SaaS Agreement - SMB (Connecticut)

Ready to Edit

SOFTWARE AS A SERVICE AGREEMENT (SMB)

STATE OF CONNECTICUT


TABLE OF CONTENTS

  1. Parties and Recitals
  2. Definitions
  3. Access Rights and Restrictions
  4. Service Levels and Support
  5. Customer Obligations
  6. Fees and Payment
  7. Data Protection, Security, and Connecticut Data Privacy Act Compliance
  8. Intellectual Property and Feedback
  9. Confidentiality
  10. Warranties and Disclaimers
  11. Indemnification
  12. Limitations of Liability
  13. Term, Renewal, and Termination
  14. Beta and Free Trials
  15. Compliance
  16. Governing Law and Dispute Resolution
  17. Miscellaneous
  18. Signature Blocks
  19. Attachments

1. PARTIES AND RECITALS

This Software as a Service Agreement ("Agreement") is entered into as of [__/__/____] ("Effective Date") by and between:

Provider:
Name: [________________________________]
State of Organization: [________________________________]
Principal Address: [________________________________]
Email for Notices: [________________________________]

("Provider")

AND

Customer:
Name: [________________________________]
State of Organization: [________________________________]
Principal Address: [________________________________]
Email for Notices: [________________________________]

("Customer")

Provider and Customer are each a "Party" and collectively the "Parties."

RECITALS

WHEREAS, Provider has developed and operates a cloud-based software application available on a subscription basis;

WHEREAS, Customer desires to access Provider's application for internal business operations;

WHEREAS, Provider is willing to grant access subject to this Agreement and the applicable Order Form(s);

WHEREAS, the Connecticut Data Privacy Act (Conn. Gen. Stat. § 42-515 et seq.) establishes personal data privacy rights for Connecticut residents and imposes obligations on controllers and processors, and the Parties desire to ensure compliance;

WHEREAS, this Agreement shall be governed by the laws of the State of Connecticut;

NOW, THEREFORE, in consideration of the mutual covenants and for good and valuable consideration, the Parties agree as follows:


2. DEFINITIONS

2.1 "Affiliate" means any entity controlling, controlled by, or under common control with a Party (control = >50% voting interest).

2.2 "Acceptable Use Policy" or "AUP" means Provider's AUP in Attachment E.

2.3 "Authorized Users" means Customer's employees, contractors, and agents authorized to access the SaaS Platform, subject to Usage Limits.

2.4 "Business Day" means any day other than a Saturday, Sunday, or Connecticut state holiday.

2.5 "Confidential Information" means all non-public information designated or reasonably understood as confidential, including trade secrets, business plans, financial data, technical data, source code, algorithms, and Agreement terms.

2.6 "Consumer" means a Connecticut resident acting in an individual or household context, as defined under the CTDPA (Conn. Gen. Stat. § 42-515).

2.7 "Controller" means a person that determines the purposes and means of processing Personal Data, as defined under the CTDPA.

2.8 "Customer Data" means all electronic data submitted to the SaaS Platform by or on behalf of Customer, including Personal Data.

2.9 "Data Processing Addendum" or "DPA" means the data processing terms in Attachment D.

2.10 "Data Protection Assessment" means an assessment required under the CTDPA for processing that presents a heightened risk of harm.

2.11 "Documentation" means Provider's user guides, help resources, and specifications.

2.12 "Downtime" means unavailability excluding Scheduled Maintenance, emergency maintenance, and Force Majeure.

2.13 "Effective Date" means the date in the preamble.

2.14 "Fees" means all amounts payable by Customer.

2.15 "Force Majeure Event" means events beyond reasonable control, including acts of God, fire, flood, hurricane, earthquake, epidemic, pandemic, war, terrorism, government action, labor dispute, internet failure, power outage, or telecommunications failure.

2.16 "Intellectual Property" or "IP" means all patents, copyrights, trademarks, trade secrets, know-how, and other IP rights.

2.17 "Malware" means any virus, worm, Trojan horse, ransomware, spyware, or malicious code.

2.18 "Order Form" means each ordering document referencing this Agreement.

2.19 "Personal Data" means information linked or reasonably linkable to an identified or identifiable individual, as defined under the CTDPA and Conn. Gen. Stat. § 36a-701b.

2.20 "Processor" means a person that processes Personal Data on behalf of a Controller, as defined under the CTDPA.

2.21 "SaaS Platform" or "Service" means the cloud-based application(s) identified in the Order Form.

2.22 "Scheduled Maintenance" means routine maintenance during the designated window per the SLA.

