Ready to Edit

Enterprise Software as a Service Agreement - Illinois - Free Editor

ENTERPRISE SOFTWARE AS A SERVICE AGREEMENT

STATE OF ILLINOIS

AGREEMENT INFORMATION

Field	Information
Agreement Date	[__/__/____]
Agreement Number	[________________________________]
Effective Date	[__/__/____]

PARTIES TO THIS AGREEMENT

PROVIDER:

Field	Information
Legal Entity Name	[________________________________]
State of Formation	[________________________________]
Principal Address	[________________________________]
City, State, ZIP	[________________________________]
Federal Tax ID (EIN)	[________________________________]
Primary Contact Name	[________________________________]
Contact Email	[________________________________]
Contact Phone	[________________________________]

CUSTOMER:

Field	Information
Legal Entity Name	[________________________________]
State of Formation	[________________________________]
Principal Address	[________________________________]
City, State, ZIP	[________________________________]
Federal Tax ID (EIN)	[________________________________]
Primary Contact Name	[________________________________]
Contact Email	[________________________________]
Contact Phone	[________________________________]

RECITALS

WHEREAS, Provider is engaged in the business of providing cloud-based software as a service solutions and related professional services;

WHEREAS, Customer desires to obtain access to and use of Provider's software platform and services for Customer's enterprise business operations;

WHEREAS, the parties wish to establish the terms and conditions under which Provider will make its services available to Customer, subject to the laws of the State of Illinois;

WHEREAS, the parties acknowledge that Illinois law imposes specific requirements regarding biometric data collection and use under the Biometric Information Privacy Act (740 ILCS 14/), and that the Services may implicate such requirements;

WHEREAS, if Customer is located in the City of Chicago, the Chicago Personal Property Lease Transaction Tax (Chicago Municipal Code § 3-32) may apply to SaaS transactions at a rate of up to 11%;

NOW, THEREFORE, in consideration of the mutual covenants and agreements hereinafter set forth and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:

ARTICLE 1: DEFINITIONS

1.1 "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a party, where "control" means ownership of more than fifty percent (50%) of the voting securities or equivalent ownership interest.

1.2 "Authorized Users" means Customer's employees, contractors, consultants, and agents who are authorized by Customer to access and use the Services under the rights granted pursuant to this Agreement.

1.3 "Biometric Data" means biometric identifiers as defined in 740 ILCS 14/10, including retina or iris scans, fingerprints, voiceprints, and scans of hand or face geometry. Biometric Data does not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color.

1.4 "Confidential Information" means all non-public information disclosed by one party to the other, whether orally, in writing, or by inspection, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and circumstances of disclosure. For purposes of 765 ILCS 1065/, Confidential Information that constitutes a trade secret shall receive the protections afforded under the Illinois Trade Secrets Act.

1.5 "Customer Data" means all electronic data, information, content, records, and files that Customer or Authorized Users upload, submit, store, transmit, or process through the Services, including Personal Information and Biometric Data (if any).

1.6 "Data Processing Agreement" or "DPA" means the data processing addendum attached as Exhibit C, setting forth the terms under which Provider processes Customer Data.

1.7 "Documentation" means Provider's standard user guides, online help files, technical specifications, and other documentation related to the Services as updated from time to time.

1.8 "Downtime" means any period during which the Services are unavailable or materially impaired, excluding Scheduled Maintenance and Excused Downtime.

1.9 "Effective Date" means the date first written above or the date both parties have executed this Agreement, whichever is later.

1.10 "Excused Downtime" means unavailability caused by: (a) Customer's acts or omissions; (b) failures of Customer's equipment, software, or network connections; (c) third-party services outside Provider's control; (d) force majeure events; or (e) suspension pursuant to Section 6.4.

1.11 "Fees" means all amounts payable by Customer to Provider as set forth in this Agreement and any applicable Order Form.

1.12 "Initial Term" means the initial subscription period specified in the Order Form.

1.13 "Intellectual Property Rights" means all patents, copyrights, trademarks, trade secrets (as defined under 765 ILCS 1065/2), and other intellectual property rights recognized under the laws of any jurisdiction worldwide.

1.14 "Malicious Code" means viruses, worms, Trojan horses, ransomware, spyware, adware, or other harmful or malicious code, files, scripts, agents, or programs.

1.15 "Monthly Uptime Percentage" means the total minutes in a calendar month minus minutes of Downtime, divided by total minutes in the month, expressed as a percentage.

1.16 "Order Form" means an ordering document specifying the Services, subscription levels, Fees, and other commercial terms, executed by both parties and incorporated herein.

1.17 "Personal Information" has the meaning set forth in 815 ILCS 530/5, including an individual's first name or first initial and last name in combination with a Social Security number, driver's license or state identification number, financial account number with access codes, medical information, health insurance information, or unique biometric data.

1.18 "Professional Services" means implementation, configuration, customization, training, integration, and consulting services provided by Provider as specified in an Order Form or Statement of Work.

1.19 "Renewal Term" means each successive subscription period following the Initial Term.

1.20 "SaaS Services" means Provider's proprietary cloud-based software platform accessible via the internet on a subscription basis, distinct from downloadable or locally installed software.

1.21 "Scheduled Maintenance" means planned maintenance of the Services performed during designated maintenance windows with advance notice to Customer.

1.22 "Security Breach" has the meaning set forth in 815 ILCS 530/5, including the unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of Personal Information maintained by the data collector.

1.23 "Security Incident" means any unauthorized access to, acquisition of, or disclosure of Customer Data, or any breach or potential breach of Provider's security measures.

1.24 "Service Level Agreement" or "SLA" means the service level commitments set forth in Article 4 and Exhibit B.

1.25 "Services" means collectively the SaaS Services, Professional Services, and support services described in the applicable Order Form.

1.26 "Statement of Work" or "SOW" means a document describing Professional Services, deliverables, timelines, and associated fees.

1.27 "Subscription Term" means collectively the Initial Term and all Renewal Terms.

1.28 "Third-Party Components" means software, data, services, or content provided by third parties that are incorporated into or used in connection with the Services.

1.29 "Trade Secret" has the meaning set forth in 765 ILCS 1065/2(d), including information, including but not limited to, technical or non-technical data, a formula, pattern, compilation, program, device, method, technique, drawing, process, financial data, or list of actual or potential customers or suppliers, that is sufficiently secret to derive economic value from not being generally known and is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.

1.30 "Uptime Commitment" means the minimum Monthly Uptime Percentage that Provider commits to maintain as specified in Article 4 and the Order Form.

1.31 "User Account" means the unique login credentials and account established for each Authorized User.

