SaaS Agreement (India)
SAAS AGREEMENT
Information Technology Act 2000 | Digital Personal Data Protection Act 2023 | Indian Contract Act 1872 | CGST Act 2017
This SaaS Agreement ("Agreement") is entered into on [Agreement Date] between:
VENDOR: [Vendor Name] (PAN: [Vendor PAN]), GSTIN: [Vendor GSTIN], registered at [Vendor Address] (the "Vendor"); and
CUSTOMER: [Customer Name] (PAN: [Customer PAN]), GSTIN: [Customer GSTIN], registered at [Customer Address] (the "Customer").
1. LICENCE GRANT
1.1 The Vendor grants the Customer a non-exclusive, non-transferable, revocable right to access and use [Software Name] (the "Software") via the internet for the Customer's internal business purposes during the subscription term.
1.2 Software description: [Software Description].
1.3 Subscription term: [Subscription Term], commencing [Subscription Start Date], with automatic renewal unless either party gives [Notice Period] written notice of non-renewal.
1.4 The Customer shall not: (a) reverse engineer, decompile, or disassemble the Software; (b) sublicence, resell, or make the Software available to third parties; (c) use the Software for any unlawful purpose; (d) attempt to gain unauthorised access to the Vendor's infrastructure; or (e) remove any proprietary notices from the Software.
2. SUBSCRIPTION FEES AND GST
2.1 The Customer shall pay the Vendor a subscription fee of ₹[Subscription Fee] per [Subscription Term] (excluding GST), billed [Billing Cycle].
2.2 GST at 18% shall be charged in addition to the subscription fee under the CGST Act 2017 (SAC code 998313). The Vendor shall issue compliant GST tax invoices. The Customer may claim ITC on GST paid.
2.3 Payment is due within 15 days of the invoice date. Late payment shall attract interest at 1.5% per month.
2.4 TDS: The Customer shall deduct TDS under Section 194J of the Income Tax Act 1961 at 10% (professional services) or 2% (technical services) as applicable on the subscription fee (excluding GST), deposit it with the Income Tax Department, and issue Form 16A to the Vendor.
3. SERVICE LEVELS
3.1 The Vendor guarantees monthly uptime of [SLA Uptime]% for the Software, measured on a calendar month basis excluding scheduled maintenance windows (communicated at least 48 hours in advance).
3.2 Service credits: If uptime falls below the guaranteed level, the Customer shall be entitled to a credit of 5% of the monthly subscription fee for each 0.5% shortfall, up to a maximum of 30% of the monthly fee. Service credits are the Customer's sole remedy for SLA breaches.
3.3 Incident response: Critical incidents (service unavailable) — response within 1 hour, target resolution within 4 hours. High severity — response within 4 hours, target resolution within 24 hours.
4. DATA PROTECTION AND DPDP ACT 2023
4.1 The Customer is the data fiduciary and the Vendor is the data processor under the Digital Personal Data Protection Act 2023 (DPDP Act). The Vendor shall process personal data only on the Customer's written instructions and shall not process it for any other purpose.
4.2 Data residency: [Data Residency]. The Vendor shall not transfer customer data to any country or territory that the Central Government notifies as restricted under the DPDP Act without the Customer's prior written consent.
4.3 Security: The Vendor shall implement appropriate technical and organisational security measures to protect personal data against unauthorised access, disclosure, or loss, compliant with ISO 27001 or equivalent standards and Section 43A of the IT Act 2000.
4.4 Data breach: The Vendor shall notify the Customer within 72 hours of becoming aware of any personal data breach, and shall cooperate fully in the Customer's breach notification obligations under the DPDP Act.
4.5 Customer data ownership: The Customer retains full ownership of all data submitted to or processed by the Software ("Customer Data"). The Vendor shall not use Customer Data for any purpose other than providing the Software services.
5. INTELLECTUAL PROPERTY
5.1 The Vendor retains full ownership of all IP in the Software including source code, algorithms, databases, user interfaces, and documentation. This Agreement grants no IP rights except the limited access licence in Clause 1.
