SaaS Agreement (Canada)
This Software as a Service Agreement (the "Agreement") is made and entered into as of [Effective Date] (the "Effective Date"), by and between the Provider and the Customer identified below. This Agreement governs the Customer’s access to and use of the Provider’s cloud-based software service and all related documentation, support, and data processing.
1. PARTIES.
[Provider Name], with a mailing address at [Provider Address], [Provider City], [Provider Province] [Provider Postal Code], Canada (hereinafter referred to as the "Provider");
AND
[Customer Name], with a mailing address at [Customer Address], [Customer City], [Customer Province] [Customer Postal Code], Canada (hereinafter referred to as the "Customer").
The Provider and Customer may be referred to individually as a "Party" and collectively as the "Parties."
2. DEFINITIONS.
"Service" means the cloud-based software application known as [Service Name], described as [Service Description], accessible at [Service URL], including all updates, upgrades, and modifications made available by the Provider during the Subscription Term.
"Customer Data" means all data, information, content, and materials submitted, uploaded, stored, or processed by the Customer or its Authorized Users through the Service, including personal information as defined under the Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 ("PIPEDA").
"Authorized Users" means the Customer’s employees, contractors, and agents who are authorized by the Customer to access and use the Service under the Customer’s account, up to the maximum number of authorized users specified in this Agreement.
"Confidential Information" means any information disclosed by either Party to the other that is designated as confidential, or that a reasonable person would understand to be confidential, including trade secrets, business plans, customer lists, technical specifications, pricing, and Customer Data.
3. SERVICE GRANT AND RESTRICTIONS.
Subject to the terms and conditions of this Agreement and payment of all applicable fees, the Provider hereby grants to the Customer a non-exclusive, non-transferable, non-sublicensable, limited right to access and use the Service during the Subscription Term for the Customer’s internal business purposes. The Customer may create up to [Number of Users] Authorized User accounts. Additional users may be added at a rate of $[Additional User Fee] CAD per user per month.
The Customer shall not and shall ensure that its Authorized Users do not: (a) modify, copy, duplicate, reproduce, reverse-engineer, decompile, or disassemble the Service or any component thereof; (b) sublicence, sell, lease, rent, loan, distribute, or otherwise transfer access to the Service to any third party; (c) use the Service to develop a competing product or service; (d) interfere with or disrupt the integrity or performance of the Service or any related infrastructure; (e) attempt to gain unauthorized access to the Service, other user accounts, or the Provider’s systems; (f) use the Service in violation of any applicable federal, provincial, or municipal law, including PIPEDA and Canada’s Anti-Spam Legislation, S.C. 2010, c. 23 ("CASL"); or (g) upload or transmit any malicious code, virus, or harmful content through the Service.
4. SUBSCRIPTION TERM AND FEES.
The initial subscription term shall be [Subscription Term], commencing on the Effective Date (the "Initial Term"). The subscription fee is $[Subscription Fee] CAD, payable [Billing Frequency] in advance. All fees are quoted in Canadian dollars and are exclusive of applicable federal (GST/HST) and provincial sales taxes (PST/QST), which shall be added to each invoice as required by the Excise Tax Act, R.S.C. 1985, c. E-15.
The Provider may increase subscription fees upon renewal by providing the Customer with at least sixty (60) days’ written notice prior to the end of the then-current term. Fee increases shall not exceed ten percent (10%) per renewal period unless otherwise agreed in writing. The Customer’s continued use of the Service after a fee increase takes effect constitutes acceptance of the new fees.
5. INTELLECTUAL PROPERTY.
The Provider retains all right, title, and interest in and to the Service, including all intellectual property rights therein, including but not limited to copyrights under the Copyright Act, R.S.C. 1985, c. C-42, patents, trademarks under the Trademarks Act, R.S.C. 1985, c. T-13, trade secrets, and all derivatives, improvements, and modifications thereof. Nothing in this Agreement transfers any ownership of the Service or its intellectual property to the Customer.