ARTICLE 2: SAAS SERVICES AND ACCESS RIGHTS

2.1 Grant of Rights

Subject to Customer's compliance with this Agreement and payment of all Fees, Provider hereby grants to Customer a non-exclusive, non-transferable, non-sublicensable right during the Subscription Term to:

(a) Access and use the SaaS Services for Customer's internal business operations;

(b) Permit Authorized Users to access and use the SaaS Services in accordance with this Agreement;

(d) Store, process, and retrieve Customer Data through the Services.

2.2 Subscription Tiers

Customer's subscription shall be as specified in the Order Form:

☐ Standard Enterprise — Up to [____] Authorized Users
☐ Professional Enterprise — Up to [____] Authorized Users
☐ Premium Enterprise — Up to [____] Authorized Users
☐ Unlimited Enterprise — Unlimited Authorized Users
☐ Custom Configuration — As specified: [________________________________]

2.3 User Account Administration

(a) Customer shall designate at least one (1) administrator to manage User Accounts and access permissions.

(b) Customer is responsible for maintaining the confidentiality of all User Account credentials.

(d) User Accounts are for designated individuals only and may not be shared among multiple persons.

2.4 Authorized User Categories

☐ Named Users — Identified individuals assigned specific User Accounts
☐ Concurrent Users — Maximum simultaneous users: [____]
☐ Site License — All employees at specified locations
☐ Enterprise-Wide — All employees and authorized contractors
☐ Other: [________________________________]

2.5 Affiliate Usage

☐ Customer's Affiliates are authorized to use the Services under this Agreement
☐ Customer's Affiliates must execute separate Order Forms
☐ Affiliate usage is not permitted

If Affiliate usage is permitted:

(a) Customer shall ensure Affiliate compliance with all Agreement terms;

(b) Customer remains liable for Affiliate acts and omissions;

2.6 Use Restrictions

Customer shall not, and shall not permit any Authorized User or third party to:

(a) Copy, modify, or create derivative works of the Services or Documentation;

(b) Reverse engineer, disassemble, decompile, or attempt to discover the source code of the Services;

(d) Use the Services in violation of any applicable law, including the Illinois Consumer Fraud and Deceptive Business Practices Act (815 ILCS 505/);

(e) Use the Services to transmit Malicious Code;

(f) Interfere with or disrupt the integrity or performance of the Services; or

(g) Attempt to gain unauthorized access to the Services or related systems.

ARTICLE 3: PROFESSIONAL SERVICES AND SUPPORT

3.1 Implementation Services

Provider shall provide the following implementation services:

☐ Standard Implementation — Per Provider's standard methodology
☐ Custom Implementation — Per mutually agreed Statement of Work
☐ Phased Implementation — Per the timeline in the Order Form

3.2 Support Services

Provider shall provide support in accordance with the following tier:

☐ Standard Support — Business hours (8:00 AM–5:00 PM CST, Monday–Friday), email and ticket-based
☐ Premium Support — Extended hours with phone support and dedicated account manager
☐ Enterprise Support — 24/7/365 coverage with designated support engineer and four-hour response SLA
☐ Custom Support — As specified: [________________________________]

3.3 Training

Provider shall deliver the following training:

☐ Online self-service training materials at no additional charge
☐ Live virtual training sessions: [____] sessions included
☐ On-site training at Customer's Illinois location: [____] days included
☐ Custom training program as specified in SOW

3.4 Change Management

Any changes to the scope of Professional Services shall be documented in a written change order signed by both parties, specifying the nature of the change, impact on timeline, and any additional Fees.

ARTICLE 4: SERVICE LEVELS AND UPTIME

4.1 Uptime Commitment

Provider shall use commercially reasonable efforts to maintain the following Monthly Uptime Percentage:

Service Level Tier	Monthly Uptime Percentage	Measurement Period
Standard	99.5%	Calendar month
Enhanced	99.9%	Calendar month
Premium	99.95%	Calendar month
Mission-Critical	99.99%	Calendar month

Selected tier: ☐ Standard ☐ Enhanced ☐ Premium ☐ Mission-Critical

4.2 Service Level Credits

If Provider fails to meet the Uptime Commitment in any calendar month, Customer shall be entitled to a Service Level Credit as follows:

Monthly Uptime Percentage	Service Level Credit (% of Monthly Fee)
99.0% – below Uptime Commitment	5%
98.0% – 98.99%	10%
95.0% – 97.99%	20%
90.0% – 94.99%	30%
Below 90.0%	50%

4.3 Credit Request Process

(a) Customer must request Service Level Credits in writing within thirty (30) days of the end of the month in which the Downtime occurred.

(b) Provider shall verify the Downtime claim and issue credits within fifteen (15) business days.

(c) Service Level Credits shall be applied to the next invoice or, if at the end of the Subscription Term, refunded to Customer.

(d) Service Level Credits are Customer's sole and exclusive remedy for Provider's failure to meet the Uptime Commitment.

4.4 Chronic Failure Termination Right

If Provider fails to meet the Uptime Commitment for three (3) or more consecutive months, or for any five (5) months in a rolling twelve-month period, Customer may terminate the affected Order Form upon thirty (30) days' written notice and receive a pro-rata refund of prepaid Fees.

4.5 Scheduled Maintenance

(a) Provider shall perform Scheduled Maintenance during the following maintenance window: [________________________________] (default: Sundays 2:00 AM–6:00 AM CST).

(b) Provider shall provide at least forty-eight (48) hours' advance notice of Scheduled Maintenance.

(d) Scheduled Maintenance is excluded from Downtime calculations.

4.6 Excused Downtime Exclusions

The following events are excluded from Downtime calculations:

(a) Force majeure events as defined in Article 16;

(b) Customer's acts, omissions, or equipment failures;

(d) Scheduled Maintenance performed within designated windows;

(e) Suspension of Services pursuant to Section 6.4; and

(f) Emergency maintenance necessitated by security threats, with prompt notice to Customer.

ARTICLE 5: CUSTOMER DATA AND DATA PROTECTION

5.1 Ownership of Customer Data

As between the parties, Customer retains all right, title, and interest in and to Customer Data. Provider acquires no rights in Customer Data except the limited license to process Customer Data as necessary to perform its obligations under this Agreement.

5.2 Data Processing

Provider shall process Customer Data solely in accordance with:

(a) Customer's documented instructions;

(b) The terms of this Agreement and the DPA (Exhibit C);

(c) Applicable data protection laws, including the Illinois Personal Information Protection Act (815 ILCS 530/) and BIPA (740 ILCS 14/); and

(d) Industry-standard security practices.