2.23 "Sensitive Data" means Personal Data revealing racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life or sexual orientation, citizenship or immigration status, genetic or biometric data processed for identification, Personal Data of a known child, or precise geolocation data, as defined under the CTDPA.

2.24 "Service Level Agreement" or "SLA" means the commitments in Attachment B.

2.25 "Subscription Term" means the initial and renewal periods in the Order Form.

2.26 "Support" means technical support per the Support Policy (Attachment C).

2.27 "Updates" means bug fixes, patches, and releases available at no additional charge.

2.28 "Usage Limits" means the limits in the Order Form.


3. ACCESS RIGHTS AND RESTRICTIONS

3.1 License Grant

Subject to compliance and payment of Fees, Provider grants Customer a non-exclusive, non-transferable, non-sublicensable right to access and use the SaaS Platform during the Subscription Term for internal business purposes, per the Documentation and Usage Limits.

3.2 Authorized Users

(a) Unique credentials per user; no sharing.

(b) Customer responsible for Authorized User actions and compliance.

(c) Prompt deactivation of former Authorized Users.

3.3 Usage Limits

Excess usage may be charged or require an amended Order Form.

3.4 Restrictions

Customer shall not:

(a) Copy, modify, adapt, or create derivative works of the SaaS Platform;

(b) Reverse engineer, except as permitted by Connecticut or federal law;

(c) Sublicense, lease, rent, sell, or transfer access;

(d) Use for third-party benefit (service bureau, outsourcing, time-sharing);

(e) Remove proprietary notices;

(f) Interfere with or disrupt the SaaS Platform;

(g) Attempt unauthorized access;

(h) Transmit Malware or violate the AUP;

(i) Store infringing, defamatory, or unlawful content;

(j) Publish benchmarking results without consent;

(k) Allow competitor access where legally permissible to restrict.

3.5 API Access

Per Documentation and API terms. Provider may impose rate limits.

3.6 Third-Party Integrations

Customer assumes all risk. Provider has no liability for third-party applications.


4. SERVICE LEVELS AND SUPPORT

4.1 Uptime Commitment

Provider shall use commercially reasonable efforts to maintain [____]% monthly uptime (the "Uptime Target"), excluding Scheduled Maintenance and Force Majeure.

4.2 Uptime Measurement

Monthly uptime = ((Total Minutes - Downtime Minutes) / Total Minutes) x 100.

4.3 SLA Credits

Monthly Uptime Percentage Credit (% of Monthly Fees)
Below [____]% but at or above [____]% [____]%
Below [____]% but at or above [____]% [____]%
Below [____]% [____]%

Credits requested within thirty (30) days, applied to future Fees, capped at the affected month's Fees. SLA credits are Customer's sole remedy unless chronic failure triggers termination rights.

4.4 Support Services

Severity Description Response Time
Severity 1 - Critical Platform unavailable or core function inoperable [____] hours
Severity 2 - High Significant impairment, no workaround [____] hours
Severity 3 - Medium Impairment with workaround [____] Business Days
Severity 4 - Low Minor issue or inquiry [____] Business Days

Support Hours: [________________________________]
Support Channels: [________________________________]

4.5 Scheduled Maintenance

Window: [________________________________] (e.g., Sundays 2:00 AM - 6:00 AM ET). At least [____] hours' notice. Emergency maintenance with best-efforts notice.


5. CUSTOMER OBLIGATIONS

5.1 Account Security

Credential confidentiality, MFA where available, prompt notification of unauthorized access.

5.2 Acceptable Use

Compliance with AUP and all applicable laws, including the Connecticut Unfair Trade Practices Act (Conn. Gen. Stat. § 42-110b).

5.3 Data Accuracy

Accurate, lawful data with all necessary rights and consents.

5.4 Cooperation

Timely responses, system access, and designated primary contact.

5.5 System Requirements

Maintain per Documentation requirements.

5.6 Compliance with Laws

Customer shall comply with all applicable laws, including the CTDPA to the extent Customer is a Controller.


6. FEES AND PAYMENT

6.1 Subscription Fees

Per Order Form, invoiced:

☐ Annually in advance
☐ Quarterly in advance
☐ Monthly in advance

6.2 Usage-Based Fees

Overages at Order Form rates with usage reports.

6.3 Professional Services Fees

Per statement of work or Order Form.

6.4 Invoicing and Payment

(a) Invoiced per Order Form frequency.

(b) Due within [____] days of invoice date.

(c) In United States dollars.

(d) Non-refundable except as stated.

