As a startup founder, speaking legalese is not likely your strong point. Here are a few pointers on how to tackle commercial agreements for your business.

By Charlotte Lewis Jones (Attorney & Contributing Writer, Women 2.0)

There is no shortcut for understanding the terms and potential risks of a legal contract. As a startup, if you’re fortunate enough to have the budget for an experienced attorney, then you’re in the minority.

But if you’re like most startups that focus on the product, marketing and user growth, you may need to tackle many of your initial commercial agreements on your own. These include agreements with both vendors and customers. While it may seem daunting to comb through legalese and unfamiliar concepts, if you’re resourceful, many of the smaller agreements are largely doable, particularly if the other party takes the lead on drafting the agreement.

Ultimately, when presented with a proposed agreement, you need to be able to:

  • Understand the substance of all terms given and identify those that are missing
  • Sniff out the terms that diminish those that benefit you
  • Run the proposed agreement through a risk calculator and make a final judgment as to whether or not the proposed agreement presents risks you’re willing to take

1. Clauses That Giveth

Understand what the other party to the agreement is giving and asking of you.

When gaining an understanding of the terms, Google search may be one of your greatest assets. All authority, however, is not created equal. When doing research, focus on credible sources such as law firm publications, articles and blogs of experienced attorneys and webcasts from law firms and law associations.

In addition to your own research, don’t be afraid to ask the other side as many questions as you need to. Often, people are afraid of looking unintelligent, so they avoid asking important questions about unfamiliar language in an agreement. Imagine how much less others will trust your judgment if you agree to egregious terms you could have avoided with a few questions.

For example, when asked to “represent” or “warrant” something you have not seen before, you may say, “Can you walk me through the scenario you’re hedging against? I’d like to understand the type and likelihood of the risk you’re asking that I take on.”

If the drafter cannot explain certain language, then it will be difficult for them to insist on keeping it in the contract. You would be surprised how many people use agreements they don’t understand, so don’t be afraid to push for clarification or the removal of certain language.

Understand what assurances are missing from the agreement.

Now, we get to the more difficult part: identifying what terms are missing. An experienced attorney will have an understanding of how things typically play out with respect to various business models, industries and relationships.

Without a budget for an attorney, resourcefulness will serve you well. Your goal is to understand what similar companies in similar situations agree and do not agree to. This will help you have a better understanding of what to look for in your agreements. In other words, if cloud companies typically offer certain promises in their agreements, you know you can try and secure the same promises in your agreement with a similar cloud company.

This assessment is often the most difficult because it not only requires experience, but also typically requires exposure to contracting around specific issues and knowing where the big ticket items are within an agreement (hint: they are usually located within sections labeled “Damages,” “Indemnities,” “Warranties,” and “Limitations of Liability”).

Create your clause wish list, and see how the proposed language measures up.

Take Frugal Founder Felicia, the founder of SaaSy Company, for example. Felicia does not have the budget for an experienced attorney, but she is smart and has decided to tackle her agreements on her own. Felicia has decided to hire cloud service company SalesHorse to provide a customer, business and employee management system to SaaSy Company.

Felicia has researched what similar cloud service companies promise in their agreements, focusing on various Terms of Use contracts on their websites. Armed with these “market” terms, Felicia wants some assurances as to the quality, security and maintenance of the service and maybe even reasonable access to live customer support. She has learned of peer companies securing such assurances, so she believes these are reasonable asks. Understanding this, she creates a checklist of these items and carefully reviews SalesHorse’s proposed agreement in search of them. She begins her search in the “Warranties” or “Representations and Warranties” section of the agreement (hint: always do a Ctrl+F search of the agreement for terms like “represent,” “warrant,” or “covenant” because important terms are not always where they should be). Finally, Felicia compares her checklist to the proposed agreement and notes what is missing.

2. Clauses That Taketh Away

Understand what is being excluded or “carved out” by the other party.  

Once you understand what assurances you should seek in an agreement, look out for additional language that chips away at them. This language is usually located within sections labeled “Damages,” “Warranties,” and “Limitations of Liability.”

Let’s say SaaSy Company hires hardware and software developer S’mores Code, and lucky for Felicia, they are willing to take a lead on the drafting. S’mores Code’s agreement states that S’mores Code “represents and warrants” that its work product “does not and will not infringe upon any third party’s intellectual property rights.” Felicia is pleased with this sentence, but she continues reading and discovers that the agreement also states within the “Limitations of Liability” section that, without exception, “in no event shall our liability to SaaSy Company or any third party exceed one times the fees paid by SaaSy Company.”

Suddenly, the value of the representation and warranty is diminished and provides SaaSy Company with less security than Felicia may have initially understood. This limitation of liability presents a significant risk to SaaSy Company because if SaaSy Company is sued for copyright or patent infringement because of S’mores Code’s infringing work product, S’mores Code can only be held responsible up to a certain amount of damages. If Felicia is hit with a million dollar claim and only spent three hundred thousand dollars on the agreement with S’mores Code, SaaSy Company might have to pay out of pocket the remaining seven hundred thousand dollars. Now, imagine if SaaSy Company later finds out that S’mores Code used copyleft open source code in the work product and compliance with the appropriate copyleft license would breach obligations to various third parties. The three hundred thousand dollars of “coverage” may not go very far, given the risk of intellectual property infringement by a development company.