The Customer retains all right, title, and interest in and to Customer Data. The Customer grants the Provider a non-exclusive, royalty-free, limited licence to host, store, process, and display Customer Data solely for the purpose of providing the Service to the Customer in accordance with this Agreement. The Provider shall not use Customer Data for any purpose other than providing and improving the Service, and shall not sell, share, or disclose Customer Data to any third party except as expressly permitted by this Agreement or as required by law.
6. DATA PRIVACY AND SECURITY.
The Provider shall comply with the Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 ("PIPEDA"), and any applicable provincial privacy legislation, including the Freedom of Information and Protection of Privacy Act (British Columbia), the Personal Information Protection Act (Alberta and British Columbia), and An Act Respecting the Protection of Personal Information in the Private Sector (Quebec), with respect to any personal information contained within Customer Data.
Customer Data shall be stored and processed in [Data Residency]. The Provider shall implement and maintain [Encryption Standard] to protect Customer Data. The Provider shall implement appropriate administrative, physical, and technical safeguards to protect Customer Data against unauthorized access, use, disclosure, alteration, or destruction, in accordance with the security principles set out in Schedule 1 of PIPEDA.
The Provider shall not send any commercial electronic messages (as defined under CASL) to the Customer’s Authorized Users without obtaining express consent as required by CASL, and shall include a compliant unsubscribe mechanism in all such communications.
7. CONFIDENTIALITY.
Each Party agrees to hold the other Party’s Confidential Information in strict confidence and not to disclose it to any third party without the disclosing Party’s prior written consent, except: (a) to employees, contractors, and advisors who need access for the purpose of performing obligations under this Agreement and who are bound by confidentiality obligations no less restrictive than those in this section; (b) as required by applicable law, regulation, court order, or legal process; or (c) to the extent the information becomes publicly available through no fault of the receiving Party. This confidentiality obligation shall survive the termination or expiry of this Agreement for a period of three (3) years.
8. WARRANTIES AND DISCLAIMERS.
The Provider warrants that: (a) the Service shall perform materially in accordance with the documentation provided to the Customer; (b) the Provider has the legal right and authority to grant the access rights described in this Agreement; and (c) the Service shall not infringe any third-party intellectual property rights in Canada.
EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE SERVICE IS PROVIDED "AS IS" AND THE PROVIDER DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY THE LAWS OF THE PROVINCE OF [Governing Law Province]. THE PROVIDER DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE.
9. LIMITATION OF LIABILITY.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING DAMAGES FOR LOST PROFITS, LOST REVENUE, LOST DATA, OR BUSINESS INTERRUPTION, ARISING OUT OF OR RELATED TO THIS AGREEMENT, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR OTHERWISE), EVEN IF THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
THE AGGREGATE LIABILITY OF EITHER PARTY UNDER THIS AGREEMENT SHALL NOT EXCEED [Liability Cap]. THIS LIMITATION SHALL NOT APPLY TO: (A) A PARTY’S BREACH OF ITS CONFIDENTIALITY OBLIGATIONS; (B) A PARTY’S INDEMNIFICATION OBLIGATIONS; (C) THE CUSTOMER’S PAYMENT OBLIGATIONS; OR (D) LIABILITY ARISING FROM GROSS NEGLIGENCE, FRAUD, OR WILFUL MISCONDUCT.
10. INDEMNIFICATION.
The Provider shall indemnify, defend, and hold harmless the Customer from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees on a solicitor-and-client basis) arising from any third-party claim that the Service infringes any Canadian intellectual property right. The Provider’s obligation shall not apply if the alleged infringement results from: (a) the Customer’s modification of the Service; (b) the Customer’s use of the Service in combination with products or services not provided by the Provider; or (c) the Customer’s continued use of the Service after the Provider has provided a non-infringing alternative.
The Customer shall indemnify, defend, and hold harmless the Provider from and against any and all claims, damages, losses, liabilities, costs, and expenses arising from: (a) the Customer’s breach of this Agreement; (b) the Customer’s use of the Service in violation of applicable law, including PIPEDA and CASL; or (c) any claim by a third party related to the Customer Data or the Customer’s use of the Service.