6.5 Late Payment

(a) Interest at [____]% per month (or [____]% per annum), or the maximum permitted by Connecticut law, whichever is less.

(b) Connecticut Interest Rate Provisions: Under Conn. Gen. Stat. § 37-4, the general usury limit is twelve percent (12%) per annum. However, under Conn. Gen. Stat. § 37-9, the twelve percent cap does not apply to: (i) loans made by state or federal banks or credit unions; (ii) any mortgage over $5,000; or (iii) any business loan over $10,000. For commercial SaaS agreements where the outstanding obligations exceed $10,000, the parties may agree to a higher rate. If the exemption under § 37-9 applies, the parties may contract for any lawful rate. The late payment interest rate herein shall not exceed the maximum lawful rate under Connecticut law.

(c) Reasonable collection costs, including attorneys' fees.

6.6 Taxes

(a) All Fees are exclusive of taxes. Customer is responsible for applicable taxes except taxes on Provider's net income.

(b) Connecticut SaaS Tax Note: Connecticut imposes sales tax on SaaS. The applicable rate depends on the nature of use:

  • SaaS used for non-business purposes (personal, household): taxed at the standard rate of 6.35% as a digital good.
  • SaaS used for business purposes: may qualify as "computer and data processing services" and be taxed at a reduced rate of 1% under Conn. Gen. Stat. § 12-407.
    Customer shall inform Provider of the applicable use classification. Provider shall collect and remit the appropriate tax rate. Customer shall provide a valid exemption certificate if applicable.

(c) If Provider is required to collect taxes, they shall be included on invoices.

6.7 Price Increases

At least [____] days' notice before renewal. Increase not to exceed [____]% unless agreed.

6.8 Disputed Invoices

Disputes within [____] days. Undisputed amounts due on time. Resolution within thirty (30) days. No suspension for good-faith disputes if undisputed amounts are paid.


7. DATA PROTECTION, SECURITY, AND CONNECTICUT DATA PRIVACY ACT COMPLIANCE

7.1 Security Safeguards

Provider shall implement administrative, technical, and physical safeguards, including:

(a) Encryption in transit (TLS 1.2+) and at rest (AES-256 or equivalent);

(b) Role-based access controls with least-privilege and MFA;

(c) Regular vulnerability assessments and penetration testing;

(d) Intrusion detection and prevention;

(e) Audit logging and monitoring;

(f) Employee background checks and security training;

(g) Physical data center security;

(h) Incident response and disaster recovery plans.

7.2 Compliance Certifications

☐ SOC 2 Type II
☐ ISO 27001
☐ Other: [________________________________]

7.3 Data Breach Notification - Connecticut Requirements

(a) Provider shall notify Customer of any confirmed Security Breach without unreasonable delay and no later than [____] hours after determination.

(b) Connecticut Data Breach Notification Law (Conn. Gen. Stat. § 36a-701b): Notice to affected Connecticut residents must be provided without unreasonable delay and no later than sixty (60) days from discovery of the breach. Notice to the Connecticut Attorney General must be provided no later than when residents are notified.

(c) Identity Theft Prevention Services: The entity that owns or licenses the data must offer each affected resident whose Personal Data was breached appropriate identity theft prevention services and, if applicable, identity theft mitigation services at no cost for a period of not less than two (2) years.

(d) Enforcement: Failure to comply constitutes a violation of the Connecticut Unfair Trade Practices Act (CUTPA) (Conn. Gen. Stat. § 42-110b), exposing the violator to CUTPA enforcement actions and remedies.

(e) Provider shall cooperate with Customer in investigating, mitigating, and complying with all notification and identity theft service obligations.

(f) Notification content shall include: (i) description of breach; (ii) types of data involved; (iii) estimated individuals affected; (iv) measures taken; and (v) contact information.

7.4 Connecticut Data Privacy Act (CTDPA) Compliance

This Section 7.4 applies to the extent the SaaS Platform processes Personal Data of Connecticut Consumers subject to the Connecticut Data Privacy Act (Conn. Gen. Stat. § 42-515 et seq.).

7.4.1 CTDPA Applicability

The CTDPA applies to persons conducting business in Connecticut or producing products or services targeted to Connecticut residents that: (a) during the preceding calendar year, controlled or processed Personal Data of at least 35,000 Consumers (excluding data controlled or processed solely for payment transactions); or (b) controlled or processed Personal Data of Consumers and derived revenue from the sale of Personal Data.

7.4.2 Roles and Obligations

(a) Where Customer determines the purposes and means of processing Personal Data, Customer is the Controller and Provider is the Processor.

