Blog

B2B SaaS legal, explained.

Frameworks and analysis for seed-to-Series A founders building enterprise-ready companies. Written by lawyers, for founders.

Series I

The B2B SaaS Legal Stack

Start series →

The four documents every B2B SaaS company needs, when you need them, and how to get them right — from a lawyer who has reviewed hundreds of customer agreement stacks.

01
The B2B SaaS Legal Stack: What You Actually Need (and What You Don't)
Your customer-facing contractual framework has four components. Here's what each one does, why it exists, and when it becomes necessary.
Jan 5, 2026
 02
Generic Terms, Real Consequences: Why Customization Isn't Optional for B2B SaaS
Untailored legal documents don't cause problems on day one. They cause problems at the worst possible time: during enterprise procurement, in litigation, or during M&A due diligence.
Jan 7, 2026
 03
When to Hire a Lawyer vs. When to Use a Tool for Your B2B SaaS Agreements
The right approach isn't choosing between lawyers and tools. It's using each where they're strongest. Here's the framework.
Jan 9, 2026
 04
Legal Documents as a Sales Asset: How to Use Your Terms to Close Deals Faster
Most founders think of legal documents as a cost center. That framing costs you deals. A well-structured legal stack accelerates enterprise sales cycles — here's how.
Jan 12, 2026
 05
No SOC 2, No Deal: Why Enterprise Sales Die Before They Start Without Certification
You've built enterprise pipeline. The champion loves the product. Then the security questionnaire lands. Here's why SOC 2 is non-negotiable and how to think about getting it right.
Jan 14, 2026
 06
Cyber Insurance and Tech E&O for B2B SaaS: What Founders Need to Know Before Their First Enterprise Deal
Most insurance content for SaaS founders comes from brokers. This comes from the other side — managing risk across a PE-backed software portfolio and seeing how policies perform when something goes wrong.
Jan 16, 2026
Series II

Terms of Service

Start series →

A section-by-section breakdown of what your Terms of Service should cover, how to think about each clause, and what enterprise procurement will push for in negotiations.

01
Anatomy of B2B SaaS Terms of Service: A Section-by-Section Guide
Your Terms of Service is the most important document in your customer contracting stack. Here's what every section does, why it matters, and how to think about the balance between protection and friction.
Jan 19, 2026
 02
Negotiating Limitation of Liability: What Enterprise Procurement Will Push For and How to Respond
Enterprise procurement teams have a playbook for the liability clause. They know which asks look reasonable on the surface but materially expand your exposure. Here's how to recognize and respond to each one.
Jan 21, 2026
 03
Billing Terms That Don't Create Disputes: Usage, Subscription, and Hybrid Models
Your billing terms govern how you charge, when you charge, and what happens when customers don't pay. The most important principle: your terms need to match how your business actually charges customers.
Jan 23, 2026
 04
The Termination Clause Nobody Reads Until It's Too Late
Termination provisions are the section nobody thinks about at signing and everybody fights about at exit. Here's what to get right before the relationship ends.
Jan 26, 2026
 05
Acceptable Use Policies: Drawing the Line Without Killing Your Product
An AUP defines what customers can and can't do with your service. Done well, it protects your platform without creating friction for legitimate use. Done poorly, it's either unenforceable or makes customers uncomfortable signing.
Jan 28, 2026
 06
IP Ownership in B2B SaaS: Navigating the Line Between Your Technology and Customer Deliverables
IP ownership is clean in a pure SaaS model. It breaks down the moment professional services enter the picture. Here's how to protect your core IP while giving customers what they reasonably expect to own.
Jan 30, 2026
 07
The Order Form: What Goes In, What Stays Out, and Which Document Controls
The order form is the document your customer actually reads and signs. Here's what belongs in it, what should stay in your standard terms, how to handle conflicts between documents, and the gaps that create disputes.
Feb 2, 2026
Series III

Privacy Policy

Start series →

What a B2B SaaS privacy policy actually needs to cover, how it differs from consumer privacy, and how it connects to your DPA and Terms of Service.