11. TERMINATION.
Either Party may terminate this Agreement: (a) for convenience by providing written notice of non-renewal at least [Cancellation Notice] prior to the end of the then-current term; (b) immediately upon written notice if the other Party commits a material breach and fails to cure such breach within [Cure Period] of receiving written notice specifying the breach; or (c) immediately upon written notice if the other Party becomes insolvent, files for bankruptcy protection under the Bankruptcy and Insolvency Act, R.S.C. 1985, c. B-3, is the subject of a winding-up order, or ceases to carry on business.
Upon termination or expiry: (a) the Customer’s right to access and use the Service shall immediately cease; (b) the Customer shall pay all outstanding fees accrued prior to the effective date of termination; (c) the Provider shall make Customer Data available for export for a period of thirty (30) days following termination, after which the Provider shall securely delete all Customer Data; and (d) all provisions of this Agreement that by their nature should survive termination shall survive, including Sections relating to intellectual property, confidentiality, limitation of liability, indemnification, and governing law.
12. GOVERNING LAW.
This Agreement shall be governed by, construed, and enforced in accordance with the laws of the Province of [Governing Law Province] and the applicable federal laws of Canada, without regard to conflict of laws principles. Any legal action or proceeding arising out of or relating to this Agreement shall be brought exclusively in the courts of the Province of [Governing Law Province], and each Party hereby irrevocably attorns to the exclusive jurisdiction of such courts.
13. GENERAL PROVISIONS.
Entire Agreement. This Agreement constitutes the entire agreement between the Parties with respect to the subject matter hereof and supersedes all prior and contemporaneous negotiations, representations, warranties, commitments, offers, contracts, and understandings, whether oral or written.
Amendments. This Agreement may not be amended, modified, or supplemented except by a written instrument signed by both Parties.
Severability. If any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions shall continue in full force and effect, and the invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable.
Assignment. Neither Party may assign this Agreement without the prior written consent of the other Party, except that the Provider may assign this Agreement in connection with a merger, acquisition, or sale of all or substantially all of its assets, provided the assignee agrees to be bound by the terms of this Agreement.
Force Majeure. Neither Party shall be liable for any delay or failure in performance caused by circumstances beyond the Party’s reasonable control, including acts of God, natural disasters, government actions, pandemic, Internet outages, or infrastructure failures, provided the affected Party gives prompt written notice to the other Party.
Notices. All notices under this Agreement shall be in writing and shall be deemed given upon personal delivery, one (1) business day after sending by nationally recognized overnight courier, three (3) business days after mailing by registered mail through Canada Post, or upon confirmed receipt if sent by electronic mail.
Counterparts. This Agreement may be executed in counterparts, each of which shall be deemed an original. Electronic signatures are valid and binding in accordance with the Electronic Commerce Act, 2000, S.O. 2000, c. 17, or equivalent provincial electronic commerce legislation.
IN WITNESS WHEREOF, the Parties have executed this SaaS Agreement as of the Effective Date first written above, each intending to be legally bound hereby.
PROVIDER:
Name: [Provider Name]
Date: [Provider Sign Date]
CUSTOMER:
Name: [Customer Name]
Date: [Customer Sign Date]
Provider
________________
Signature
Date: ________________
Customer
________________
Signature
Date: ________________
What Is a SaaS Agreement (Canada)?
A SaaS Agreement in Canada sets the subscription, service levels, and data-protection terms for use of the software-as-a-service product, governed primarily by common-law contract principles and PIPEDA.
The legal framework for Canadian SaaS agreements is shaped by several federal and provincial statutes. The Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 (PIPEDA) governs how the provider must handle, store, and protect any personal information contained within customer data. PIPEDA’s ten fair information principles (consent, accountability, purpose limitation, collection limitation, use limitation, accuracy, safeguards, openness, individual access, and challenging compliance) must be reflected in the agreement’s data processing provisions.