(b) As a Processor, Provider shall:

  • Process Personal Data only on documented instructions from Customer;
  • Ensure confidentiality obligations for all persons processing data;
  • Delete or return Personal Data at the end of the service period, at Customer's choice;
  • Make information available to demonstrate compliance;
  • Allow and cooperate with reasonable assessments by Customer or an independent assessor.

(c) Provider shall not: (i) combine Personal Data obtained from Customer with data from other sources or its own interactions with Consumers, except as directed by Customer; or (ii) process Personal Data for purposes other than performing services under this Agreement.

7.4.3 Consumer Rights Facilitation

(a) The CTDPA grants Connecticut Consumers the following rights:

  • Right to Access: Confirm processing and access Personal Data;
  • Right to Correction: Correct inaccuracies;
  • Right to Deletion: Request deletion of Personal Data;
  • Right to Data Portability: Obtain data in a portable, readily usable format;
  • Right to Opt-Out of: (i) sale of Personal Data; (ii) targeted advertising; and (iii) profiling in furtherance of decisions producing legal or similarly significant effects;
  • Right to Know Profiling: Consumers have the right to know whether a Controller is engaging in profiling and, if feasible, to challenge profiling results and understand the reasoning behind profiling decisions.

(b) Provider shall assist Customer in responding to Consumer rights requests in a timely manner. Provider shall implement technical and organizational measures to facilitate Customer's ability to search, export, correct, and delete Personal Data.

(c) Response Timeline: Controllers must respond to Consumer rights requests within forty-five (45) days, with one forty-five (45) day extension if reasonably necessary, with notice.

7.4.4 Universal Opt-Out Mechanism

(a) Effective January 1, 2025, all Controllers subject to the CTDPA must honor opt-out preference signals sent by Consumers, including the Global Privacy Control (GPC) signal.

(b) To the extent Provider operates consumer-facing components on behalf of Customer, Provider shall implement technical capabilities to detect and honor universal opt-out signals and communicate opt-out status to Customer.

7.4.5 Data Protection Assessments

(a) Under the CTDPA, Controllers must conduct and document Data Protection Assessments for processing activities that present a heightened risk of harm, including: (i) targeted advertising; (ii) sale of Personal Data; (iii) profiling with risk of unfair treatment, financial or physical injury, or other substantial injury; and (iv) processing Sensitive Data.

(b) Provider shall cooperate with Customer in conducting Data Protection Assessments by providing information about processing activities, safeguards, and technical measures.

(c) Provider shall inform Customer if any instruction may violate the CTDPA.

7.4.6 Sensitive Data

(a) Processing of Sensitive Data requires the Consumer's consent. Customer warrants that it has obtained such consent before instructing Provider to process Sensitive Data.

(b) Provider shall implement heightened security safeguards for Sensitive Data.

7.4.7 Minors' Data Protections

(a) Under the CTDPA, Controllers are categorically prohibited from processing minors' (under 18) Personal Data for targeted advertising or sale, regardless of whether consent is obtained.

(b) The CTDPA prohibits the use of system design features that significantly increase, sustain, or extend a minor's use of an online service, product, or feature ("dark patterns").

(c) If the SaaS Platform may process data of known minors, Provider shall implement safeguards to prevent processing of minors' data for targeted advertising or sale and shall not employ dark patterns.

7.4.8 AI and Algorithmic Decision-Making (Effective July 1, 2026)

(a) Recent amendments to the CTDPA, effective July 1, 2026, impose additional requirements on businesses deploying AI and algorithmic decision-making tools, including: (i) public disclosures regarding the use of algorithmic decision-making; (ii) data protection impact assessments for AI deployments; and (iii) enhanced profiling disclosures.

(b) To the extent the SaaS Platform incorporates AI or algorithmic decision-making features, Provider shall: (i) provide Customer with information sufficient for Customer to make required public disclosures; (ii) cooperate with Customer's data protection impact assessments for AI features; and (iii) implement mechanisms for Consumers to challenge profiling decisions as required by law.

7.4.9 CTDPA Enforcement

(a) The CTDPA is enforced exclusively by the Connecticut Attorney General. There is no private right of action.

(b) Violations constitute unfair trade practices under CUTPA (Conn. Gen. Stat. § 42-110b), subjecting violators to CUTPA remedies.

(c) The Attorney General may issue a notice of violation and provide a sixty (60) day cure period before bringing an enforcement action (note: this cure provision may be subject to legislative amendment).

7.5 Data Processing

Provider shall process Customer Data only per documented instructions and this Agreement.