5.3 Biometric Information Privacy Act (BIPA) Compliance

ILLINOIS-SPECIFIC PROVISION — CRITICAL: If the SaaS Services collect, capture, purchase, receive through trade, or otherwise obtain Biometric Data of Illinois residents, Provider shall comply with all requirements of the Illinois Biometric Information Privacy Act (740 ILCS 14/), including:

(a) Written Policy: Provider shall develop, publish, and comply with a written policy establishing a retention schedule and guidelines for permanently destroying Biometric Data when the initial purpose for collecting such data has been satisfied or within three (3) years of the individual's last interaction with Provider, whichever occurs first (740 ILCS 14/15(a));

(b) Informed Consent: Before collecting Biometric Data, Provider shall: (i) inform the subject in writing that Biometric Data is being collected or stored; (ii) inform the subject in writing of the specific purpose and length of term for which the data is being collected, stored, and used; and (iii) receive a written release (which may be executed via electronic signature per 2024 amendment) from the subject (740 ILCS 14/15(b));

(c) Prohibition on Sale: Provider shall not sell, lease, trade, or otherwise profit from Biometric Data (740 ILCS 14/15(c));

(d) Security: Provider shall store, transmit, and protect Biometric Data using the reasonable standard of care within its industry and in a manner at least as protective as it stores other confidential and sensitive information (740 ILCS 14/15(e));

(e) Disclosure Restrictions: Provider shall not disclose Biometric Data unless: (i) the subject consents; (ii) disclosure completes a financial transaction requested by the subject; (iii) disclosure is required by law; or (iv) disclosure is required pursuant to a valid warrant or subpoena (740 ILCS 14/15(d)); and

(f) Damages Exposure: Provider acknowledges that BIPA provides a private right of action with liquidated damages of $1,000 per negligent violation and $5,000 per intentional or reckless violation, plus reasonable attorneys' fees and costs (740 ILCS 14/20).

Does the SaaS Service collect Biometric Data?

☐ Yes — Full BIPA compliance provisions apply
☐ No — BIPA compliance provisions are included as a protective measure but are not currently triggered
☐ Unknown — Parties shall conduct a BIPA assessment within [____] days of the Effective Date

5.4 Data Security

Provider shall implement and maintain reasonable administrative, technical, and physical safeguards designed to:

(a) Protect Customer Data against unauthorized access, acquisition, or disclosure;

(b) Ensure the confidentiality, integrity, and availability of Customer Data;

(d) Comply with applicable Illinois law, including 815 ILCS 530/ and 740 ILCS 14/.

5.5 Security Certifications

Provider maintains the following security certifications:

☐ SOC 2 Type II
☐ ISO 27001
☐ ISO 27017 (Cloud Security)
☐ ISO 27018 (PII in Cloud)
☐ HITRUST CSF
☐ FedRAMP (if applicable)
☐ Other: [________________________________]

5.6 Data Breach Notification

ILLINOIS-SPECIFIC PROVISION: In the event of a Security Breach involving Personal Information of Illinois residents, Provider shall:

(a) Notify Customer in the most expedient time possible and without unreasonable delay, consistent with 815 ILCS 530/10;

(b) Provide Customer with sufficient information to enable Customer to determine whether notification to affected Illinois residents is required;

(d) If notification to Illinois residents is required and more than five hundred (500) residents are affected, assist Customer in notifying the Illinois Attorney General's Office as required by 815 ILCS 530/10;

(e) Ensure that notification methods comply with 815 ILCS 530/10, including written notice, electronic notice (compliant with federal digital signature law), or substitute notice if cost would exceed $250,000 or more than 500,000 Illinois residents are affected; and

(f) If Biometric Data is compromised, treat such a breach as a separate BIPA violation requiring additional compliance measures under 740 ILCS 14/.

5.7 Data Location

Provider shall store Customer Data in the following location(s):

☐ United States only
☐ United States and approved international locations
☐ Specific data center region(s): [________________________________]

5.8 Data Encryption

Provider shall encrypt Customer Data:

(a) In transit using TLS 1.2 or higher;

(b) At rest using AES-256 or equivalent encryption standard; and

ARTICLE 6: FEES, PAYMENT, AND TAXES

6.1 Fee Structure

Customer shall pay Provider the Fees specified in the applicable Order Form:

☐ Annual Subscription — $[________________________________] per year
☐ Monthly Subscription — $[________________________________] per month
☐ Per-User Fee — $[________________________________] per Authorized User per [month/year]
☐ Usage-Based — Per the usage metrics in the Order Form
☐ Tiered Pricing — Per the tier schedule in the Order Form

6.2 Payment Terms

(a) Provider shall invoice Customer [monthly/quarterly/annually] in advance for subscription Fees and in arrears for usage-based Fees and Professional Services.

(b) Customer shall pay all undisputed invoices within [____] days of receipt (default: thirty (30) days).

6.3 Late Payments

ILLINOIS-SPECIFIC PROVISION: Overdue amounts shall accrue interest at the lesser of: (a) one and one-half percent (1.5%) per month; or (b) the maximum rate permitted under Illinois law. Under the Illinois Interest Act (815 ILCS 205/2), the default rate of interest when no rate is agreed upon is five percent (5%) per annum. Under 815 ILCS 205/4, the maximum rate permissible in written contracts is nine percent (9%) per annum; contracts providing for a higher rate are void as to the excess interest. Parties should set the contractual interest rate at or below 9% per annum to comply with Illinois law.

6.4 Suspension for Non-Payment

If Customer fails to pay any undisputed Fees within fifteen (15) days after receiving written notice of non-payment, Provider may suspend Customer's access to the Services until all outstanding Fees are paid. Provider shall provide at least ten (10) business days' written notice before suspension.

6.5 Fee Disputes

(a) Customer shall notify Provider of any disputed charges within thirty (30) days of invoice receipt.

(b) Customer shall pay all undisputed amounts by the due date while the parties resolve the dispute in good faith.

6.6 Taxes

ILLINOIS-SPECIFIC PROVISION — SaaS TAXABILITY — COMPLEX:

(a) Illinois State Sales Tax. The Illinois Department of Revenue has determined that SaaS is not subject to Illinois state sales tax when the software is accessed remotely and no transfer of tangible personal property occurs. The Illinois state sales tax rate is 6.25%, with local taxes pushing combined rates higher, but these rates do not apply to SaaS at the state level.