Canada’s Anti-Spam Legislation, S.C. 2010, c. 23 (CASL) applies to any commercial electronic messages sent through or in connection with the service. SaaS providers that send marketing emails, product updates, or promotional communications to Canadian users must comply with CASL’s requirements for express consent, sender identification, and functional unsubscribe mechanisms, with penalties of up to $10 million per violation for organizations.
Provincial Consumer Protection Acts, particularly Ontario’s Consumer Protection Act, 2002, impose requirements for subscription auto-renewal, including clear disclosure of renewal terms, advance notice of renewal, and the ability for the consumer to cancel at any time. SaaS providers serving Canadian consumers must confirm their subscription billing practices comply with these provincial requirements.
The Copyright Act, R.S.C. 1985, c. C-42 and the Trademarks Act, R.S.C. 1985, c. T-13 govern the intellectual property provisions of the agreement, confirming that the provider retains ownership of the software while granting the customer a limited licence to use it. Customer data ownership, by contrast, remains with the customer, and the provider’s right to process that data is limited to providing the contracted service.
The legal framework governing the SaaS Agreement (Canada) in Canada draws on several key statutes and regulatory bodies. Under the Canada Business Corporations Act (R.S.C. 1985, c. C-44), Corporations Canada maintains the federal registry. Section 12 of the CBCA governs corporate name requirements. The Competition Bureau enforces the Competition Act (R.S.C. 1985, c. C-34). Provincial securities commissions — including the Ontario Securities Commission (OSC) and British Columbia Securities Commission (BCSC) — regulate capital markets. The Federal Court of Canada has jurisdiction under the Federal Courts Act. Parties executing a SaaS Agreement (Canada) in Canada should confirm the document reflects current law, including any amendments enacted since the original drafting date. The Common law of contract + PIPEDA sets the foundational requirements.
When Do You Need a SaaS Agreement (Canada)?
When a Canadian software company is launching a cloud-based application and needs a formal agreement to govern customer subscriptions, including pricing, access rights, data handling, and support obligations.
When a business is subscribing to a SaaS platform for CRM, project management, accounting, HR, e-commerce, or other business functions and needs a clear contract defining the service scope, data ownership, security requirements, and termination rights.
When a SaaS provider handles personal information of Canadian individuals (employees, customers, patients, students) and must confirm its agreement complies with PIPEDA’s privacy requirements, including consent, purpose limitation, security safeguards, and mandatory breach notification.
When a SaaS provider offers subscription auto-renewal and needs to comply with provincial Consumer Protection Acts that require clear disclosure, advance notice, and the ability for customers to cancel without penalty.
When a customer requires specific data residency commitments, confirming that customer data is stored and processed exclusively within Canadian borders or within specified jurisdictions, with appropriate safeguards for any cross-border data transfers.
When enterprise customers require service level commitments, including guaranteed uptime percentages, scheduled maintenance windows, support response times, and service credit remedies for downtime that exceeds the guaranteed thresholds.
Parties in Canada should prepare a SaaS Agreement (Canada) proactively rather than waiting for a dispute to arise. Courts interpret agreements based on the written terms rather than oral representations. Under the Canada Business Corporations Act (R.S.C. 1985, c. C-44), Corporations Canada maintains the federal registry. Section 12 of the CBCA governs corporate name requirements. The Competition Bureau enforces the Competition Act (R.S.C. 1985, c. C-34). Provincial securities commissions — including the Ontario Securities Commission (OSC) and British Columbia Securities Commission (BCSC) — regulate capital markets. The Federal Court of Canada has jurisdiction under the Federal Courts Act. Where the transaction involves regulated activities, prior approval from the relevant authority may be required before execution.
What to Include in Your SaaS Agreement (Canada)
Service Description and Access Rights — A clear definition of the software service, including its name, URL, functionality, and the scope of the Customer’s non-exclusive, non-transferable right to access and use the platform during the subscription term. Restrictions on use must be explicitly stated.
Subscription Terms and Pricing — The initial subscription term, recurring fees (in CAD, exclusive of GST/HST/PST/QST), billing frequency, payment terms, and provisions for fee increases upon renewal. Auto-renewal terms must comply with provincial Consumer Protection Acts.