7.6 Sub-Processors

(a) General authorization with: (i) current sub-processor list; (ii) [____] days' prior notice; (iii) equivalent contractual protections.

(b) Objection within [____] days; termination right if unresolved.

7.7 Data Location

Customer Data stored in the United States unless otherwise agreed.

7.8 Incident Response

Annual testing of incident response plan. Post-incident findings shared upon request.


8. INTELLECTUAL PROPERTY AND FEEDBACK

8.1 Provider Intellectual Property

Provider retains all rights in the SaaS Platform, Documentation, and related IP.

8.2 Customer Intellectual Property

Customer retains all rights in Customer Data.

8.3 Usage Data

Provider may use aggregated, anonymized Usage Data for product improvement, provided it cannot identify Customer or any individual.

8.4 Feedback

Customer grants Provider a royalty-free, perpetual, irrevocable, worldwide license to use Feedback.

8.5 No Implied Rights

No rights except as expressly stated.


9. CONFIDENTIALITY

9.1 Confidentiality Obligations

For [____] years after termination: strict confidence, no unauthorized disclosure, use only for Agreement purposes, reasonable care.

9.2 Permitted Disclosures

Employees, contractors, and advisors with need to know, bound by comparable obligations.

9.3 Exclusions

Public information, prior possession, independent development, lawful third-party receipt.

9.4 Compelled Disclosure

Prompt notice (if permitted), cooperation for protective orders, limited disclosure.

9.5 Trade Secrets - Connecticut Law

(a) The Connecticut Uniform Trade Secrets Act (Conn. Gen. Stat. § 35-50 et seq.) protects trade secrets, with an expanded definition that includes drawings, cost data, and customer lists. Connecticut does not have a criminal trade secrets statute.

(b) Confidentiality obligations for trade secrets continue as long as the information qualifies as a trade secret, regardless of the time-limited period in Section 9.1.

(c) Under Conn. Gen. Stat. § 35-53, a court may award damages for actual loss and unjust enrichment. If willful and malicious misappropriation is shown, exemplary damages not exceeding twice the award may be imposed. Attorneys' fees may be awarded under § 35-54. The statute of limitations is three (3) years from discovery.

9.6 Return or Destruction

Return or destroy upon termination or request, with certification. One archival copy for legal purposes.


10. WARRANTIES AND DISCLAIMERS

10.1 Provider Warranties

(a) Conformance: SaaS Platform materially conforms to Documentation;

(b) Professional Services: Professional and workmanlike;

(c) No Malware: Commercially reasonable efforts;

(d) Authority: Full power and authority;

(e) Non-Infringement: To Provider's knowledge, no infringement;

(f) Compliance: Provider shall comply with applicable laws including the CTDPA and Conn. Gen. Stat. § 36a-701b;

(g) CTDPA Compliance: Provider shall process Personal Data in compliance with the CTDPA as a Processor.

10.2 Customer Warranties

(a) Full power and authority;

(b) Lawful use and no infringement;

(c) All necessary consents, including CTDPA-required consents for Sensitive Data.

10.3 Warranty Remedies

Provider shall correct or provide a workaround within [____] days; if not, Customer may terminate and receive a pro-rata refund.

10.4 Disclaimer

EXCEPT AS EXPRESSLY STATED, AND TO THE MAXIMUM EXTENT PERMITTED BY CONNECTICUT LAW INCLUDING THE UCC (CONN. GEN. STAT. § 42a-2-101 ET SEQ.), THE SAAS PLATFORM IS PROVIDED "AS IS." PROVIDER DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

10.5 Consumer Protection Carve-Out

Nothing herein shall waive rights under the Connecticut Unfair Trade Practices Act (CUTPA) (Conn. Gen. Stat. § 42-110b) to the extent they cannot be waived by contract. CUTPA prohibits unfair methods of competition and unfair or deceptive acts or practices in trade or commerce. Connecticut courts apply a three-part test: (1) whether the practice offends public policy; (2) whether it is immoral, unethical, oppressive, or unscrupulous; and (3) whether it causes substantial injury to consumers or other businesspersons.


11. INDEMNIFICATION

11.1 Provider IP Indemnity

Provider shall indemnify Customer Indemnitees from third-party IP infringement Claims and pay damages, costs, and reasonable attorneys' fees.

11.2 Exclusions

No obligation for Claims from: (a) Customer Data; (b) unauthorized modifications; (c) combination with non-Provider products; (d) superseded versions; or (e) Agreement violations.

11.3 Remedies

Provider may: (a) procure continued use rights; (b) modify to non-infringing; or (c) terminate and refund.

