SaaS Contract Review Checklist
10 red flags every SA SaaS buyer should check before signing. Aligned with POPIA, ECTA and the CPA. Use it as a pre-signature checklist or hand it to your procurement team.
Written by
Martin Kotze
Attorney, Conveyancer & Notary Public
The SaaS Contract Review Checklist is a 10-item checklist for SA buyers signing SaaS agreements with vendors. Each check is paired with the underlying statute or commercial rationale, and the question to ask the vendor to confirm compliance. Covers: POPIA s 21 operator agreement embedding, quantified SLA targets, liability cap structure, data ownership allocation, termination + data return, unilateral amendment scrutiny, POPIA s 72 cross-border, governing law, sub-processor controls, and IP indemnification.
Email me the checklist
Enter your email and we’ll send the PDF straight to your inbox. Link valid for 7 days.
The ten checks
- 1Operator agreement embedded or referenced (POPIA s 21 mandatory)
- 2Service level agreement with quantified uptime + remedies (not "best efforts")
- 3Liability cap structure with explicit carve-outs (IP infringement, POPIA penalties, confidentiality)
- 4Data ownership clearly allocated — customer owns its data, vendor owns the platform
- 5Termination + data return obligations with defined wind-down period
- 6Unilateral amendment rights restricted or removed (CPA s 48 exposure)
- 7Cross-border transfer mechanism aligned with POPIA s 72
- 8Governing law + dispute resolution forum favourable to the SA buyer
- 9Sub-processor disclosure + customer consent rights
- 10Indemnity for third-party IP infringement (with reasonable cap or uncapped)
Why you can trust this: Martin Kotze has been an admitted Attorney of the High Court of South Africa, registered Conveyancer, and Notary Public since 2014, practising from Pretoria. The firm is regulated by the Legal Practice Council under firm registration F17333.
This guide is general information, not legal advice for your specific matter.