(b) Chicago Personal Property Lease Transaction Tax (PPLTT) — CRITICAL. If Customer accesses or uses the SaaS Services from within the City of Chicago, the Chicago PPLTT may apply. Effective January 1, 2025, the PPLTT rate is eleven percent (11%). Chicago treats SaaS as the non-possessory lease of personal property when accessed or used within city limits. Provider and Customer shall determine whether:

☐ Customer's Authorized Users access the Services from Chicago — PPLTT applies at 11%
☐ Customer's Authorized Users do not access the Services from Chicago — PPLTT does not apply
☐ Mixed use — PPLTT applies proportionally based on Chicago usage

(c) Cook County Amusement Tax. Certain streaming and entertainment-related SaaS services may also be subject to the Cook County Amusement Tax. The parties should evaluate whether the Services fall within the scope of this tax.

(d) Tax Responsibility. All Fees are exclusive of taxes. Customer shall be responsible for all applicable taxes, including the Chicago PPLTT if applicable, except for taxes based on Provider's net income.

(e) Chicago PPLTT Registration. If the Chicago PPLTT applies, Provider must register with the Chicago Department of Finance to obtain the necessary tax permits before collecting or remitting the tax.

(f) Tax Indemnification. Customer shall indemnify Provider for any taxes, penalties, or interest assessed against Provider that are Customer's responsibility hereunder.

6.7 Fee Increases

(a) Fees for Renewal Terms may be increased by Provider upon at least sixty (60) days' written notice prior to the start of a Renewal Term.

(b) Annual fee increases shall not exceed [____]% (default: the greater of 5% or the Consumer Price Index increase for the preceding twelve months).

ARTICLE 7: INTELLECTUAL PROPERTY RIGHTS

7.1 Provider IP

Provider retains all right, title, and interest in and to the Services, Documentation, software, algorithms, interfaces, technology, and all Intellectual Property Rights therein. No rights are granted to Customer except as expressly set forth in this Agreement.

7.2 Customer IP

Customer retains all right, title, and interest in and to Customer Data and any pre-existing intellectual property of Customer. Provider acquires no Intellectual Property Rights in Customer Data.

7.3 Feedback

If Customer provides suggestions, enhancement requests, or other feedback regarding the Services ("Feedback"), Provider may use such Feedback without restriction or obligation. Customer hereby assigns to Provider all right, title, and interest in and to such Feedback.

7.4 Aggregated and De-Identified Data

Provider may collect and use aggregated, anonymized, and de-identified data derived from Customer's use of the Services for product improvement, benchmarking, and analytics, provided that such data does not identify Customer or any individual. Aggregated data shall not include Biometric Data or any data from which Biometric Data could be derived.

7.5 Third-Party Components

(a) The Services may incorporate Third-Party Components subject to separate license terms.

(b) Provider shall identify material Third-Party Components upon Customer's request.

ARTICLE 8: CONFIDENTIALITY

8.1 Obligations

ILLINOIS-SPECIFIC PROVISION: Each party (the "Receiving Party") shall: (a) hold the other party's (the "Disclosing Party's") Confidential Information in strict confidence using at least the same degree of care it uses to protect its own confidential information (but in no event less than reasonable care); (b) not disclose Confidential Information to third parties except as expressly permitted herein; and (c) use Confidential Information only to perform its obligations or exercise its rights under this Agreement. Claims for misappropriation of Trade Secrets shall be governed by the Illinois Trade Secrets Act (765 ILCS 1065/), which provides a five-year statute of limitations (765 ILCS 1065/7).

8.2 Permitted Disclosures

The Receiving Party may disclose Confidential Information to its employees, agents, contractors, and professional advisors who have a need to know and are bound by confidentiality obligations at least as protective as those herein.

8.3 Exclusions

Confidential Information does not include information that: (a) is or becomes publicly available without breach of this Agreement; (b) was known to the Receiving Party before disclosure; (c) is received from a third party without restriction; or (d) is independently developed without use of Confidential Information.

8.4 Required Disclosures

The Receiving Party may disclose Confidential Information if required by law, regulation, or legal process, provided that the Receiving Party: (a) gives prompt written notice to the Disclosing Party (to the extent legally permitted); (b) cooperates with the Disclosing Party's efforts to obtain a protective order; and (c) discloses only the minimum information required.

8.5 Return or Destruction

Upon termination or expiration of this Agreement, each party shall, at the Disclosing Party's election, return or destroy all Confidential Information, except for copies retained in automated backups (subject to continued confidentiality obligations) and copies required to be retained under Illinois law. Biometric Data shall be destroyed in accordance with BIPA retention schedules (740 ILCS 14/15(a)).

8.6 Injunctive Relief

Each party acknowledges that unauthorized disclosure of Confidential Information may cause irreparable harm for which monetary damages would be inadequate. Accordingly, either party may seek injunctive or equitable relief from any Illinois court of competent jurisdiction without the necessity of posting a bond, in addition to any other remedies available at law or in equity.

ARTICLE 9: REPRESENTATIONS AND WARRANTIES

9.1 Mutual Representations

Each party represents and warrants that:

(a) It is duly organized, validly existing, and in good standing under the laws of its state of formation;

(b) It has full power and authority to enter into this Agreement;

(d) Execution of this Agreement does not conflict with any other agreement or obligation.

9.2 Provider Warranties

Provider represents and warrants that:

(a) The Services will perform materially in accordance with the Documentation during the Subscription Term;

(b) The Services will be provided in a professional and workmanlike manner consistent with industry standards;

(d) The Services will not, at the time of delivery, contain any Malicious Code;

(e) Provider will comply with all applicable laws in performing its obligations, including Illinois data protection laws, BIPA, and the Illinois Personal Information Protection Act;

(f) Provider's security measures will be no less protective than industry-standard practices for cloud-based enterprise software; and

(g) If the Services collect Biometric Data, Provider has implemented a written BIPA compliance policy and has obtained all required consents and releases.

9.3 Customer Warranties

Customer represents and warrants that:

(a) Customer will use the Services in compliance with this Agreement and applicable law;

(b) Customer has all necessary rights to transmit Customer Data to Provider;

(d) If Customer uploads Biometric Data to the Services, Customer has obtained all required written releases from the data subjects in compliance with BIPA.

9.4 Warranty Disclaimer

ILLINOIS-SPECIFIC PROVISION: EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN THIS AGREEMENT, AND TO THE MAXIMUM EXTENT PERMITTED BY ILLINOIS LAW:

(a) PROVIDER MAKES NO OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

(b) THIS DISCLAIMER IS MADE IN ACCORDANCE WITH 810 ILCS 5/2-316, WHICH REQUIRES THAT ANY EXCLUSION OF THE IMPLIED WARRANTY OF MERCHANTABILITY MUST MENTION "MERCHANTABILITY" AND, IF IN WRITING, BE CONSPICUOUS. THIS DISCLAIMER IS SET FORTH IN CAPITALIZED TEXT TO SATISFY THE CONSPICUOUSNESS REQUIREMENT.

