The internet is full of stories about unlucky guys who had to suffer the consequences of blindly clicking the infamous ‘I accept’ button and trusting that their interests are completely in line with the service provider’s business model (e.g. deletion of music collection from the user’s hard drive).
In order to emphasise the importance of being aware of the contractual terms’ content and their potential effects on the customer, I hereby provide a high level comparison of standard service agreements of two known cloud service providers. Even though Salesforce is a SaaS/PaaS provider and AWS is known primarily as an IaaS provider, both of them are US based cloud service providers and most of the provisions serve identical purposes.
Please note, that any standard agreement on cloud service is mostly drafted in favour of the service provider. Nevertheless, there are always minor differences which might put the customer in a safer position even in a non-negotiable contracting. Since most of the customers do not have the potential negotiation power, they should compare as much providers (including their terms of service) as possible. Especially, since sometimes the newer cloud service providers tend to lean towards more customer friendly agreements in order to attract new clients.
Comparison of the standard terms of service (ToS) for cloud services: Amazon Web Service (AWS) Customer Agreement (18 March 2016) vs. Salesforce Cloud (SFC) Master Subscription Agreement (9 January 2016) (last access for both: 11 June 2016)
Many sections of the two ToSs were similar to each other in content (e.g. license restrictions, IP rights, limitation of liability) – partially as a result of the characteristics of the service, and partially due to the position of cloud providers on the market in general. However, the ToS of SFC is a more balanced agreement that does not aim to exploit fully the vulnerabilities of the customer in a ‘click through’ contracting.
The AWS’s ToS under section 10. has an extensive disclaimer regarding no warranties what so ever for the service which is provided ‘as is’. SFC has a similar disclaimer in its ToS under 9.3; however, it also has a section 9.2 ‘Our Warranties’. This section includes commitments to a certain level of security, confidentiality and integrity of the customer’s data; the overall security and functionality of the service. Although, the remedies of the customer in case of warranty breach are limited exclusively to termination and refund (12.3, 12.4).
Furthermore, the SFC’s expressed undertaking of responsibilities (regarding service availability, data protection and responsibility for employees and even contractors) under section 3. is much more reassuring towards the customer, than the section 4.2 in AWS’s ToS prescribing for the customer to maintain its own ‘appropriate security, protection and backup’ of the content as a responsibility.
The comparison of the providers’ rights to suspend the service temporarily shows a different approach as well. SFC has a detailed list of responsibilities for its customers (4.3); although when it comes to immediate service suspension due to any security, availability or integrity threat, SFC ‘will use commercially reasonable efforts under the circumstances to provide the customer with notice and an opportunity to remedy such violation or threat prior to such suspension’. In addition, SFC does not suspend the service when the customer disputes the charges in good faith (6.5). This is not the case under the AWS’s ToS section 6., where there is no room for discussion between the parties and an end-user’s conduct may result in the suspension of the entire service, which can be very detrimental for the customer.
AWS – besides the standard 30 days’ notice period (7.2 (a), (b) (i)) – has a very wide range of reasons for unilateral immediate termination under its ToS, even including causes when the providing of services has become impractical or unfeasible (7.2 (b) (ii)). However, such option for immediate unilateral termination is not provided under any circumstances for the customer. SFC provides its services for a certain (but revolving) subscription period and the agreement can be terminated by either parties within a 30 days’ notice period. This way the customer is not left to the entire discretion of the provider and will have a guaranteed access to the content for 30 days after the termination (12.5). A disturbing scenario may happen under AWS’s ToS when the service has been suspended, thus the customer and its end-users have no access and the AWS moves for termination under Section 7.2 (b), thus neither the customer, nor the end-users will have the chance to recover their content (7.3 (b)). Yes, they are told to have their own back-up!
Anyone aiming for IaaS cloud services via ’click-through’ contracting should read and consider wisely any potential risk, since IaaS providers rarely take any liability or warranty under their standard contractual terms.
Some of the PaaS and SaaS providers offer completely back-to-back standard contractual terms in line with underlying IaaS provider’s terms; however, different business models may dictate a bigger willingness to take more obligations on behalf of the PaaS or SaaS provider in order to establish a long and fruitful relationship with its customer.