01
Privacy Policies for B2B SaaS: What's Different From Consumer Apps
Most privacy policy guides are written for consumer apps. If you follow them for a B2B SaaS product, you'll end up with a policy that doesn't match how your business actually handles data.
Feb 2, 2026
 02
US State Privacy Laws: What B2B SaaS Founders Actually Need to Know
There are 19 US state privacy laws on the books. For B2B SaaS founders, one fact simplifies the entire analysis — and points to a single compliance strategy.
Feb 4, 2026
 03
Subprocessors, Third-Party Services, and the Data Sharing Disclosure Nobody Gets Right
Your privacy policy probably says you don't sell data. But your product almost certainly shares data with third parties in ways your policy doesn't accurately describe.
Feb 6, 2026
 04
The CCPA Service Provider Framework: Why Your Default Classification Matters
Under the CCPA, if you haven't affirmatively qualified as a service provider through proper contractual language, California treats you as a third party by default — and that default has real consequences.
Feb 9, 2026
 05
Cookie Policies, Analytics, and Tracking: The B2B Edition
Cookie policy guides are written for consumer websites. B2B SaaS has a fundamentally different tracking profile — and your disclosures should reflect that, not a consumer template.
Feb 11, 2026
 06
GDPR as a B2B SaaS Company Without EU Operations: When It Applies and What to Do
If you're a US-based B2B SaaS company with no EU entity, you might assume GDPR doesn't apply. That assumption is wrong the moment you have a customer with EU-based end users.
Feb 13, 2026
Series IV

Data Processing Agreements

Start series →

What a DPA actually covers, how to structure one, and the specific clauses — security measures, subprocessor management, transfer mechanisms — that enterprise customers scrutinize.

01
What Is a DPA and Why Your Enterprise Customers Keep Asking for One
A Data Processing Addendum is the document founders understand least and enterprise customers ask for most. Here's what it is, why it exists, and why having one ready before anyone asks is one of the highest-leverage things you can do for your sales motion.
Feb 16, 2026
 02
DPA Anatomy: What Each Section Means and Why It Matters
A section-by-section walkthrough of what a DPA actually contains, what each provision does, and where the legitimate tensions between provider and customer sit.
Feb 18, 2026
 03
Security Measures in Your DPA: Don't Promise What You Can't Deliver
Security commitments in a DPA are legally binding. Here's how to document your actual security posture accurately — so your DPA reflects what you can deliver, not what a template assumed.
Feb 20, 2026
 04
Subprocessor Management for B2B SaaS: AI APIs, CCPA Service Providers, and the Operational Framework
Enterprise procurement teams now ask whether your subprocessor list is current, whether your AI providers commit to not training on your data, and whether your vendor agreements qualify as CCPA service providers — not just GDPR processors. Here's how to get ahead of all three.
Mar 13, 2026
 05
International Data Transfers: SCCs, DPF, and What US SaaS Companies Need Now
If you have EU or UK customers, personal data is crossing borders every time they use your product. Here's the current landscape — DPF certification, Standard Contractual Clauses, and why experienced procurement teams want both — and the practical steps to implement before your next enterprise deal.
Mar 13, 2026
Series V

Service Level Agreements

Start series →

How to write SLA uptime commitments you can actually keep, structure service credits correctly, and define exclusions that protect your business without undermining the agreement.