(c) TO EXCLUDE THE IMPLIED WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE, THE EXCLUSION MUST BE IN WRITING AND CONSPICUOUS UNDER 810 ILCS 5/2-316(2). THIS WRITTEN DISCLAIMER IN CAPITALIZED TEXT SATISFIES THAT REQUIREMENT.

(d) PROVIDER DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE, THAT ALL DEFECTS WILL BE CORRECTED, OR THAT THE SERVICES WILL MEET CUSTOMER'S SPECIFIC REQUIREMENTS BEYOND THOSE EXPRESSLY STATED IN THE DOCUMENTATION.

ARTICLE 10: INDEMNIFICATION

10.1 Provider Indemnification

Provider shall defend, indemnify, and hold harmless Customer and its officers, directors, employees, and agents from and against any third-party claims, losses, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from:

(a) IP Indemnity: Any allegation that Customer's use of the Services as permitted hereunder infringes or misappropriates any third party's Intellectual Property Rights;

(b) Data Breach Indemnity: Provider's failure to comply with its data security obligations hereunder, including obligations under the Illinois Personal Information Protection Act (815 ILCS 530/) and BIPA (740 ILCS 14/), resulting in a Security Breach or BIPA violation;

(c) BIPA Indemnity: Any claim that Provider's processing of Biometric Data violates BIPA, including claims for liquidated damages under 740 ILCS 14/20;

(d) General Indemnity: Provider's gross negligence or willful misconduct in performing its obligations; and

(e) Compliance Indemnity: Provider's violation of applicable Illinois law in performing the Services.

10.2 Customer Indemnification

Customer shall defend, indemnify, and hold harmless Provider and its officers, directors, employees, and agents from and against any third-party claims, losses, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from:

(a) Customer Data or its use infringing any third party's rights;

(b) Customer's use of the Services in violation of this Agreement or applicable law;

(d) Customer's gross negligence or willful misconduct.

10.3 Indemnification Procedures

(a) The indemnified party shall provide prompt written notice of any claim (provided that failure to give prompt notice shall not relieve the indemnifying party except to the extent prejudiced);

(b) The indemnifying party shall have sole control of the defense and settlement, provided it does not admit liability on behalf of the indemnified party;

(d) The indemnified party may participate in the defense at its own expense with counsel of its choice.

10.4 IP Indemnity Remedies

If the Services become, or in Provider's opinion are likely to become, the subject of an infringement claim, Provider may, at its option and expense: (a) procure the right for Customer to continue using the Services; (b) modify the Services to make them non-infringing while maintaining substantially equivalent functionality; or (c) if neither (a) nor (b) is commercially feasible, terminate the affected Order Form and refund prepaid Fees for the remaining Subscription Term.

ARTICLE 11: LIMITATION OF LIABILITY

11.1 Cap on Liability

ILLINOIS-SPECIFIC PROVISION: EXCEPT FOR EXCLUDED CLAIMS (DEFINED BELOW), EACH PARTY'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER DURING THE [____]-MONTH PERIOD (DEFAULT: TWELVE (12) MONTHS) PRECEDING THE EVENT GIVING RISE TO THE LIABILITY; OR (B) [________________________________] DOLLARS ($[____]).

11.2 Exclusion of Consequential Damages

EXCEPT FOR EXCLUDED CLAIMS, NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, REVENUE, GOODWILL, DATA, OR BUSINESS OPPORTUNITIES, REGARDLESS OF THE THEORY OF LIABILITY AND EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

11.3 Excluded Claims

The limitations in Sections 11.1 and 11.2 shall not apply to:

(a) Either party's indemnification obligations under Article 10;

(b) Provider's breach of its data security or data breach notification obligations under Article 5;

(d) Customer's obligation to pay Fees;

(e) Either party's gross negligence or willful misconduct;

(f) Provider's infringement of Customer's Intellectual Property Rights;

(g) BIPA Claims: Any liability arising from violations of the Illinois Biometric Information Privacy Act (740 ILCS 14/), including statutory liquidated damages; and

(h) Liability that cannot be limited under applicable Illinois law.

11.4 Illinois Enforceability Analysis

PRACTITIONER NOTE: Illinois courts generally enforce limitation of liability clauses in commercial agreements between sophisticated parties of comparable bargaining power. Under 810 ILCS 5/2-719, contractual modifications or limitations of remedy are permissible unless they are unconscionable. Illinois courts apply stricter scrutiny to limitation clauses than some jurisdictions. BIPA liability is a significant exposure that should be carefully addressed — BIPA provides statutory liquidated damages ($1,000 per negligent violation, $5,000 per intentional violation) and a private right of action that cannot be waived. Class action BIPA claims have resulted in settlements exceeding hundreds of millions of dollars. The Illinois ten-year statute of limitations for written contracts (735 ILCS 5/13-206) also applies. Practitioners should carefully evaluate BIPA exposure and consider whether BIPA liability should be excluded from the liability cap.

11.5 Essential Purpose

The parties acknowledge that the Fees reflect the allocation of risk set forth herein and that the limitations of liability are an essential element of the bargain between the parties. Each limitation and exclusion of liability shall apply even if the limited remedies provided herein fail of their essential purpose, to the extent permitted under Illinois law.

ARTICLE 12: TERM, RENEWAL, AND TERMINATION

12.1 Initial Term

This Agreement shall commence on the Effective Date and continue for the Initial Term specified in the Order Form:

☐ One (1) year
☐ Two (2) years
☐ Three (3) years
☐ Other: [________________________________]

12.2 Renewal

☐ Auto-Renewal: This Agreement shall automatically renew for successive Renewal Terms of [________________________________] each, unless either party provides written notice of non-renewal at least [____] days (default: sixty (60) days) prior to the end of the then-current term.

☐ Manual Renewal: This Agreement shall not renew automatically. Any renewal requires a new Order Form executed by both parties.

12.3 Termination for Cause

Either party may terminate this Agreement upon written notice if:

(a) The other party materially breaches this Agreement and fails to cure such breach within thirty (30) days after receiving written notice;

(b) The other party becomes insolvent, files for bankruptcy, or ceases operations; or

12.4 Termination for Convenience

☐ Either party may terminate this Agreement for convenience upon [____] days' written notice (default: ninety (90) days), subject to the following:

(a) Customer shall pay all Fees accrued through the effective date of termination;

(b) Provider shall refund prepaid Fees on a pro-rata basis for the unused portion of the Subscription Term; and

☐ Termination for convenience is not permitted.

