In the world of startups and the IT industry, the product is often developed much faster than the legal infrastructure that protects it. Teams first create prototypes, APIs, beta versions, functionalities, and user flows — and only when an investor, a major client, or a partner appears, they ask the question:
“Do we maybe need some kind of contract…?”
The answer is always the same:
Yes — you should have had it yesterday.
Contracts are not bureaucracy. They are a protective shield around your product, code, database, trade secrets, and the company’s reputation. Three documents form the foundation of every IT product and every SaaS service:
- NDA — Non-Disclosure Agreement
- Terms of Service (ToS) — Terms of Use
- Acceptable Use Policy (AUP) — Acceptable Use Policy
NDA (Non-Disclosure Agreement) — the first shield for your idea, code, and documentation. in IT
What is an NDA and why do you need it?
An NDA is the most basic document for every IT company. Its purpose is simple:
it prevents the other party from using or sharing the information they receive during discussions, collaboration, or integration.
In practice, startups most often use NDAs when:
- they present an early version of the product to an investor,
- they share API documentation with a potential partner,
- they hire a freelancer or an outsourcing agency,
- they grant access to the repo or the code,
- they conduct technical demonstrations (demo day, hackathon, pitch meeting),
- they send a wireframe, architecture, or technical description of the product.
Without an NDA, any information you share can be:
– used without permission,
– shared with third parties,
– implemented into someone else’s product,
– used competitively.
And the worst part: proving damage without an NDA is almost impossible.!
What must a good NDA include?
✔ A clear definition of confidential information
✔ Who is allowed to access the information
✔ The duration of the confidentiality obligation (usually 3–10 years)
✔ A prohibition on using the information for any purpose other than the agreed one
✔ A rule on destroying/returning the information
✔ Legal consequences of a breach
✔ Jurisdiction (recommendation: Serbia/EU)
✔ A prohibition on copying code, documentation, data, and algorithms
The most common mistakes developers and startup founders make when using NDAs
- Preuzmu generičan NDA sa interneta
- They don’t specify what exactly is confidential (e.g., “data,” “code”).
- Ne regulišu pristup zaposlenih outsourcing firme
- They don’t provide for compensation or a penalty clause.
- They think an NDA isn’t necessary because “everyone plays fair anyway.”
An NDA is the cheapest and easiest part of the legal protection for your product.
The mistake is that most people use it only after something goes wrong.
Terms of Service (ToS) — the most important contract of every SaaS product in IT
If you have a SaaS application, platform, mobile app, marketplace, API service, or any kind of digital product that users actively use — The Terms of Service are your most important legal document.
ToS is a contract between you and the usera contract between you and the user.
In practice, the ToS:
- protects your product,
- defines what the user may and may not do,
- sets the developer’s liability.
- prevents lawsuits due to system errors.
- regulates payments and refunds,
- gives you the legal basis to block a user.
Why is the ToS crucial for SaaS services?
1. It legally limits your liability
Downtime, a bug, an error in the code, a server crash — all are situations in which a client could claim damages if you don’t have a contract. The ToS protects you through:
- Limitation of Liability clauses
- Disclaimer clauses
- Error and outage rules
2. It allows you to suspend a user
Without a ToS, any account suspension can be legally risky.
3. It protects your intellectual property
The ToS clearly states that:
- code,
- design,
- architecture,
- brend,
- the content of the application
is your property and cannot be copied, reproduced, modified, or sold.
4. It regulates payment
The ToS introduces rules for:
- subscription models,
- automatic renewal,
- reundation,
- the billing currency,
- late payment fees.
5. It prevents misuse of the service
Users must know what is allowed and what is not — and you must have the legal basis to react.
What the ToS must include:
✔ The identity of the service provider
✔ Users’ rights and obligations
✔ The method of registration and account termination
✔ Rules for payment and refunds
✔ Protection of intellectual property
✔ Rules for API usage
✔ Rules on limitation of liability
✔ Rules on maintenance and updates
✔ An adopted AUP and Privacy Policy
✔ The right to modify the terms
✔ Jurisdiction
Acceptable Use Policy (AUP) — the rules that prevent system abuse
An AUP is a document that often “flies under the radar” for startups, yet it is actually crucial for SaaS and any digital service that allows:
- content uploads,
- the use of API calls,
- data generation
- connecting external services,
- using chat features,
- integrations with others.
While the ToS explains how the service works,
the AUP explains how the user MUST NOT use it.
Why do you need an AUP?
An AUP protects your company from:
- cyberattacks by users,
- spam and bot activity,
- illegal content,
- excessive resource usage,
- phishing and fraudulent activities,
- legal liability if a user does something illegal.
Without an AUP, a user who sends phishing messages can claim:
“Nowhere does it say that I’m not allowed to do that!”
And — they would be right.
What must an AUP cover
✔ Prohibited activities (spam, bots, scraping, phishing, malware distribution)
✔ Restrictions on API calls (rate limits)
✔ Use of servers and resources
✔ A prohibition on hosting illegal content
✔ A prohibition on excessive system load (abuse)
✔ The platform’s right to immediately suspend an account
✔ User behavior rules (for chat, comments, uploads)
Which documents do you need in which situation?
| Situation | Mandatory documents |
| Negotiations with an investor | NDA |
| You hire a freelancer | NDA + service agreement |
| You grant access to the code or the repository | NDA |
| launching a SaaS product | ToS + AUP + Privacy Policy |
| You work with EU data | Privacy Policy + DPA |
| You sell a software license | Licensing Agreement + ToS |
| You give API access | NDA + AUP + ToS |
| Beta testing | NDA + ToS |
5. What does a typical problem look like when these contracts are not prepared?
Problem 1: A freelancer steals part of the code
Without an NDA and an IP clause — you have no basis to demand removal or compensation.
Problem 2: A user misuses the SaaS service
If an AUP does not exist — you cannot suspend them without legal risk.
Problem 3: A client claims compensation for damages due to downtime
Without ToS with Limitation of Liability Without a limitation clause — you are liable for the full amount.
Problem 4: A partner shares your API documentation with a third party
Without an NDA — it is practically “allowed.”
6. How much does a mistake in legal protection cost?
Startups usually think they are “not big enough” for lawyers.
However:
- An error caused by 2 hours of downtime can cost more than the price of a complete ToS.
- Losing API code can stall a project for months.
- Abuse of the platform can lead to a police investigation or domain blocking.
- An investor may walk away if the documentation is not ready.
In practice, 80% of problems in the IT sector can be prevented with simple documents.
7. Conclusion — legal documentation is not a cost, but part of the product
A SaaS product is not just code.
This is a technical, business, and legal system.
NDA, ToS, and AUP are the foundation of that system because they enable:
- the protection of code and data,
- security of the platform,
- control over users.
- legal certainty.
- safe cooperation with investors and partners.
If you are developing a digital product, the best time to prepare these documents is:
before you send the first version to anyone.
English 
Serbian
Leave a Reply