Another common carve-out, or exception, that S’mores Code has included in its agreement is the exclusion of certain types of damages. Often, an agreement will exclude indirect, consequential, incidental and other damages. But if most of the potential harm in the event of a breach would likely be defined by a court as “indirect” and those damages have been excluded, then SaaSy Company is not sufficiently covered where it matters most. Felicia should try to get that language removed or create some exceptions.

Often, in response to these “exclusion” and “limitation of liability” clauses proposed by SalesHorse, you will find the infamous “carve-outs to the carve-outs” suggested by the other party. As such, there are several responses that SaaSy Company might have to S’mores Code’s language. Felicia may insist that the limitations of liability and exclusion of certain types of damages do not apply to third party infringement claims. Felicia may also try to significantly increase the liability limit to account for the risk of such claims.

Because many companies like S’mores Code will not always absorb as much risk as we would like, Felicia may ultimately come to a fairly common compromise, stating that for certain events, like suits alleging intentional intellectual property infringement, gross negligence, breaches of confidentiality, or intentional bad acts, there is no limitation on S’mores Code’s liability. For simple negligence or other breaches, S’mores Code may still cap their liability, but agree to a larger multiple of the fees received from the agreement.

3. Clauses that Alter the Risk Profile

Get out your risk calculator.

Once you have a clear understanding of the agreement, including all of its representations, warranties, exceptions, carve-outs and limitations, it’s time to assess the risk of the whole agreement.

To assess the risk of an agreement, you must:

  • A:  Determine the impact of an adverse event occurring
  • B: For each adverse event, make an informed guess about the likelihood of it occurring
  • C: Compare the sum of the product of A x B to the level of protection the proposed agreement provides

Risk: ∑ = (Impact of Adverse Events A-Z)  x  (Likelihood of Adverse Events A-Z Happening)

Determining the impact and likelihood of Adverse Events A – Z happening is a judgment call. Meet Stubborn Stephanie, Head of Operations for SalesHorse. Stephanie is one of the founders of SalesHorse, and now that she has come up with this great idea, she needs to protect the company from excessive liability. She refuses to be her customers’ “insurance policy” and is not willing to take on much liability for each customer.

SalesHorse hosts customer, employee and other proprietary information for thousands of companies, and one of the biggest risks it faces is being hacked and all of the proprietary information being compromised. Stephanie decides she should seriously consider the business and legal impact and likelihood of this adverse event.

If the public discovers that SalesHorse’s services have been hacked, Stephanie will likely have a PR nightmare on her hands, and she may lose customers. The legal impact depends on what is in her customer agreements. That is, of course, something she can try and mitigate. Stephanie can tighten up her agreements as much as possible by attempting to do some combination of the following (to name a few):

  • Limit her liability to a small multiple of fees or, even better, just the customer’s right to terminate the agreement
  • Exclude all but direct damages
  • Disallow customer carve-outs from limitations of liability and damages exclusions
  • Disclaim certain warranties (although in some jurisdictions, implied warranties may apply)
  • Limit the standard of care SalesHorse must employ in securing customer data
  • Require that customers maintain a certain amount and kind of business insurance

Of course, there’s a reason we call it a clause wish list. It’s rare that one side dictates all favorable terms unless they’re in the more leveraged position.

Once Stephanie understands the impact of a breach, the next consideration is the likelihood of her company being hacked. She creates a diligence-style checklist including questions such as:

  1. How secure are our technical, physical and administrative safeguards?
  2. Are our services encrypted?
  3. Do we have a significant compliance system in place whereby deficiencies can be detected and corrected quickly and privately?

Security breaches are difficult to predict because, even if you have gone above and beyond the industry standards, the internet is not 100 percent secure. In fact, Stephanie definitely wants to “disclaim any and all warranties with respect to the security of the internet.” Still, after gathering information, she, like all other companies, must make an educated guess.

Finally, Stephanie includes all of the terms she would like in a proposed agreement and submits it to her customers for consideration. Felicia receives the agreement and runs the terms through a risk calculator, identifying everything she would like the agreement to include and where it falls short.

Needless to say, Felicia has many responses to Stephanie’s clause wish list. When Stephanie receives edits, or counter-proposals, from Felicia, she then runs those suggestions through her risk calculator again. Both parties make note of significant deviations from terms acceptable to their respective companies and “market” terms within the industry among similar companies. For example, SalesHorse has a company policy of not agreeing to most favored nations (MFN) clauses, but Felicia insists on including the provision. Because this is against company policy, this triggers a red flag within Stephanie’s risk calculator. If there is a significant chance that SalesHorse will breach this provision or else risk losing out on potential profits from other customers, then Stephanie must make a decision to negotiate the language out or not sign the agreement with Felicia.


Upon a discerning review, certain contract language makes an initial statement a lot less meaningful to the untrained reviewer. If the words in all caps are not hint enough, pay close attention to language regarding limitations, disclaimers and exceptions. You will reap the rewards later if you take the extra time to thoughtfully review the not-so-boilerplate language that often leaves one party severely exposed or pursuing litigation.

Finally and most importantly, if you are not happy with the risks of a proposed agreement, it is time to negotiate!

What other advice do you have about legal contracts for startup entrepreneurs?