12.5 Effects of Termination

Upon termination or expiration:

(a) Customer's right to access and use the Services shall immediately cease;

(b) Each party shall return or destroy the other's Confidential Information;

(d) Provider shall destroy all Biometric Data in accordance with BIPA retention schedules;

(e) All accrued payment obligations shall survive; and

(f) Provisions that by their nature should survive termination shall survive, including Articles 1, 5.1, 5.3, 7, 8, 9.4, 10, 11, 13, and 15.

ARTICLE 13: DATA PORTABILITY AND TRANSITION SERVICES

13.1 Data Export

Upon termination or expiration of this Agreement, Provider shall:

(a) Make Customer Data available for export in a standard, machine-readable format (e.g., CSV, JSON, XML, or SQL) for a period of [____] days (default: sixty (60) days) following the effective date of termination;

(b) Provide reasonable technical assistance for data migration at Provider's then-current Professional Services rates; and

(c) Permanently delete all Customer Data from Provider's systems within [____] days (default: ninety (90) days) after the export period, except as required by law or BIPA retention requirements.

13.2 Transition Services

Provider shall provide the following transition assistance:

☐ Standard Transition — Data export and basic documentation, included at no additional charge
☐ Extended Transition — Up to [____] hours of technical support for data migration at $[____]/hour
☐ Full Transition — Comprehensive migration support as specified in a transition SOW

13.3 Data Format

Provider shall export Customer Data in the following format(s):

☐ CSV (Comma-Separated Values)
☐ JSON (JavaScript Object Notation)
☐ XML (Extensible Markup Language)
☐ SQL database dump
☐ Provider's proprietary format with documentation
☐ Other: [________________________________]

13.4 Certification of Deletion

Upon completion of data deletion, Provider shall provide Customer with a written certification confirming that all Customer Data (including Biometric Data) has been securely deleted from Provider's systems, including backups, in accordance with NIST SP 800-88 or equivalent standard.

ARTICLE 14: INSURANCE REQUIREMENTS

14.1 Provider Insurance

Provider shall maintain throughout the Subscription Term, at its own expense, the following minimum insurance coverage:

Coverage Type	Minimum Limit
Commercial General Liability	$[________________________________] per occurrence / $[________________________________] aggregate
Professional Liability / E&O	$[________________________________] per claim / $[________________________________] aggregate
Cyber Liability / Technology E&O	$[________________________________] per claim / $[________________________________] aggregate
BIPA / Biometric Data Liability	$[________________________________] per claim / $[________________________________] aggregate
Workers' Compensation	Statutory limits as required by Illinois law
Employer's Liability	$[________________________________] per accident
Commercial Automobile Liability	$[________________________________] combined single limit
Umbrella / Excess Liability	$[________________________________] per occurrence

14.2 Insurance Requirements

(a) All insurance policies shall be issued by carriers rated A- VII or better by A.M. Best.

(b) Provider shall name Customer as an additional insured on the Commercial General Liability and Umbrella policies.

(c) Provider shall provide Customer with certificates of insurance upon request and at least thirty (30) days prior to any policy cancellation or material modification.

(d) Provider's insurance obligations shall not limit Provider's liability under this Agreement.

(e) BIPA Coverage: Cyber Liability or Technology E&O coverage should specifically include coverage for BIPA claims, as many standard policies exclude biometric data claims.

ARTICLE 15: DISPUTE RESOLUTION

15.1 Informal Resolution

The parties shall attempt to resolve any dispute arising out of or relating to this Agreement through good-faith negotiation between senior executives. Either party may initiate this process by written notice, and the executives shall meet (in person or by videoconference) within fifteen (15) business days.

15.2 Mediation

If the dispute is not resolved within thirty (30) days of the initial notice, either party may submit the dispute to non-binding mediation administered by:

☐ JAMS
☐ American Arbitration Association (AAA)
☐ Center for Conflict Resolution (Chicago)
☐ Other: [________________________________]

15.3 Arbitration (if selected)

☐ If mediation is unsuccessful, disputes shall be resolved by binding arbitration under the rules of [JAMS/AAA] in [________________________________], Illinois, before [one/three] arbitrator(s). The arbitrator's award shall be final and binding and may be entered in any court of competent jurisdiction.

☐ Arbitration is not elected; disputes shall proceed to litigation.

15.4 Litigation

If arbitration is not elected, disputes shall be resolved in the state or federal courts located in [________________________________] County, Illinois (default: Cook County). Each party irrevocably consents to the exclusive jurisdiction and venue of such courts.

15.5 Jury Waiver

ILLINOIS-SPECIFIC PROVISION: TO THE FULLEST EXTENT PERMITTED BY THE LAWS OF THE STATE OF ILLINOIS, EACH PARTY HEREBY KNOWINGLY, VOLUNTARILY, AND INTENTIONALLY WAIVES ANY RIGHT IT MAY HAVE TO A TRIAL BY JURY IN ANY LEGAL PROCEEDING ARISING OUT OF OR RELATING TO THIS AGREEMENT OR ANY TRANSACTION CONTEMPLATED HEREBY.

Practitioner Note: Illinois courts generally enforce contractual jury waivers in commercial agreements between sophisticated parties when the waiver is knowing, voluntary, and conspicuous. Over 80% of commercial contracts specifying Illinois as a forum include jury waiver provisions. Illinois applies stricter scrutiny than federal courts, evaluating the parties' bargaining sophistication, the prominence of the waiver, and the mutuality of the provision. To maximize enforceability, the waiver should be in all capitals, mutual, and acknowledged with separate initials.

☐ Provider acknowledges the jury waiver: Initials [____]
☐ Customer acknowledges the jury waiver: Initials [____]

15.6 Prevailing Party Attorneys' Fees

The prevailing party in any litigation or arbitration arising under this Agreement shall be entitled to recover its reasonable attorneys' fees and costs from the non-prevailing party.

15.7 Injunctive Relief

Nothing in this Article shall prevent either party from seeking injunctive or equitable relief from any court of competent jurisdiction at any time, including to protect its Confidential Information, Intellectual Property Rights, or Biometric Data under 740 ILCS 14/ and 765 ILCS 1065/.

ARTICLE 16: GENERAL PROVISIONS

16.1 Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the State of Illinois, without giving effect to any choice or conflict of law provision that would cause the application of the laws of any other jurisdiction. The Illinois Uniform Commercial Code (810 ILCS 5/) shall apply to the extent the transactions hereunder are deemed to involve the sale of goods.