11.4 Customer Indemnification

Customer indemnifies Provider Indemnitees from Claims arising from Customer Data, AUP violations, breach, or law violations.

11.5 Procedure

Prompt notice, sole defense control, cooperation, no settlement without consent.

11.6 Sole Remedy

Exclusive remedy for described Claims.


12. LIMITATIONS OF LIABILITY

12.1 Liability Cap

EACH PARTY'S AGGREGATE LIABILITY SHALL NOT EXCEED THE FEES PAID OR PAYABLE DURING THE [____]-MONTH PERIOD PRECEDING THE EVENT (EXCEPT CARVE-OUTS).

12.2 Consequential Damages Exclusion

NO INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING LOST PROFITS, REVENUE, GOODWILL, OR DATA (EXCEPT CARVE-OUTS).

12.3 Carve-Outs

(a) Indemnification (Section 11);

(b) Confidentiality breach (Section 9);

(c) Willful misconduct or gross negligence;

(d) Payment obligations;

(e) Data security and breach obligations, including identity theft services under Conn. Gen. Stat. § 36a-701b;

(f) CTDPA violations to the extent liability cannot be limited;

(g) Any liability that cannot be limited under Connecticut law.

12.4 Essential Purpose

Limitations apply even if a remedy fails. They reflect a fair allocation of risk.

12.5 Connecticut Law

Applied to the fullest extent permitted by Connecticut law.


13. TERM, RENEWAL, AND TERMINATION

13.1 Agreement Term

Commences on the Effective Date and continues until all Order Forms expire or terminate.

13.2 Renewal

Auto-renewal for equal periods unless [____] days' written non-renewal notice.

13.3 Termination for Convenience

[____] days' notice. Customer pays accrued Fees.

13.4 Termination for Cause

(a) Material breach uncured within [____] days ([____] for payment);

(b) Bankruptcy not dismissed within sixty (60) days;

(c) Cessation of business.

13.5 Suspension

Upon [____] days' notice for: (i) non-payment; (ii) AUP violation or security risk; (iii) legal requirement. Limited in scope; restored upon cure.

13.6 Effect of Termination

(a) Access ceases; (b) Accrued Fees payable; (c) Confidential Information returned or destroyed; (d) Customer Data export for [____] days, then deletion per DPA and CTDPA requirements.

13.7 Survival

Sections 2, 6 (accrued), 7.3, 7.4, 8, 9, 10.4, 11, 12, 13.6, 13.7, 16, and 17 survive.


14. BETA AND FREE TRIALS

14.1 Trial Access

Trial Services for evaluation only.

14.2 Trial Terms

"AS IS" without warranty, SLA, indemnity, or support. May be discontinued at any time.

14.3 Data Handling

Trial data may be deleted unless converted to paid subscription. CTDPA data deletion obligations apply regardless.

14.4 Feedback

Subject to Section 8.4.


15. COMPLIANCE

15.1 AUP

Compliance with Attachment E.

15.2 Export Controls and Sanctions

Compliance with EAR and ITAR. No access from sanctioned countries or by restricted parties.

15.3 Anti-Corruption

FCPA compliance. No facilitation payments. Accurate records.

15.4 Accessibility

Commercially reasonable efforts for Section 508 and WCAG 2.1 Level AA compliance.

15.5 Connecticut Regulatory Requirements

Customer is responsible for Connecticut industry-specific regulatory requirements. Provider shall cooperate with any Connecticut regulatory audit or inquiry to the extent required by law.


16. GOVERNING LAW AND DISPUTE RESOLUTION

16.1 Governing Law

Laws of the State of Connecticut, without conflicts of law principles.

16.2 Venue

State courts of Hartford County, Connecticut, or the United States District Court for the District of Connecticut (Hartford). Each Party consents to jurisdiction and venue.

16.3 Escalation

(a) Operational contacts meet within ten (10) Business Days;

(b) Executive escalation if unresolved within twenty (20) Business Days;

(c) Optional mediation in Hartford, Connecticut, with shared costs.

16.4 Jury Waiver

Connecticut courts have held that express commercial contractual jury trial waivers entered into prior to litigation are presumptively enforceable, in accordance with public policy favoring freedom of contract and efficient dispute resolution. The party seeking to avoid the waiver bears the burden of showing it clearly did not intend to waive. Connecticut courts consider: (1) conspicuousness of the waiver; (2) whether parties were represented by counsel; (3) gross disparity in bargaining power; (4) business experience of the opposing party; and (5) opportunity to negotiate terms.