5.2 The Customer retains all rights to Customer Data. The Vendor is granted a limited, non-exclusive licence to process Customer Data solely to provide the Software services.
5.3 Any feedback, suggestions, or enhancement requests provided by the Customer shall not give the Customer any IP rights and may be used by the Vendor without restriction.
6. CONFIDENTIALITY
6.1 Each party shall keep confidential all Confidential Information of the other party. The Vendor shall treat all Customer Data as Confidential Information. The Customer shall treat the Vendor's pricing, technical documentation, and roadmap as Confidential Information. This obligation survives termination for 3 years.
7. TERMINATION AND DATA RETURN
7.1 Either party may terminate this Agreement for cause upon 30 days' written notice if the other party commits a material breach and fails to remedy it within the notice period.
7.2 The Vendor may suspend access if the Customer fails to pay within 30 days of the due date, and may terminate if payment remains outstanding for a further 15 days after written notice.
7.3 Data return: Within 30 days of termination, the Vendor shall provide the Customer with a full export of all Customer Data in a portable, machine-readable format (CSV/JSON). The Vendor shall retain Customer Data for a further 60 days during which the Customer may retrieve it. Thereafter, the Vendor shall securely delete all Customer Data and certify deletion in writing.
8. GOVERNING LAW AND DISPUTE RESOLUTION
8.1 This Agreement is governed by the laws of India and the laws of the State of [Governing State].
8.2 Any dispute shall be referred to and finally resolved by arbitration under the Arbitration and Conciliation Act 1996, seated at [Arbitration City]. A sole arbitrator shall be appointed by mutual agreement. The language of arbitration shall be English.
8.3 This Agreement shall be executed on non-judicial stamp paper as required under the Indian Stamp Act 1899 and the applicable state stamp act of [Governing State].
Vendor
________________
Signature
Customer
________________
Signature
What Is a SaaS Agreement (India)?
A SaaS Agreement (India) in India a SaaS Agreement (Software as a Service Agreement) is a commercial contract under which a SaaS vendor grants a customer access to cloud-hosted software over the internet on a subscription basis, in exchange for recurring fees in India. In India, SaaS agreements are governed by the Information Technology Act 2000 (IT Act), the Indian Contract Act 1872, the Digital Personal Data Protection Act 2023 (DPDP Act), and the Central Goods and Services Tax Act 2017.
Unlike traditional software licensing where the customer purchases a perpetual licence and installs software on their own infrastructure, in a SaaS arrangement the software remains hosted on the vendor's infrastructure (or third-party cloud infrastructure). The customer receives access rights — typically a non-exclusive, non-transferable licence to access and use the software via the internet — rather than a copy of the software itself. This cloud delivery model has significant implications for IP ownership, data residency, service availability, and regulatory compliance.
The IT Act 2000 and the DPDP Act 2023 are the primary data-related statutes that SaaS agreements in India must address. The DPDP Act establishes obligations for data fiduciaries and data processors — roles that must be clearly allocated between the SaaS vendor and customer in the agreement. The IT Act's Section 43A imposes liability on body corporates for negligent handling of sensitive personal data, which has been the basis for data breach claims against SaaS vendors in India.
GST at 18% applies to domestic SaaS services under the CGST Act 2017 (SAC code 998313), and the vendor must issue compliant GST tax invoices. For enterprise customers, ITC on the 18% GST is claimable where the SaaS is used for business purposes.
The legal framework governing the SaaS Agreement (India) in India draws on several key statutes and regulatory bodies. Under Indian law, the Indian Contract Act 1872 governs contractual obligations, with Section 10 setting essential requirements for valid agreements. The Companies Act 2013 regulates corporate entities through the Registrar of Companies (ROC) and Ministry of Corporate Affairs (MCA). The Industrial Disputes Act 1947 and state labour commissioners govern employment disputes. The Information Technology Act 2000 and IT (Reasonable Security Practices) Rules 2011 protect personal data. The Income Tax Act 1961 and Goods and Services Tax Act 2017 govern tax obligations through the Central Board of Direct Taxes (CBDT) and GST Council. Parties executing a SaaS Agreement (India) in India should confirm the document reflects current law, including any amendments enacted since the original drafting date. The Indian Contract Act, 1872 sets the foundational requirements.