Intellectual Property Ownership — A clear statement that the Provider retains all IP rights in the software under the Copyright Act and Trademarks Act, while the Customer retains ownership of all Customer Data, with the Provider receiving only a limited licence to process that data for service delivery.
PIPEDA Compliance — Data processing provisions that address PIPEDA’s ten fair information principles, including purpose limitation, consent, data minimization, security safeguards, and the Customer’s right to access and correct personal information processed through the service.
Data Residency and Security — Specification of where Customer Data will be stored (Canada only, Canada and US, or global), the encryption standards applied at rest and in transit, and the Provider’s obligation to implement administrative, physical, and technical safeguards.
Breach Notification — The Provider’s obligation to notify the Customer of any breach of security safeguards involving Customer Data within a specified timeframe, and to cooperate with breach reporting to the Office of the Privacy Commissioner of Canada and affected individuals.
Service Level Agreement — Uptime guarantees (e.g., 99.9%), scheduled maintenance windows, support response times for critical issues, and service credit remedies for downtime exceeding the guaranteed threshold.
CASL Compliance — The Provider’s obligation to comply with Canada’s Anti-Spam Legislation when sending any commercial electronic messages through or in connection with the service, including obtaining express consent and providing unsubscribe mechanisms.
Termination and Data Portability — Conditions for termination (convenience, material breach, insolvency), the Customer’s right to export data in a standard format, and the Provider’s obligation to securely delete all Customer Data within a defined period after termination.
Additional compliance elements for a SaaS Agreement (Canada) used in Canada include: Under the Canada Business Corporations Act (R.S.C. 1985, c. C-44), Corporations Canada maintains the federal registry. Section 12 of the CBCA governs corporate name requirements. The Competition Bureau enforces the Competition Act (R.S.C. 1985, c. C-34). Provincial securities commissions — including the Ontario Securities Commission (OSC) and British Columbia Securities Commission (BCSC) — regulate capital markets. The Federal Court of Canada has jurisdiction under the Federal Courts Act. Forms-legal.com provides this template as a starting point for Canada-compliant documentation.
Sources & Citations
Statutory citations link to official government sources.
- R.S.C. 1985, c. C-42CA official
- R.S.C. 1985, c. T-13CA official
- R.S.C. 1985, c. C-44CA official
- R.S.C. 1985, c. C-34CA official
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). SaaS Agreement (Canada) (Canada) [Legal document template]. Forms Legal. https://forms-legal.com/canada/business/intellectual-property/saas-agreement-canada
"SaaS Agreement (Canada) (Canada)." Forms Legal, 2026, https://forms-legal.com/canada/business/intellectual-property/saas-agreement-canada.
@misc{formslegal-saas-agreement-canada,
author = {{Forms Legal}},
title = {SaaS Agreement (Canada) (Canada)},
year = {2026},
howpublished = {\url{https://forms-legal.com/canada/business/intellectual-property/saas-agreement-canada}},
note = {Free legal document template. Based on Common law of contract + PIPEDA}
}Also available for these jurisdictions:
Frequently Asked Questions
The Personal Information Protection and Electronic Documents Act (PIPEDA, S.C. 2000, c. 5) is Canada's federal privacy law governing how private-sector organizations collect, use, and disclose personal information during commercial activities. Under Section 5 of PIPEDA, organizations must comply with the ten fair information principles in Schedule 1, including accountability, consent, limiting collection, and safeguards. A SaaS agreement must address PIPEDA compliance by specifying how customer data is collected, stored, processed, and protected. Under Section 10.1 of PIPEDA (added by the Digital Privacy Act, S.C. 2015, c. 32), SaaS providers must report security breaches that create a real risk of significant harm to the Office of the Privacy Commissioner of Canada (OPC) and notify affected individuals. In British Columbia, the Personal Information Protection Act (PIPA, SBC 2003, c. 63) applies to provincially regulated SaaS customers — Section 6 of PIPA governs consent. In Alberta, the Personal Information Protection Act (SA 2003, c. P-6.5) applies. In Quebec, Law 25 (Act to modernize legislative provisions respecting the protection of personal information, S.Q. 2021, c. 25, amending the Act respecting the protection of personal information in the private sector, CQLR c. P-39.1) imposes additional obligations beyond PIPEDA, including mandatory privacy impact assessments before transferring personal data outside Quebec under Section 70.1 and the right to data portability under Section 27. SaaS agreements serving Quebec customers must specifically address Loi 25 compliance. Forms-legal.com provides this template to help Canadian SaaS providers build PIPEDA-compliant subscription agreements.
