
  • The Services are provided "AS IS" with all implied warranties disclaimed.
  • For business-critical software, a minimal performance warranty (that the Services will materially conform to the Documentation) is reasonable to request.
Risk insight: A blanket AS-IS disclaimer is common but aggressive for paid SaaS. Ask for a limited warranty that the Services will perform materially in accordance with the Documentation, with re-performance or termination as the remedy.
Safer rewrite: CloudWorks warrants that the Services will perform materially in accordance with the Documentation during the Subscription Term. The Customer's remedy for breach shall be correction of the non-conformity or, failing that, termination and a pro-rata refund.
Law ref: UCC §2-316 (exclusion of implied warranties)

Want this for your own contracts?

Get the full clause-by-clause breakdown, suggested rewrites, law references, and a redlined Word doc — free to start.

Start free →