When Do You Need a SaaS Agreement (India)?
You need a SaaS Agreement when you are providing cloud-hosted software to customers on a subscription basis, or when you are procuring SaaS software for your business. This agreement is the foundational commercial and legal document for any SaaS relationship.
You need this agreement when you are an Indian SaaS startup or technology company offering software services to Indian enterprise customers. The agreement must address subscription fees, SLA, data processing obligations under the DPDP Act 2023, IP ownership, acceptable use, and termination data return.
You need this agreement when an Indian company is procuring SaaS software from a foreign vendor. The agreement must address data transfer compliance, GST on reverse charge basis, the vendor's DPDP Act obligations, and the customer's data sovereignty requirements.
You need this agreement when the SaaS platform will process personal data of Indian residents — employees, customers, or end users. The DPDP Act 2023 requires a formal data processing agreement between the data fiduciary (customer) and data processor (vendor).
You also need this agreement to protect the vendor's IP in the software: a SaaS agreement must include a clear licence grant (limited to access via the internet) and IP ownership provisions that confirm the vendor retains full ownership of the software, preventing the customer from claiming any ownership rights.
Parties in India should prepare a SaaS Agreement (India) proactively rather than waiting for a dispute to arise. Courts interpret agreements based on the written terms rather than oral representations. Under Indian law, the Indian Contract Act 1872 governs contractual obligations, with Section 10 setting essential requirements for valid agreements. The Companies Act 2013 regulates corporate entities through the Registrar of Companies (ROC) and Ministry of Corporate Affairs (MCA). The Industrial Disputes Act 1947 and state labour commissioners govern employment disputes. The Information Technology Act 2000 and IT (Reasonable Security Practices) Rules 2011 protect personal data. The Income Tax Act 1961 and Goods and Services Tax Act 2017 govern tax obligations through the Central Board of Direct Taxes (CBDT) and GST Council. Where the transaction involves regulated activities, prior approval from the relevant authority may be required before execution.
What to Include in Your SaaS Agreement (India)
A thorough India SaaS Agreement should contain the following key elements.
Parties: Full legal names, addresses, PAN, and GSTIN of the vendor and customer.
Licence grant: A non-exclusive, non-transferable, revocable licence to access and use the software via the internet for the customer's internal business purposes, for the subscription term.
Subscription fees: The subscription fee amount (excluding GST), GST at 18%, payment schedule, invoice requirements under CGST Rules 2017, and consequences of late payment.
SLA: Uptime guarantee (typically 99.5% or higher), incident classification, response and resolution time targets, service credit mechanism, and exclusions.
Data processing: Roles of vendor as data processor and customer as data fiduciary under the DPDP Act 2023; vendor's obligations to process data only on customer instructions; security measures; breach notification procedure.
Data localisation: Whether data will be stored in India, and compliance with RBI, SEBI, or other regulatory data localisation requirements if applicable.
IP ownership: Confirmation that the vendor owns all IP in the software; the customer's data remains the customer's property; and any feedback or enhancement suggestions do not give the customer any IP rights.
Acceptable use: Restrictions on use including prohibition on reverse engineering, resale, and use for unlawful purposes.
Confidentiality: Mutual confidentiality obligations.
Source code escrow: If required by the customer, reference to a source code escrow arrangement.
Termination: Grounds for termination, data return/deletion on termination, and post-termination data access period.
Governing law and arbitration: Laws of India and arbitration under the Arbitration and Conciliation Act 1996.