16.2 Assignment

Neither party may assign this Agreement without the prior written consent of the other party, except that either party may assign this Agreement without consent to an Affiliate or in connection with a merger, acquisition, or sale of all or substantially all of its assets, provided the assignee agrees to be bound by this Agreement.

16.3 Illinois Freedom to Work Act Compliance

ILLINOIS-SPECIFIC PROVISION: To the extent this Agreement contains non-compete or non-solicitation provisions, the parties acknowledge compliance requirements under the Illinois Freedom to Work Act (820 ILCS 90/):

(a) Non-compete covenants are prohibited for employees earning less than $75,000 per year;

(b) Non-solicitation covenants are prohibited for employees earning less than $45,000 per year;

(c) The employer must advise the employee in writing to consult an attorney before signing and provide at least fourteen (14) calendar days to review; and

(d) Adequate consideration must support the restrictive covenant.

The non-solicitation provisions of Section 16.15 apply to the enterprise relationship between the parties and are not intended to restrict individual employee mobility in violation of the Freedom to Work Act.

16.4 Force Majeure

Neither party shall be liable for any delay or failure to perform due to causes beyond its reasonable control, including natural disasters, pandemics, war, terrorism, government actions, labor disputes, internet or utility failures, or cyberattacks. The affected party shall provide prompt notice and use reasonable efforts to mitigate the impact.

16.5 Notices

All notices under this Agreement shall be in writing and delivered by: (a) personal delivery; (b) nationally recognized overnight courier; (c) certified or registered mail, return receipt requested; or (d) email with confirmed receipt. Notices shall be deemed effective upon receipt.

If to Provider: [________________________________]
If to Customer: [________________________________]

16.6 Entire Agreement

This Agreement, together with all Order Forms, SOWs, and Exhibits, constitutes the entire agreement between the parties and supersedes all prior or contemporaneous agreements, representations, and understandings. No amendment shall be effective unless in writing and signed by both parties.

16.7 Severability

If any provision of this Agreement is held to be invalid or unenforceable by a court of competent jurisdiction in Illinois, the remaining provisions shall remain in full force and effect, and the invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable.

16.8 Waiver

No waiver of any provision shall be effective unless in writing. Failure to enforce any provision shall not constitute a waiver of future enforcement.

16.9 Independent Contractors

The parties are independent contractors. Nothing in this Agreement creates a partnership, joint venture, employment, or agency relationship.

16.10 Third-Party Beneficiaries

This Agreement is for the sole benefit of the parties and their permitted successors and assigns. No third party shall have any rights hereunder.

16.11 Counterparts and Electronic Signatures

This Agreement may be executed in counterparts, each of which shall be deemed an original. Electronic signatures shall be valid and enforceable pursuant to the Illinois Electronic Commerce Security Act (5 ILCS 175/).

16.12 Compliance with Illinois Law

Each party shall comply with all applicable Illinois laws and regulations in the performance of its obligations under this Agreement, including:

(a) Illinois Consumer Fraud and Deceptive Business Practices Act (815 ILCS 505/);

(b) Illinois Personal Information Protection Act (815 ILCS 530/);

(d) Illinois Trade Secrets Act (765 ILCS 1065/);

(e) Illinois Freedom to Work Act (820 ILCS 90/); and

(f) Chicago Personal Property Lease Transaction Tax (if applicable).

16.13 Export Compliance

Customer shall not export or re-export the Services in violation of U.S. export control laws, including the Export Administration Regulations (EAR) and sanctions administered by the Office of Foreign Assets Control (OFAC).

16.14 Anti-Corruption

Each party shall comply with all applicable anti-corruption and anti-bribery laws, including the Foreign Corrupt Practices Act (FCPA).

16.15 Non-Solicitation

During the Subscription Term and for a period of [____] months (default: twelve (12) months) thereafter, neither party shall directly solicit for employment any employee of the other party who was involved in the performance of this Agreement, without the other party's prior written consent. This provision shall be subject to the requirements and limitations of the Illinois Freedom to Work Act (820 ILCS 90/).

SIGNATURES

IN WITNESS WHEREOF, the parties have executed this Enterprise Software as a Service Agreement as of the Effective Date.

PROVIDER:

Field	Information
Signature	_________________________________________
Printed Name	[________________________________]
Title	[________________________________]
Date	[__/__/____]

CUSTOMER:

Field	Information
Signature	_________________________________________
Printed Name	[________________________________]
Title	[________________________________]
Date	[__/__/____]

☐ Provider has reviewed and agrees to all terms of this Agreement
☐ Customer has reviewed and agrees to all terms of this Agreement

EXHIBIT A: ORDER FORM

Order Form Number: [________________________________]
Order Date: [__/__/____]

Item	Description	Quantity	Unit Price	Total
SaaS Subscription	[________________________________]	[____]	$[________]	$[________]
Additional Users	[________________________________]	[____]	$[________]	$[________]
Professional Services	[________________________________]	[____] hrs	$[________]	$[________]
Training	[________________________________]	[____]	$[________]	$[________]
Premium Support	[________________________________]	[____]	$[________]	$[________]
Chicago PPLTT (if applicable)	11% on SaaS subscription	—	—	$[________]
Total				$[________]

Subscription Term: [________________________________]
Billing Frequency: ☐ Monthly ☐ Quarterly ☐ Annually
Payment Method: ☐ ACH ☐ Wire Transfer ☐ Credit Card ☐ Check

Customer Location: ☐ Chicago (PPLTT applies) ☐ Illinois outside Chicago ☐ Other

Special Terms: [________________________________]

EXHIBIT B: SERVICE LEVEL AGREEMENT (SLA)

B.1 Uptime Commitment

Metric	Target
Monthly Uptime	[____]%
Maximum Consecutive Downtime	[____] minutes
Planned Maintenance Window	[________________________________]
Maximum Monthly Maintenance	[____] hours

B.2 Response Times

Severity Level	Description	Response Time	Resolution Target
Critical (P1)	Service completely unavailable	[____] minutes	[____] hours
High (P2)	Major feature impaired, no workaround	[____] hours	[____] hours
Medium (P3)	Feature impaired, workaround available	[____] hours	[____] business days
Low (P4)	Minor issue or enhancement request	[____] business days	[____] business days

B.3 Performance Metrics

Metric	Target
Page Load Time	≤ [____] seconds
API Response Time	≤ [____] milliseconds
Data Processing Throughput	[________________________________]
Concurrent User Capacity	[____] users

EXHIBIT C: DATA PROCESSING AGREEMENT (DPA)

C.1 Scope

This DPA supplements the Agreement and governs Provider's processing of Customer Data that constitutes Personal Information or Biometric Data on behalf of Customer, in compliance with 815 ILCS 530/ and 740 ILCS 14/.

