Terms and Conditions for SaaS: What Australian Law Requires

Why SaaS Terms Are Stricter Than Most Web Services

SaaS products are subject to Australian Consumer Law (ACL) rules that many businesses don't fully understand. Unlike a static website or content service, SaaS platforms provide ongoing software access — subscriptions, automatic renewal, premium features, and API access. This creates unique legal obligations.

The ACL protects consumers from unfair contract terms. Even if you include something in your T&C, the ACCC can find it unenforceable if it:

• Unfairly favors the business: Terms that eliminate your liability while consumers bear all the risk
• Lacks transparency: Unclear, hidden, or overly technical language
• Contradicts core service: Charging a subscription but reserving the right to delete all data without warning
• Prevents dispute resolution: Forcing disputes to costly arbitration with no consumer recourse

Your SaaS T&C must be fair, transparent, and actually reflect how your service works. The ACCC actively pursues businesses with deceptive T&C, and penalties are harsh.

Automatic Renewal & Subscription Terms

If your SaaS product charges recurring fees (monthly, annual, pay-as-you-go), your T&C must comply with strict rules around automatic renewal. The ACCC has made this a enforcement priority.

Your T&C MUST include:

• Clear cancellation process: Users must be able to cancel with 1–2 clicks, not buried in account settings. Cancellation must be as easy as signup.
• Confirmation before charging: Send an email or SMS reminder 7–14 days before renewal. Users should approve the charge.
• Explicit opt-in: Automatic renewal must be an active choice, not pre-checked or assumed. Silence doesn't equal consent.
• Refund on cancellation: If cancelled mid-period, explain what happens to unused access (prorated refund, or forfeited?)
• Price changes notice: If you increase the subscription price, notify users at least 30 days in advance and let them cancel without penalty

Acceptable Use Policy & API Restrictions

Most SaaS products have rules about what users can do with your platform — to protect infrastructure, prevent abuse, and ensure quality. But these rules must be reasonable and transparent.

Your Acceptable Use Policy should cover:

• API rate limits: How many requests per minute/hour? What happens if exceeded? (Throttling, temporary block, or permanent termination?)
• Prohibited content: No malware, spam, illegal content, or harassment. Be specific about what counts.
• Resource abuse: Scraping, DDoS attempts, or resource hogging that affects other users
• Account sharing: Can one subscription account be used by multiple people? (Clarify: it usually can't)
• Termination clause: Under what conditions will you suspend or delete the account? What notice do you give?

The key is: be specific. "We reserve the right to terminate accounts for any reason" is unenforceable under Australian law. Courts will strike it out as unfair. Instead, list concrete examples: abuse, harassment, spam, illegal activity, payment failure.

Data Ownership & Deletion on Termination

One of the most contentious parts of SaaS T&C is what happens to customer data when the subscription ends or you terminate the account.

Your T&C must clearly state:

• Data export window: After account termination, how long can users download their data? (Industry standard: 30–90 days). After that, you can delete it.
• Automatic deletion timeline: "30 days after account deletion, all data is permanently removed from our servers and backups."
• User-generated content ownership: Who owns the documents, files, or content users created in your app? (Usually: the user owns it, you have a license to store and display it)
• Third-party liability: If user data is shared with integrations (Slack, Zapier, etc.), are you liable if those services leak it? (You're not — make this clear)

The worst approach is silence. If you don't specify, users assume their data is safe indefinitely, and if you delete it suddenly, you face complaints and potential legal action.

Limitation of Liability & Service Guarantees

Many SaaS products include broad liability disclaimers: "We're not responsible if the service is down, data is lost, or you lose business." These are often unenforceable in Australia.

What you CAN do:

• Limit liability to the amount paid in the last 12 months (e.g., "max liability is the subscription fee you paid")
• Exclude liability for indirect damages (lost profit, lost data, lost business) — this is usually accepted
• Require users to back up their own data and not rely solely on your service

What you CANNOT do:

• Disclaim liability for gross negligence or intentional misconduct
• Exclude liability for personal injury or death
• Make false claims about uptime or reliability (if you say "99.9% uptime" in marketing, your T&C can't say "no uptime guarantee")
• Limit liability for breaches of privacy law or failure to secure customer data

Be realistic. If your SaaS is mission-critical for customers (e.g., payroll, accounting), they'll push back on broad disclaimers. Consider offering a Service Level Agreement (SLA) with guaranteed uptime and compensation for outages.

Consumer Guarantee Protection — Non-Excludable

Under the ACL, consumer guarantees cannot be excluded or limited, no matter what your T&C says. These are automatic rights for consumers:

• Goods are fit for purpose: Your SaaS must do what it's marketed to do. If you promise "real-time analytics" but data is 24 hours delayed, it's a breach.
• Supply within reasonable time: Access must be granted immediately or as promised (not a 2-week wait to activate an account)
• Goods are of acceptable quality: The service must be reliable, secure, and not riddled with bugs that prevent basic use
• Consumer remedies: Breach? Users can demand refund, replacement (free trial period), or compensation. They don't have to accept a credit or discount.

Any T&C clause that tries to override these (e.g., "No refunds for any reason") is void and unenforceable.

Payment Disputes & Chargeback Protection

If you accept credit cards, you're at risk of chargebacks — users disputing charges with their bank. Your T&C should address this:

• Invoice and receipt: Send invoices for every charge, showing service period, amount, date
• Billing dispute process: Users must contact support before disputing with their bank. T&C can require this (though it won't prevent chargebacks, it shows good faith)
• Failed payment handling: If a card declines, notify the user. Retry after 3–5 days. Suspend after 2 failed attempts, but keep the account (don't delete data)
• Refund policy: You're not required to offer refunds, but if you do, state the timeframe (e.g., "14 days for a full refund, 30 days for a pro-rata refund if cancelled mid-month")

Required Disclosures for SaaS Platforms

Your T&C should include:

• Company details: Legal business name, ABN, business address, contact email
• Service description: What does your SaaS do? What features are included vs. premium?
• Pricing and billing: Subscription cost, billing cycle, how to update payment method, currency (AUD)
• Support and escalation: How users contact support, expected response time, dispute resolution process
• Compliance statement: "This service complies with the Australian Consumer Law (ACL) and Competition and Consumer Act 2010"
• ACL acknowledgment: Link to ACCC resources so users know their rights