Additional compliance elements for a SaaS Agreement (India) used in India include: Under Indian law, the Indian Contract Act 1872 governs contractual obligations, with Section 10 setting essential requirements for valid agreements. The Companies Act 2013 regulates corporate entities through the Registrar of Companies (ROC) and Ministry of Corporate Affairs (MCA). The Industrial Disputes Act 1947 and state labour commissioners govern employment disputes. The Information Technology Act 2000 and IT (Reasonable Security Practices) Rules 2011 protect personal data. The Income Tax Act 1961 and Goods and Services Tax Act 2017 govern tax obligations through the Central Board of Direct Taxes (CBDT) and GST Council. Forms-legal.com provides this template as a starting point for India-compliant documentation.
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). SaaS Agreement (India) (India) [Legal document template]. Forms Legal. https://forms-legal.com/india/business/contracts/saas-agreement-india
"SaaS Agreement (India) (India)." Forms Legal, 2026, https://forms-legal.com/india/business/contracts/saas-agreement-india.
@misc{formslegal-saas-agreement-india,
author = {{Forms Legal}},
title = {SaaS Agreement (India) (India)},
year = {2026},
howpublished = {\url{https://forms-legal.com/india/business/contracts/saas-agreement-india}},
note = {Free legal document template. Based on Indian Contract Act, 1872}
}Also available for these jurisdictions:
Frequently Asked Questions
The Digital Personal Data Protection Act 2023 (DPDP Act) received Presidential assent on 11 August 2023 and represents India's first comprehensive data protection legislation. While the full rules under the Act are yet to be notified, the Act's framework has significant implications for SaaS agreements involving the processing of personal data of Indian residents. The DPDP Act establishes a framework based on the concepts of 'data principal' (the individual whose data is processed), 'data fiduciary' (the entity that determines the purpose and means of processing — typically the SaaS customer), and 'data processor' (the entity that processes data on the fiduciary's instructions — typically the SaaS vendor). SaaS agreements must clearly allocate these roles. Key DPDP Act obligations affecting SaaS agreements:
Data processing agreement: The Act requires that a data fiduciary must enter into a valid contract with a data processor, which must include the processor's obligations to process data only on the fiduciary's documented instructions, implement appropriate security measures, and assist the fiduciary in meeting its obligations under the Act. Security obligations: Both data fiduciaries and data processors must implement reasonable security safeguards to prevent personal data breaches. The Act requires notification of personal data breaches to the Data Protection Board of India and to affected data principals.
SaaS services in India are classified as 'information technology software services' under the Central Goods and Services Tax Act 2017 (CGST Act). The GST treatment depends on whether the supply is domestic (intra-India) or cross-border. Domestic SaaS: For SaaS services supplied by an Indian SaaS vendor to an Indian customer, GST is applicable at 18% (SAC code 998313 — cloud computing service or 998314 — information technology infrastructure services). The vendor must issue a compliant GST tax invoice, and the customer (if GST-registered) can claim Input Tax Credit (ITC) on the 18% GST paid, provided the service is used for business purposes and not for making exempt supplies. Export of services: For SaaS services exported by an Indian vendor to a foreign customer (services used by a recipient located outside India), the supply qualifies as an 'export of services' under Section 2(6) of the IGST Act 2017, which is zero-rated. The Indian vendor can either: (a) export under Bond/LUT (Letter of Undertaking) without paying GST and claim a refund of accumulated ITC; or (b) pay IGST at 18% and claim a refund. To qualify as export of services, the consideration must be received in convertible foreign exchange. Import of SaaS services: For an Indian company purchasing SaaS from a foreign vendor (such as Salesforce, Microsoft, or Google), the Indian company is liable to pay IGST on a reverse charge basis at 18% under Section 5(3) of the IGST Act on import of services. The Indian customer can then claim ITC on this self-assessed GST.