TO THE FULLEST EXTENT PERMITTED BY CONNECTICUT LAW, EACH PARTY KNOWINGLY, VOLUNTARILY, AND IRREVOCABLY WAIVES ANY RIGHT TO JURY TRIAL IN ANY ACTION ARISING OUT OF OR RELATING TO THIS AGREEMENT. EACH PARTY CONFIRMS THAT THIS WAIVER IS CONSPICUOUSLY SET FORTH, EACH PARTY HAS HAD THE OPPORTUNITY TO CONSULT COUNSEL, AND EACH PARTY MAKES THIS WAIVER FREELY AND WITH FULL UNDERSTANDING.

16.5 Attorneys' Fees

Prevailing Party recovers reasonable attorneys' fees and costs.

16.6 Injunctive Relief

Either Party may seek injunctive relief to prevent irreparable harm or enforce Sections 3, 8, or 9, without bond or proof of actual damages.


17. MISCELLANEOUS

17.1 Assignment

No assignment without consent (not unreasonably withheld); permitted to Affiliates or successors. Void if in violation.

17.2 Subcontracting

Permitted; Provider remains responsible.

17.3 Notices

Written, deemed given: (a) upon personal delivery; (b) one (1) Business Day after overnight courier; (c) three (3) Business Days after certified mail; or (d) upon confirmed email receipt.

17.4 Force Majeure

No liability for delay due to Force Majeure (except payment). Prompt notice, mitigation, and resumption. Termination if exceeding [____] days.

17.5 Order of Precedence

(highest to lowest): (a) DPA / Security Addendum; (b) Main Agreement; (c) Order Form; (d) SLA; (e) Support Policy; (f) AUP.

17.6 Severability

Invalid provisions modified to minimum extent; remainder continues.

17.7 Amendments

Written, signed by both Parties.

17.8 Waiver

Failure to enforce is not a waiver.

17.9 Entire Agreement

This Agreement and all attachments supersede all prior agreements.

17.10 Counterparts

May be executed in counterparts.

17.11 Electronic Signatures

Valid under the Connecticut Uniform Electronic Transactions Act (Conn. Gen. Stat. § 1-266 et seq.), effective since October 1, 2002, and the federal E-SIGN Act (15 U.S.C. § 7001 et seq.). Under Conn. Gen. Stat. § 1-272, a record or signature shall not be denied legal effect solely because it is in electronic form.

17.12 Headings

For convenience only.

17.13 Third-Party Beneficiaries

None.

17.14 Relationship of the Parties

Independent contractors. No partnership, joint venture, agency, or employment.

17.15 Publicity

No use without consent; Provider may include Customer in customer list.

17.16 Construction

Fair construction, not against drafter. "Including" means "including, without limitation."


18. SIGNATURE BLOCKS

IN WITNESS WHEREOF, the Parties execute this Agreement as of the Effective Date.

PROVIDER:

Signature _________________________________
Printed Name _________________________________
Title _________________________________
Date [__/__/____]
Email _________________________________

CUSTOMER:

Signature _________________________________
Printed Name _________________________________
Title _________________________________
Date [__/__/____]
Email _________________________________

19. ATTACHMENTS

  • Attachment A: Order Form
  • Attachment B: Service Level Agreement (SLA)
  • Attachment C: Support Policy
  • Attachment D: Data Processing Addendum (DPA) / Security Addendum
  • Attachment E: Acceptable Use Policy (AUP)

ATTACHMENT A: ORDER FORM (TEMPLATE)

Field Details
Order Form Number [________________________________]
Effective Date [__/__/____]
SaaS Platform / Product [________________________________]
Subscription Term [________________________________]
Auto-Renewal ☐ Yes ☐ No
Renewal Term Length [________________________________]
Non-Renewal Notice Period [____] days
Number of Authorized Users [____]
Storage Limit [________________________________]
API Call Limit [________________________________]
Subscription Fees $[____] per [________________________________]
Usage-Based Fee Rate $[____] per [________________________________]
Billing Frequency ☐ Annual ☐ Quarterly ☐ Monthly
Payment Terms Net [____] days
SaaS Use Classification ☐ Business Use (1% tax) ☐ Non-Business Use (6.35% tax)
Provider Notice Address [________________________________]
Customer Notice Address [________________________________]
Customer Primary Contact [________________________________]
CTDPA Controller/Processor Roles ☐ Customer is Controller / Provider is Processor
Special Terms [________________________________]

ATTACHMENT B: SERVICE LEVEL AGREEMENT (TEMPLATE)