C.2 Roles

Role	Party
Data Controller	Customer
Data Processor	Provider

C.3 Processing Details

Element	Description
Subject Matter	Processing of Customer Data in connection with the SaaS Services
Duration	The Subscription Term plus the data export period
Nature and Purpose	Hosting, storage, processing, transmission, and retrieval of Customer Data
Types of Data	[________________________________]
Biometric Data Collected	☐ Yes (specify type): [________________________________] ☐ No
Categories of Individuals	[________________________________]

C.4 Provider Obligations as Processor

Provider shall:

(a) Process Customer Data only on documented instructions from Customer;

(b) Ensure that persons authorized to process Customer Data have committed to confidentiality;

(d) Engage sub-processors only with Customer's prior written consent and subject to equivalent data protection obligations;

(e) Assist Customer in ensuring compliance with data security and breach notification obligations under 815 ILCS 530/;

(f) If processing Biometric Data, comply with all BIPA requirements including retention, destruction, and consent obligations;

(g) At Customer's choice, delete or return all Customer Data upon termination; and

(h) Make available all information necessary to demonstrate compliance.

C.5 Sub-Processors

Provider's current sub-processors: [________________________________]

Provider shall notify Customer at least [____] days (default: thirty (30) days) before engaging a new sub-processor. Customer may object within [____] days, and if Provider cannot reasonably accommodate the objection, Customer may terminate the affected Order Form.

C.6 International Transfers

If Customer Data is transferred outside the United States, Provider shall ensure appropriate safeguards, including Standard Contractual Clauses or other approved transfer mechanisms.

EXHIBIT D: ACCEPTABLE USE POLICY (AUP)

D.1 Prohibited Uses

Customer and Authorized Users shall not use the Services to:

(a) Violate any applicable federal, state, or local law, including Illinois law;

(b) Collect Biometric Data without the required BIPA disclosures and written releases;

(d) Transmit Malicious Code or interfere with the Services;

(e) Attempt to gain unauthorized access to Provider's systems;

(f) Infringe any third party's Intellectual Property Rights;

(g) Engage in unauthorized data mining, scraping, or harvesting;

(h) Send unsolicited commercial communications in violation of applicable law; or

(i) Use the Services for competitive analysis or benchmarking without Provider's consent.

D.2 Enforcement

Provider may suspend access for AUP violations upon notice to Customer. Customer shall have [____] business days (default: five (5)) to cure the violation before suspension becomes effective, except in cases of imminent harm where immediate suspension is warranted.

PRACTITIONER NOTES — ILLINOIS-SPECIFIC GUIDANCE

Note 1: BIPA Compliance — Critical Risk

The Illinois Biometric Information Privacy Act (740 ILCS 14/) creates the most significant liability risk unique to Illinois SaaS agreements. Key considerations:
- BIPA provides a private right of action with liquidated damages ($1,000/negligent violation, $5,000/intentional or reckless violation) plus attorneys' fees
- Class action BIPA suits have produced settlements exceeding $650 million (e.g., Facebook settlement)
- SaaS platforms that use facial recognition, fingerprint scanning, voiceprint analysis, or similar biometric features must comply
- Written consent (which may now be obtained via electronic signature per 2024 amendment to Section 10) must be obtained before collecting Biometric Data
- A written retention and destruction policy must be maintained
- Insurance coverage for BIPA claims should be specifically confirmed, as many standard policies exclude biometric data claims
- Consider whether BIPA liability should be carved out of the limitation of liability cap entirely

Note 2: Chicago PPLTT — SaaS Tax

While Illinois state sales tax does not apply to SaaS, Chicago's Personal Property Lease Transaction Tax (PPLTT) applies to SaaS accessed from within Chicago at a rate of 11% (as of January 1, 2025). This is one of the highest SaaS-specific local taxes in the nation. Key compliance requirements:
- Provider must register with the Chicago Department of Finance
- Tax applies based on where the SaaS is accessed/used, not where the Provider is located
- If users access from both inside and outside Chicago, apportionment may be required
- The tax applies to B2B and B2C SaaS transactions
- Cook County may also impose its Amusement Tax on entertainment-related streaming services

Note 3: Interest Rate Limitations

The Illinois Interest Act (815 ILCS 205/) is unusually restrictive:
- Default rate (no agreement): 5% per annum (815 ILCS 205/2)
- Maximum contractual rate: 9% per annum (815 ILCS 205/4)
- Contracts exceeding 9% are void as to excess interest
- Judgment interest: 9% per annum
- The 9% cap is critical — a late payment interest rate of 1.5% per month (18% annualized) would violate Illinois law unless an exception applies

Note 4: Freedom to Work Act

The Illinois Freedom to Work Act (820 ILCS 90/) restricts non-compete and non-solicitation agreements:
- Non-competes prohibited for employees earning less than $75,000/year (increasing in 2027)
- Non-solicitation agreements prohibited for employees earning less than $45,000/year
- 14-day review period and written attorney consultation notice required
- While the Act primarily applies to employer-employee relationships, SaaS agreement non-solicitation provisions should be drafted to avoid triggering Freedom to Work Act scrutiny

Note 5: Trade Secrets

The Illinois Trade Secrets Act (765 ILCS 1065/) provides a five-year statute of limitations — longer than many states. The Act broadly defines trade secrets to include "technical or non-technical data, a formula, pattern, compilation, program, device, method, technique, drawing, process, financial data, or list of actual or potential customers or suppliers." SaaS providers should leverage this broad definition when protecting proprietary technology.

Note 6: Jury Waivers

Illinois courts generally enforce jury waivers in commercial agreements between sophisticated parties when the waiver is knowing, voluntary, and conspicuous. Over 80% of commercial contracts with Illinois choice of forum include jury waiver provisions. Best practices: mutual waiver, all-caps formatting, and separate initialing by both parties.

Note 7: 10-Year Written Contract SOL

Illinois provides a ten-year statute of limitations for written contracts under 735 ILCS 5/13-206, one of the longest in the nation. This creates extended exposure for breach of contract claims and should be considered when negotiating liability provisions.

This template is provided for informational purposes only and does not constitute legal advice. Consult a licensed Illinois attorney before executing this agreement. Illinois-specific provisions, particularly regarding BIPA compliance and Chicago PPLTT obligations, should be reviewed for compliance with current law.

Last updated: 2026-02-28

AI Legal Assistant