Service Level Agreements (SLAs) are a critical component of SaaS agreements in India, particularly for enterprise customers who depend on the SaaS platform for critical business operations. An effective SLA in an India SaaS agreement should include the following. Uptime guarantee: The minimum uptime percentage for the SaaS platform, typically expressed as a monthly availability percentage (e.g., 99.5% or 99.9%). The SLA should define 'uptime' precisely — distinguishing planned maintenance windows from unplanned downtime — and specify how uptime is measured (typically by third-party monitoring tools). Maintenance windows: Scheduled maintenance windows during which the platform may be unavailable without counting as downtime. For Indian deployments, maintenance windows should preferably be scheduled during low-usage periods, taking Indian Standard Time (IST) into account. Incident classification: A classification system for service incidents by severity (e.g., critical, high, medium, low), with defined response and resolution time targets for each severity level. Response and resolution times: Target response times (time to acknowledge and initial assessment) and target resolution times (time to restore service), differentiated by incident severity. Service credits: The compensation mechanism for SLA breaches — typically expressed as a credit against future subscription fees, calculated as a percentage of the monthly subscription fee proportional to the duration of the outage.
A SaaS Agreement (India) does not legally require a lawyer in India, and individuals and businesses may draft and execute the document independently. The Indian Contract Act, 1872 does not mandate legal representation for the creation or signing of this type of document. However, seeking independent legal advice from a qualified India lawyer is recommended for transactions involving substantial financial value, complex regulatory requirements, or cross-border elements where multiple legal jurisdictions may apply. A lawyer can verify that the document complies with all applicable statutory requirements, identify potential risks specific to the transaction, and confirm that the terms adequately protect the interests of all parties involved. The Supreme Court of India has jurisdiction over disputes arising from this type of document, and Registrar of Companies (ROC) may impose additional compliance obligations depending on the nature of the underlying transaction. Professional legal review is particularly advisable where the document will be submitted to government agencies or used as evidence in legal proceedings.
A SaaS Agreement (India) does not legally require a lawyer in India, though legal advice is recommended. Under Indian law, the Indian Contract Act 1872 governs agreements. The Companies Act 2013 and Registrar of Companies (ROC) regulate corporate documents. The Information Technology Act 2000 governs electronic contracts and data protection. The Consumer Protection Act 2019 provides consumer rights. The Income Tax Act 1961 requires tax compliance. Forms-legal.com provides this template as a starting point — always review with a qualified Indian advocate for significant transactions. Under India law, Indian Contract Act, 1872, parties should seek independent legal advice from a qualified lawyer to confirm compliance with all applicable requirements. Under Indian law, the Indian Contract Act 1872 governs contractual obligations, with Section 10 setting essential requirements for valid agreements. The Companies Act 2013 regulates corporate entities through the Registrar of Companies (ROC) and Ministry of Corporate Affairs (MCA). Forms-legal.com provides this template as a starting point for India-compliant documentation.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
Cloud Services Agreement (India)
A Cloud Services Agreement for India, governed by the IT Act 2000 and DPDP Act 2023. Covers IaaS/PaaS/SaaS cloud service delivery, data residency, DPDP Act compliance obligations, shared responsibility model, SLA, security requirements, and exit/data portability rights.
Service Agreement (India)
A comprehensive service agreement under the Indian Contract Act 1872, GST Act 2017, and Arbitration & Conciliation Act 1996. Covers scope of services, GST-inclusive fees, SLA, confidentiality, IP ownership, liability cap, force majeure, and MSME-friendly payment terms.
Non-Disclosure Agreement (India)
A legally enforceable non-disclosure agreement for India, governed by the Indian Contract Act 1872 (Sections 27 and 73), IT Act 2000, and SPDI Rules 2011. Available in mutual and unilateral forms. Includes confidential information definition, exclusions, return/destruction clause, injunctive relief, and arbitration under the Arbitration and Conciliation Act 1996.
Escrow Agreement (India)
An Escrow Agreement for India, governed by the Indian Contract Act 1872. Appoints a neutral escrow agent to hold funds, documents, or assets pending satisfaction of agreed conditions. Suitable for M&A transactions, real estate, software source code escrow, and commercial transactions.