Canada's Anti-Spam Legislation (CASL, S.C. 2010, c. 23) regulates the sending of commercial electronic messages (CEMs) to electronic addresses of recipients located in Canada. Under Section 6 of CASL, a SaaS provider must not send a CEM unless the recipient has given express or implied consent, the message identifies the sender, and the message includes a functional unsubscribe mechanism that the recipient can use within 10 business days. Express consent requires a clear positive opt-in action by the recipient. Implied consent exists under Section 10(9) of CASL where the recipient has an existing business relationship with the sender within the prior 24 months. Under Section 20 of CASL, violations by organizations can result in administrative monetary penalties of up to $10 million per violation, and individuals can face penalties of up to $1 million per violation, enforced by the Canadian Radio-television and Telecommunications Commission (CRTC). SaaS agreements should specify that the customer is responsible for obtaining CASL-compliant consent from their own end users before sending CEMs through the platform, indemnifying the SaaS provider against CASL liability arising from the customer's use. Forms-legal.com provides this template to help Canadian SaaS providers address CASL compliance.
Under Section 10.1 of the Personal Information Protection and Electronic Documents Act (PIPEDA, S.C. 2000, c. 5), as amended by the Digital Privacy Act (S.C. 2015, c. 32), organizations must report to the Office of the Privacy Commissioner of Canada (OPC) any breach of security safeguards involving personal information that creates a real risk of significant harm to an individual. The breach report must be made as soon as feasible after the organization determines that the breach has occurred. Under Section 10.3 of PIPEDA, organizations must also notify affected individuals as soon as feasible. The Breach of Security Safeguards Regulations (SOR/2018-64) require organizations to maintain a record of every breach for a minimum of 24 months and to provide those records to the OPC upon request. In Quebec, Section 3.5 of the Act respecting the protection of personal information in the private sector (LPRPSP, CQLR c. P-39.1), as amended by Law 25, requires that confidentiality incident reports be made to the Commission d'accès à l'information du Québec (CAI) and affected persons within 72 hours when there is a risk of serious injury. In British Columbia, Section 34.1 of the Personal Information Protection Act (PIPA, SBC 2003, c. 63) imposes similar mandatory breach reporting obligations to the BC Information and Privacy Commissioner. SaaS agreements must allocate breach notification responsibilities between the provider and customer. Forms-legal.com provides this template for Canadian SaaS providers.
Yes, Canadian SaaS agreements may include automatic renewal provisions, but provincial consumer protection legislation imposes disclosure and cancellation requirements. In Ontario, Section 27 of the Consumer Protection Act, 2002 (S.O. 2002, c. 30, Sched. A) requires that internet agreements and remote agreements — which include SaaS subscriptions — clearly disclose material terms including automatic renewal provisions before the consumer is bound. Under Section 45 of the Consumer Protection Act, 2002, the consumer has the right to cancel a subscription agreement that is for an indefinite period, and the supplier must provide a full refund of amounts paid for goods or services not yet received. In British Columbia, the Business Practices and Consumer Protection Act (SBC 2004, c. 2) governs the disclosure of renewal terms in subscription agreements. Section 19 of that Act prohibits deceptive acts or practices, including failing to clearly disclose auto-renewal terms. In Quebec, the Act respecting consumer protection (RLRQ, c. P-40.1) requires contracts concluded by technological means to clearly indicate renewal terms. The Office de la protection du consommateur du Québec (OPC Québec) enforces these requirements. For B2B SaaS, consumer protection legislation typically does not apply, but common law still governs. SaaS agreements should include a 30-60 day renewal notice and cancellation window. Forms-legal.com provides this template for Canadian SaaS providers.
