SaaS Acceptable Use Policy

SaaS apps that allow user interaction or the creation of user-generated content are great ways to build your brand and create a community for your users around that brand.

But when you have users using your service or SaaS app, especially if they can interact with others, setting out an Acceptable Use Policy of some kind is very important.

Acceptable Use Policy

An Acceptable Use Policy allows you, the company, to set clear expectations of what kind of behaviour is okay, as well as allowing you to ban or suspend accounts that infringe the policy or act in a destructive way towards you or towards other users.

You can either create an entire standalone Acceptable Use Policy focused on acceptable use cases or just include a clause in your current Terms and Conditions agreement (also known as Terms of Use or Terms of Service).

Whichever you choose, let's take a look at what you'll need to cover.

Here's an example of an Acceptable Use clause within the Terms of Service of InVision:

Acceptable Use from InVision Terms of Service

You can see that the clause from InVision is very broad and very strict. Not all policies need to be written in this way. Many businesses are now ensuring that their legal terms are written in plain language.

Let's take a look at some more examples.

Acceptable Behaviour

The first thing your clause should lay out clearly is what kind of behaviour is acceptable.

For example, you could outline that you want your users to "play nice" and be respectful towards each other. This sets the tone that respectful and considerate behaviour is the foundation upon which everyone should operate.

If your Acceptable Use Policy or specific clause is written in clear, simple terms, your users are more likely to understand it and pay attention.

Let's take a look at some of the unacceptable behaviour that you'll also want to cover in your policy.

Unacceptable Behaviour

This clause is a little trickier, as you need to be clear on what you don't allow while being broad enough to capture unanticipated situations that are not acceptable.

If you keep your Acceptable Use Policy too narrow, you may end up with situations in which users are interfering with the performance of your service or the ability of other users to use it, but you have no legal ability to terminate their account.

It's up to you whether you want to include both acceptable and unacceptable behaviour in your policy or clause, but whatever you decide to do ensure that your wording is clear and unambiguous.

Some SaaS apps may be involved in highly regulated industries, and their Acceptable Use Policies may need to touch on industry legislation and standards.

For example, at Twilio, their service (a SaaS app) allows voice chat, call recording, SMS, MMS, video calling, and phone number lookup among other things. This means that they need to ensure their users don't infringe CAN-SPAM, the Telephone Consumer Protection Act, and the Do-Not-Call Implementation Act.

Compliance with these pieces of legislation is reflected in the Acceptable Use Policy of Twilio:

Screenshot of Twilio Acceptable Use Policy

You can also see that Twilio covers off industry standards, third-party policies, and guidelines published by the Mobile Marketing Association and other industry associations.

If your SaaS is in the healthcare or medical industry or is targeted at children, you'll also have particularly rigorous legal standards that you (and your customers) will need to comply with.

If your app allows users to share content with others or post content publicly, you'll also need to clearly set out what types of content are prohibited.

Here's an example from the Acceptable Use Policy of Pinterest:

Screenshot of Pinterest Acceptable Use Policy

Finally, all SaaS apps are likely to want to prohibit any conduct that disrupts the app or the service completely. Here's an example from the Acceptable Use Policy of Atlassian:

Screenshot of Atlassian Acceptable Use Policy

You can see that they disallow anything that compromises the integrity of the system, tampering, and using bots to send significant numbers of requests to the server (DDoSing).

If any users are found engaging in this type of behaviour, Atlassian reserves the right to permanently or temporarily terminate or suspend a user's account or access to the services without notice or liability.

This leads into our next point: consequences in the case of a breach.

Consequences for breaching

The next clause that you need to include is a clause for setting out what the response will be if an account is misusing the app or the service or breaching your terms of acceptable and unacceptable use.

It's common practice to include a "Suspension" or "Termination" clause where you can stop providing your services to a user at any point if they breach your terms or are disruptive to other users.

Here is an example from Confirmit's Acceptable Use Policy for their Confirmit Horizons solution:

Confirmit: Consequences Clause Screenshot

The main thing you want to cover is that you can cancel the agreement or remove any offending content that the user has uploaded onto your service. You should also make sure that you reserve the right to bring legal action in any case, which sets out that you are serious about offending behaviour and that breaches of your agreement will not be tolerated.

No matter what you decide to include in your policy, you should make sure that your policy is personalised and tailored for your app.

Covering off acceptable and unacceptable use for your app is simple, straightforward, and a very important part of managing your users' interactions with each other and your app. By setting out clearly what kind of behaviour is acceptable, and what the consequences will be for unacceptable behaviour, you are more likely to have users who comply.

Or, if your users aren't complying, you can terminate their account and abilities to use the app. This protects you, your app, and your other users.