SaaS Legal Requirements

SaaS is no doubt becoming a popular way to create and manage business software.

The ease of use and availability of these platforms creates a market where many apps grow exponentially.

As this occurs, it's likely that your SaaS app will handle privacy and data differently and your users need to be informed of these changes that may impact their rights.

That is where you need to consider changing your agreements to match your app's new functions and functionality.

The onset of SaaS growth

SaaS stands for "software as a service." It offers a way to provide applications over the Internet without users needing to install and maintain software on their devices. Instead, they access it online knowing it's always current, up to date.

Companies and individual users invest in SaaS for several reasons, but mainly for the following advantages:

  • Lower initial costs: Users can pay for what they need rather than worry about services that are not necessary.
  • Less maintenance: Information technology resources are not needed for updates and installations. Since the Internet platform will update itself when new developments arise, users can rest assured they are always using the latest version of the software.
  • Predictable costs: Users pay a monthly or annual fee to access the needed features and do not have to budget for unexpected costs.
  • Access from anywhere: Users can access the software from any computer or mobile device no matter where they are working.

Microsoft Logo

Microsoft Office is an example of a well-known stand-alone software product that now offers a SaaS version. Known as "Office 365", users can enjoy the usual tools, like Word, Excel, and PowerPoint, but also take advantage of tools like OneDrive, an online cloud drive for storing information and data.

Office 365 adds new features fairly frequently and also presents a seemingly never-ending supply of new templates for documents, spreadsheets, websites, and presentations. Also, it offers additional features for managing emails, calendars, and online meetings.

Office 365 advertising its plans and pricing

Another popular SaaS example includes Slack, a recent business communication tool. Starting out as an instant message app, Slack now features hashtags for categorizing conversations, search functions, and the ability to drag, drop, and share files.

Slack Logo

As a developer, the big advantage with SaaS software is that you can constantly change your product.

You can add features in direct response to user feedback and you can change an app around without requiring users to buy a new product entirely.

Slack seeks to be your primary business communication platform

However, constantly changing a SaaS product produces a new challenge.

Your users access your app after accepting your Terms and Conditions (T&C) and Privacy Policy.

Depending on the nature of the changes, you likely have to change these legal pages. This is both:

  • To assure your legal protection
  • To assure your users' understanding of how your app handles their personal information

Updating legal agreements as your app expands

Every time you add a feature or make major features, you'll need to reconsider your policies and legal agreements, including any of the following that you may already have:

  • Terms and Conditions or Terms of Use or Terms of Service
  • Privacy Policy
  • Acceptable Use Policy
  • And so on

While there are cases where a new major change to your app will not require changing your policies, you should never make that assumption without fully considering the impacts of your changes.

When to update the agreements

Generally, if the feature affects how data or privacy of users is handled, you'll need to make adjustments to your Terms & Conditions and Privacy Policy agreements.

Don't forgot to provide notice to users about the changes.

For example, when Slack added "Compliance Exports" to its app, it made a private group and direct messages searchable by individual users.

The new feature also allowed searches of edited and deleted messages. This was not only changed in the Privacy Policy of Slack but was explained at great length on Slack's Medium page.

This is obviously a major change in user expectations for Slack. However, the page also makes it clear that "Compliance Exports" is not a default setting and those using it need administrator permission first before getting access to these conversations.

Reassurance from Slack

Generally, if you are changing the rules or adding features that affect access to information, you likely need to reassess your policies.

However, if the changes merely fix bugs or change the app layout without any effects on data or privacy, you don't need to change your policies. You'll likely give a friendly heads-up if there's any down time or if the dashboard changes significantly, but there's no effect on the exchange of information or how your app keeps it secure.

Informing users of updates

Even when you make updates that enhance the positive experience of your app, you'll want to inform users.


Announcing the new changes of the app is also a good time to inform users. Email is a good way to do this because you can add graphics and explain the exciting news.

Dropbox used email when it changed its Terms of Service to a wider global audience. It also explained its new services which went beyond the usual Dropbox: Dropbox for Business, Carousel, and Mailbox.

The email alerted users to read Dropbox's updated Terms of Service agreement while also indicating that there were new features that users could find useful.

Dropbox and its email announcement

Emails should also contain links. If you have a blog that explains changes to policies in more detail, link to that. Also, any FAQs or in the example of Dropbox, the Help Center, should also have links.

The nice thing about email is that it gives a user a reference to return to if they have questions. Providing these links means users find answers to their questions quicker.


Email is not always a foolproof way to spread information. Many people skip email announcements as spam. Your news about features and company group could go completely ignored.

Dropbox addressed this possibility. In addition to sending out an email, it also placed an announcement on its website's legal page.

Anyone who clicked on its "Terms of Service" page could also see the same information indicated in the email but this time, in a format likely to attract attention.

Dropbox announcement on Terms of Service

Placing announcements at sign-in could be more effective than making users have to visit a "Terms of Service" tab.

Microsoft took this approach when it make its own changes to its legal agreements.

Microsoft: We're updating the terms of your account

You likely don't want to choose between website announcements and email. Your best course of action is to use both in order to attract the attention of most users.

Some respond best to announcements highlighted in yellow on a website while others will read your email carefully. By using both of these methods, you're likely to secure the understanding of more users.

Other type of announcement be seen in this example from Stack Overflow:

How StackOverflow announces updates to Terms of Service

After clicking the "Updated Terms of Service" link, the user can read more about the announcement from the StackOverflow team:

StackOverflow: Announcement on the Terms of Service update

Blogs and media pages

Some companies enjoy being completely transparent when it comes to changes in their policies and new features.

Slack not only addresses changes through announcements and emails but also through its Medium page.

If your app is a quickly developing and constantly changing popular one like Slack, you should have a blog or other type of media page. Many companies like Medium for its wide readership and accessibility.

When Slack made its changes, it explained them in an easy-to-read format. Few people are willing to read a Terms and Conditions or Privacy Policy in full, however, most will read a summary of the changes.

The Slack article takes a personal approach by telling the users what matters to them. It's also transparent by providing links and presenting itself as an approachable provider willing to cater to the desires of the users.

Slack Policy Update: What it means to you

When should your company take the Slack approach? If you find that your app has a loyal and engaged following, start providing them with more information.

Watch your blog traffic and see if people visit it. Start providing information relevant to them, including new features and agreement changes. If you would rather take advantage of the ready-made readership of Medium, know that an account is easy to start.

Acceptance of new terms

The issues of data handling and privacy are important and if you introduce new terms, you likely want to assure they are accepted.

In addition to announcing these terms through any method, you believe is acceptable, you may also want to give users an option to accept or decline them. This is often done when the user starts up the app or opens the login page.

In the case of Airbnb iOS app, the changes were considered significant enough that users had to accept them before moving on to using the app again. Airbnb implemented what is called clickwrap agreement for its app.

Airbnb: Accept first then reserve

You likely want to reserve this effort for the most significant changes. For example, if your app expands the types of users who can access the private information of others, you want to make that obvious at start-up.

However, make sure you leave links to the new policies if there's not room to do a scrolling version. You want to make these policies accessible in case users want to view them or you risk having them rendered unenforceable.

Keeping your legal agreements updated is not only essential from a legal liability standpoint but also from a standpoint of maintaining your business reputation and bottom line. While your Terms and Conditions and Privacy Policy agreements are there to protect your interests, these agreements also allow users to know what to expect when using your app.