01
SLAs for SaaS: What to Promise, What to Avoid, and How to Measure
A Service Level Agreement converts your infrastructure reliability into a contractual commitment. Here's how to write one that reflects your actual architecture — not your aspirations.
Feb 27, 2026
 02
The Math Behind SLA Uptime: 99.9% vs. 99.99% and What It Actually Means
99.9% and 99.99% sound similar. The difference is 8.5 hours of downtime per year versus 52 minutes. Here's the arithmetic behind uptime commitments and what infrastructure each tier requires.
Mar 2, 2026
 03
Service Credits: The SLA Remedy That Doesn't Break Your Business
When you miss your SLA, something has to happen. The industry standard is service credits — not refunds, not termination rights. Here's how to build a credit schedule that's defensible without being punitive.
Mar 4, 2026
 04
SLA Exclusions: What Shouldn't Count Against Your Uptime
Not all downtime is your fault. Without well-drafted exclusions, customer misconfigurations, third-party outages, and scheduled maintenance all count against your uptime commitment — and potentially trigger credits you don't owe.
Mar 6, 2026
 05
Support Response Times: The Other SLA Your Enterprise Customers Want
Uptime commitments get the attention, but enterprise buyers care just as much about what happens when something goes wrong. Here's how to structure support response time commitments you can actually keep.
Mar 9, 2026
AI Series

AI-Enabled SaaS: Legal Foundations

View series →

The legal framework for B2B SaaS companies adding AI features — data training provisions, output ownership, LLM provider agreements, regulatory disclosure, pricing, insurance, and what recent litigation means for your contracts.

01
AI Addendum or Full Redraft? A Decision Framework for B2B SaaS Companies Adding AI
Your product shipped an AI feature. Your legal stack hasn't moved. Here's how to map your AI data flows, decide whether an addendum is enough or you need a full redraft, and handle the existing customers already on contracts that say nothing about AI.
Feb 28, 2026
 02
Customer Data and AI Training: The Clause That Will Make or Break Enterprise Deals
Does your AI train on my data? Enterprise procurement asks this before anything else. Here's how to choose your position on the training spectrum, update your legal stack to match, and handle the existing customers who signed contracts before this question existed.
Mar 2, 2026
 03
AI Outputs: IP Ownership, Accuracy Warranties, and the Marketing Claims Problem
Who owns what your AI generates? Who's liable when it's wrong? And what happens when your marketing says 'insights you can trust' and your terms say 'as-is, may be inaccurate'? Here's how to structure output ownership, accuracy disclaimers, and IP indemnification for AI-enabled SaaS.
Mar 4, 2026
 04
Contracting With Your LLM Provider: What Most Companies Miss in the API Agreement
You clicked 'I agree' on API terms. Those terms now sit underneath every promise you make to customers. Here's what your LLM provider agreement actually says about data retention, training opt-outs, uptime, IP indemnification, and model deprecation — and what to do about the gaps.
Mar 6, 2026
 05
AI Subprocessors, the EU AI Act, and the Regulatory Disclosure Gap
When you integrated an LLM API, you added a subprocessor. If you haven't updated your subprocessor list and notified customers, you're in breach of your own DPA. Here's how to fix the disclosure gap and what the EU AI Act and US state AI laws require from B2B SaaS companies right now.
Mar 8, 2026
 06
AI-Specific Acceptable Use: Drawing the Line on What Users Can Do With Your AI Features
Your standard AUP was written for deterministic software. It doesn't cover prompt injection, regulated data inputs, automated consequential decisions, or competitive model training. Here are the six AI-specific restrictions your AUP needs and how to structure user vs. provider responsibility.
Mar 10, 2026
 07
Pricing AI Features: Billing Terms When Your Costs Are Per-Token
AI features break the flat-subscription model. Your LLM costs are variable, per-token, and can change when your provider reprices. Here's how to structure billing terms for the five main AI pricing models — and how to handle upstream cost pass-through without creating enterprise contract friction.
Mar 11, 2026
 08
AI and Insurance: What Changes in Your Cyber and Tech E&O Coverage
Your policy was priced for deterministic software. Then you added AI. Here's how AI features change your risk profile, what underwriters are asking, where the common coverage gaps are, and how your contractual commitments interact with your insurance in ways most companies don't notice until they're filing a claim.
Mar 12, 2026
 09
AI in the Courtroom: What Recent Litigation Means for B2B SaaS Providers
Six cases, six principles, six specific provisions in your legal stack that need to change. Mobley v. Workday, Taylor v. ConverseNow, Saucedo v. Sharp HealthCare, NYT v. OpenAI, FTC v. Air AI, and California AB 316 — what each one means if you're a B2B SaaS company shipping AI features.
Mar 13, 2026
AI Privacy

AI Privacy Litigation

View series →

Active lawsuits and enforcement actions against B2B SaaS vendors that built AI features. Each post takes one case, extracts the principle, and maps it to the specific provision in your contracts that needs to change.

