SaaS Contracts Explained: MSA, Order Form, SLA, DPA
A SaaS deal is usually four documents. Knowing which is which saves you from negotiating the wrong thing. MASTER SERVICE AGREEMENT (MSA) — The legal framework. Negotiate once, reuse across orders. Covers liability caps, IP ownership, confidentiality, indemnification, termination, governing law. This is where the real risk lives.
Order Form
Product, quantity, term, price, billing frequency. Per deal. Short and explicit. Don't let legal terms creep in — that's the MSA's job. SERVICE LEVEL AGREEMENT (SLA) — Uptime commitments (target 99.9%), measurement methodology, exclusions for planned maintenance, credits when missed. No credits = no teeth. DATA PROCESSING ADDENDUM (DPA) — Required when processing personal data of EU/UK residents under GDPR. Also useful for CCPA. Covers sub-processors, security measures, breach notification, audit rights.
Have a lease in front of you right now?
Upload it. Our AI flags every red flag mentioned in this guide — in under 10 seconds.
Decode My LeaseFrequently asked questions
Do I need a DPA as a small company?
If you have any EU/UK customers, yes. Most vendors provide one pre-signed.