1. Uptime Target: [____]%

2. Measurement Period: Calendar month

3. Exclusions: Scheduled Maintenance, Force Majeure, Customer-caused outages

4. SLA Credit Table:

Monthly Uptime Credit
[____]% - [____]% [____]% of monthly Fees
[____]% - [____]% [____]% of monthly Fees
Below [____]% [____]% of monthly Fees

5. Credit Request: Written within 30 days

6. Maximum Credit: 100% of monthly Fees

7. Chronic Failure: Below [____]% for [____] months triggers termination


ATTACHMENT C: SUPPORT POLICY (OUTLINE)

1. Support Hours: [________________________________]

2. Support Channels: [________________________________]

3. Severity and Response: (See Section 4.4)

4. Escalation: Levels 1-4

5. Maintenance: [________________________________]


ATTACHMENT D: DATA PROCESSING ADDENDUM (SUMMARY)

1. Scope: Processing of Personal Data by Provider (Processor) on behalf of Customer (Controller)

2. CTDPA Roles: Customer = Controller; Provider = Processor

3. Processing Instructions: Per Agreement and documented instructions

4. Security: Section 7.1

5. Sub-Processors: Section 7.6

6. Breach Notification: Section 7.3 (60-day CT timeline; 2-year identity theft services)

7. Consumer Rights: Provider shall assist Customer per Section 7.4.3

8. Data Protection Assessments: Provider shall cooperate per Section 7.4.5

9. Data Deletion/Return: Section 13.6

10. Universal Opt-Out: Section 7.4.4 (GPC compliance)

11. Minors' Data: Section 7.4.7 (no targeted advertising or sale of minors' data)

12. AI and Algorithmic Decision-Making: Section 7.4.8 (effective July 1, 2026)

13. CTDPA Compliance: Conn. Gen. Stat. § 42-515 et seq.


ATTACHMENT E: ACCEPTABLE USE POLICY (OUTLINE)

1. Prohibited Activities:

  • Unauthorized access or interference
  • Malware distribution
  • Unsolicited communications
  • Law violations
  • Third-party rights infringement

2. Content Standards:

  • No unlawful, defamatory, obscene, or harmful content
  • No IP-infringing content
  • No privacy violations
  • No dark patterns targeting minors

3. Resource Usage:

  • No excessive consumption
  • No unauthorized data extraction

4. Enforcement:

  • Suspension with notice and cure
  • Repeated violations may result in termination

This template is provided for informational purposes only and does not constitute legal advice. Legal counsel licensed in Connecticut should review and customize this Agreement before execution. The CTDPA is subject to ongoing legislative amendments (including July 1, 2026 AI provisions) -- verify all provisions and citations are current before use.

Ezel AI
Hi! Want this done for you? Tell me your situation and I'll fill in every section and tailor it to your state.
You get the finished Word & PDF in about 5 minutes. $99 one time for this document, or $249/mo for access to every document and every Ezel app. Want me to start?
AI Legal Assistant
Ezel AI
Hi! Want this done for you? Tell me your situation and I'll fill in every section and tailor it to your state.
You get the finished Word & PDF in about 5 minutes. $99 one time for this document, or $249/mo for access to every document and every Ezel app. Want me to start?

Insert Image

Insert Table

Watch Ezel in action (sample case)

All changes saved
Save
Export
Export as DOCX
Export as PDF
Generating PDF...
saas_agreement_smb_ct.pdf
Ready to export as PDF or Word
AI is editing...
Chat
Review

Get your finished document

Filled in for your situation. Drafting from scratch takes hours; finish yours in about 5 minutes for $99 one time.

  • Deep Legal Knowledge
    Understands case law, statutes, and legal doctrine specific to Connecticut.
  • Court-Ready Formatting
    Proper captions and local-rule compliance.
  • AI-Powered Editing
    Tailor every section to your case.
  • Export as PDF & Word
    Ready to file or send.
Secure checkout via Stripe
Need to customize this document?

About This Template

A contract is a written record of what two or more parties agreed to and what happens if someone does not follow through. Clear language, defined terms, and clean signature blocks keep disputes small and enforceable. The most common mistakes in contracts come from vague promises, missing details about timing or payment, and skipping standard protective clauses like governing law and dispute resolution.

Important Notice

This template is provided for informational purposes. It is not legal advice. We recommend having an attorney review any legal document before signing, especially for high-value or complex matters.

Last updated: July 2026

Get your SaaS Agreement - SMB (Connecticut), done and ready to use

Fill it in for your situation, adjust it for your state, and download the finished Word and PDF. Let the AI do it in about 5 minutes, or finish it yourself in the editor. $99 one time, or go Pro for access to every document and every Ezel app.