Anatomy of a SaaS MSA for an AI Startup

What the customer can do with the service.

Non-exclusive, non-transferable license to use the service for the customer's internal business purposes for the term of the order form.

License limited to a specific business unit or use case in a way that blocks future expansion. Or affiliate-use carve-outs that exclude subsidiaries.

Defines what counts as the customer's data versus the vendor's.

Customer data includes all inputs, prompts, outputs, and configuration. Vendor data is limited to anonymized telemetry and aggregated usage metrics.

Vendor templates that classify prompts or outputs as 'service data' rather than 'customer data' — this matters because the vendor's training rights often run only against 'service data.'

Allocates IP in content generated by the AI system.

Customer owns outputs to the maximum extent permitted by law; vendor disclaims any claim to outputs. Vendor retains rights in the underlying model only.

Silence on outputs (defaults to unresolved copyright law) or shared-ownership language that gives the vendor commercial reuse rights.

Whether vendor can use customer data to train its models.

No training on customer data, prompts, or outputs without explicit opt-in. Tenant isolation guaranteed. Anonymized telemetry permitted.

Default training rights, 'service improvement' language that quietly includes model training, or no commitment on cross-customer data isolation.

Vendor protects customer from third-party IP claims based on the service.

Vendor indemnifies for IP infringement claims arising from the service, including model outputs when used within the documentation. Defense and settlement at vendor's cost.

IP indemnity that excludes model outputs, or carves out 'AI-generated content' entirely — leaves the customer holding the bag on the most novel risk.

Allocates risk of inaccurate or harmful model output.

Customer responsible for verifying output before use. Vendor responsible for material defects in the service relative to documentation. No indemnity for output accuracy per se.

Vendor indemnity that promises 'accurate' output — overstates what is technically achievable and creates trap-door liability. Customer indemnity for any output it uses is overreach.

What the customer can and can't use the service for.

Prohibited uses limited to a defined list — illegal content, weapons, election manipulation, child safety. No catch-all 'as the vendor determines.'

Open-ended prohibited-use clauses that let the vendor terminate at discretion, or use-restrictions that block the customer's actual business case.

Foundation model providers and other vendors in the stack.

Vendor names its sub-processors (OpenAI, Anthropic, AWS, etc.), notifies on change, and flows down equivalent obligations.

No sub-processor list, or sub-processor terms that conflict with the MSA (e.g., the foundation model provider's policy actually permits training when the vendor MSA says no).

GDPR, CCPA, and similar privacy obligations.

Standard contractual clauses for international transfers, defined roles (controller vs. processor), breach notice within 72 hours, sub-processor list.

Missing DPA entirely, or a DPA attached only on request — a serious gap for any enterprise sale into a regulated industry.

Caps damages for both sides.

12 months' fees cap with carve-outs for IP infringement, confidentiality breach, indemnification, and gross negligence/willful misconduct.

Cap at 3 months' fees, or cap with no IP carve-out (collapses the value of the IP indemnity).

How long, how it renews, how to leave.

Initial term per order form. Auto-renewal with 30–60 day non-renewal notice. Termination for cause with 30-day cure. Termination for convenience by customer in regulated industries.

Auto-renewal with no notice required, multi-year terms with no out, or termination-for-cause defined narrowly enough to be unusable.

What happens to customer data at termination.

Customer data exportable in a standard format for 30 days post-termination, then deleted within 60 days. Backup retention defined.

No defined deletion window, or 'commercially reasonable efforts' language that creates indefinite retention.