The Personal Information Protection and Electronic Documents Act (PIPEDA, S.C. 2000, c. 5) does not prohibit cross-border transfers of personal information, but under Schedule 1, Section 4.1.3, organizations remain accountable for personal information transferred to a third party for processing, even if the third party is located outside Canada. The SaaS agreement should clearly specify data residency options — Canadian-only servers, US servers with Standard Contractual Clauses, or global infrastructure — and require sub-processors to maintain equivalent privacy protections. In Quebec, Section 70.1 of the Act respecting the protection of personal information in the private sector (LPRPSP, CQLR c. P-39.1), as amended by Law 25 (S.Q. 2021, c. 25), requires a privacy impact assessment (PIA) before transferring personal information outside Quebec, and the transfer must be authorized by a written agreement that includes privacy protections. Quebec-based SaaS customers whose data is stored outside Quebec must comply with these requirements. In British Columbia, Section 33.1 of PIPA (SBC 2003, c. 63) limits transfers outside Canada unless consented to. OSFI Guideline B-10 imposes data residency obligations for federally regulated financial institutions. Forms-legal.com provides this template for Canadian SaaS providers.
Yes. Cloud-based software subscriptions are taxable supplies under the Excise Tax Act (R.S.C. 1985, c. E-15). Canadian SaaS providers registered for GST/HST under Section 240 of the Excise Tax Act must charge GST/HST on subscriptions sold to Canadian-resident customers. The applicable rate depends on the customer's province of residence: 5% GST in Alberta, Manitoba, Saskatchewan, British Columbia, and the territories; 13% HST in Ontario; 15% HST in Nova Scotia, New Brunswick, Prince Edward Island, and Newfoundland and Labrador; 5% GST + 9.975% QST (totalling 14.975%) in Quebec under the Act respecting the Quebec sales tax (RLRQ, c. T-0.1); and 5% GST + 6% PST in British Columbia under the Provincial Sales Tax Act (SBC 2012, c. 35). Non-resident SaaS providers that make taxable supplies to Canadian consumers may be required to register under the simplified GST/HST registration framework for non-residents introduced in 2021 under amendments to the Excise Tax Act — businesses with annual revenues exceeding CAD $30,000 from Canadian digital services must register. SaaS providers may claim input tax credits (ITCs) under Section 169 of the Excise Tax Act for GST/HST paid on business expenses related to the SaaS service. CRA GST/HST Info Sheet GI-150 provides guidance on digital services. Forms-legal.com provides this template to help Canadian SaaS providers document subscription fees with correct GST/HST treatment.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
Licensing Agreement (Canada)
License intellectual property under Canadian law. Covers copyright, patents, trademarks, royalties, and moral rights under the Copyright Act.
Business Contract (Canada)
Formalize any business relationship with a Canadian Business Contract. This general-purpose template covers scope of work, payment terms, warranties, limitation of liability, and compliance with Canadian consumer protection and competition laws.
Confidentiality Agreement (Canada)
Protect trade secrets and proprietary business information with a Canadian confidentiality agreement. This template supports both unilateral and mutual agreements, references Canadian common law trade secret protections, PIPEDA privacy obligations, and includes provisions for compelled disclosure, return of materials, equitable remedies, and survival periods.
Website Terms of Service (Canada)
Create comprehensive Canadian website terms of service that comply with PIPEDA, CASL, and the Competition Act. This template covers user eligibility, acceptable use, intellectual property, privacy and data protection, CASL-compliant electronic communications, e-commerce terms with GST/HST provisions, disclaimers, and limitation of liability under Canadian law.
Software License Agreement
Create a comprehensive Software License Agreement governed by U.S. law. Covers license grant (exclusive, non-exclusive, or sole), permitted use, license fees, intellectual property protections under the Copyright Act (17 U.S.C.) and DMCA, support and maintenance, disclaimer of warranties, limitation of liability, and termination provisions.