01
The Capability Test: How Courts Decide Whether Your SaaS Product Is a Wiretap
Two federal courts have allowed wiretapping claims against AI-powered SaaS vendors to proceed. Both adopted the capability test: if your infrastructure gives you the ability to use customer data for your own purposes, you may be a third-party interceptor, regardless of whether you exercise that ability.
Mar 10, 2026
 02
AI Scribes, Fabricated Consent, and Regulated Data: What the Sharp HealthCare Case Means for SaaS Vendors
A patient's medical visit was recorded by an AI scribe without consent. His chart said he was advised and consented. He says that never happened. The AI appears to have generated the consent documentation itself. When regulated data enters the picture, the wiretapping pattern compounds with sector-specific privacy statutes and a record integrity problem no contract disclaimer can fix.
Mar 12, 2026
 03
The Verily HIPAA Whistleblower Case: What Happens When a SaaS Vendor Breaches Its BAA
A health-tech SaaS vendor allegedly used patient data from 25,000 people for marketing and research without authorization, delayed breach notifications while negotiating contract renewals, and fired the executives who raised concerns. The case is a wrongful termination suit, not a HIPAA enforcement action. But the underlying facts are a roadmap for how BAA obligations can unravel a SaaS vendor's customer relationships.
Mar 14, 2026
 04
Algorithmic Discrimination and the SaaS Vendor: Mobley v. Workday at Class Certification
A nationwide class action against Workday alleges its AI hiring tools had a disparate impact on applicants over 40. Workday argued it merely provides the platform. The court disagreed. If your product scores, ranks, or filters people in ways that touch a protected class, this case applies to you.
Mar 16, 2026
 05
FTC AI-Washing Enforcement: What SaaS Founders Get Wrong About Marketing AI Features
The FTC has brought over a dozen enforcement actions against companies that overstate what their AI does. If your marketing says 'AI-powered insights you can trust' and your terms say 'as-is, may be inaccurate,' you have a contradiction that creates exposure on two fronts. Here's how the enforcement pattern works, why it survived a change in administration, and what it means for your contracts.
Mar 16, 2026
 06
Amazon v. Perplexity: When the Platform Sues Your AI Agent
Your user gave your AI agent permission to act on their behalf. The platform where your agent operates did not. A federal court ruled that user permission is not platform authorization and issued a preliminary injunction barring Perplexity's AI shopping agent from accessing Amazon's website. This is a platform owner using computer fraud statutes to shut down an AI product.
Mar 16, 2026
 07
Clearview AI and BIPA: Why Biometric Data Is the Highest-Risk Category for SaaS Vendors
Clearview AI's facial recognition class action settled for $51.75 million — paid partly in equity because the company couldn't afford cash. The statute behind it, Illinois BIPA, applies to any company that collects biometric identifiers, including the SaaS startup whose product processes a single fingerprint scan or voiceprint. Here's what the exposure looks like and what your contracts need to say.
Mar 16, 2026
 08
Does Your AI Know Who's Talking? The Microsoft Teams Voiceprint Case and What It Means for Every SaaS Product with Speaker Attribution
Five Illinois residents sued Microsoft alleging that Teams' live transcription feature collects voiceprints without the notice, consent, or retention policies BIPA requires. If your SaaS product identifies, attributes, or stores who said what in a meeting or call, this case applies to you.
Mar 18, 2026