This is a question that comes up frequently in SaaS contract negotiations, and a common source of misunderstanding between vendors and customers. When the discussion turns to data generated through use of the service, confusion reigns: the customer assumes it owns that data, and the vendor considers it proprietary. So who is right?

Drawing the line: customer data vs usage data

The first step is to distinguish between the customer’s data and usage data.

Customer data is what the customer imports into the SaaS platform: documents, files, personal information, business records. Ownership is not in question — this data belongs to the customer.

Usage data, on the other hand, is derived data. It is generated by the operation of the platform itself: connection logs, feature adoption rates, error frequency, time spent on specific interfaces, aggregated statistics, navigation patterns. This data is not provided by the customer. It is captured by the system in the background.

Why usage data creates friction

Customers use the tool and often assume that everything generated during that use belongs to them. That is understandable, but it is not legally accurate. Usage data is not created by the customer — it is generated by the operation of the service.

From the vendor’s perspective, usage data is a valuable resource. It enables the vendor to understand how the platform is actually used, prioritise product development, detect issues, improve performance and build statistics that inform the product roadmap.

In practice, this data is not useful to the customer but is essential to the vendor. It forms a core part of the product improvement cycle. It is what makes the SaaS more stable, faster and more relevant over time.

The impact of the Data Act on usage data

The Data Act (Regulation (EU) 2023/2854), applicable from September 2025, introduces a right of access to data generated through the use of connected products and related services. While the regulation primarily targets IoT devices, its underlying rationale may by analogy reinforce customer expectations regarding access to certain categories of usage data in a SaaS context. It is therefore prudent to anticipate this development when drafting your contractual provisions. For further analysis, see my article on the Data Act and SaaS termination.

Restricting or sharing usage data?

Restricting access is not the answer. But the framework must be clear. The key principles are transparency and data protection.

A vendor cannot collect usage data without safeguards. The following rules should be observed:

  • Anonymisation: usage data must be processed in a way that does not identify any individual customer or person.
  • Aggregation: the data must be combined with data from other customers and cannot be used in isolation.
  • No direct commercial exploitation: the data must not be sold or used for prospecting without the customer’s consent.
  • Clear contractual disclosure: the customer must be informed that the vendor collects this data and for what purpose.

If these conditions are met, it is entirely legitimate for the vendor to process and retain rights over usage data.

What the SaaS agreement should include

A dedicated usage data clause should:

  • Define precisely which data is covered — customer data and usage data must not be conflated.
  • State the purpose of processing: technical improvement, statistical analysis, product development.
  • Ensure compliance with privacy requirements, including the GDPR and the principle of data minimisation.
  • Reassure the customer that no misuse will occur: no profiling, no commercial exploitation without authorisation.

The aim is not to give the vendor carte blanche, nor to deprive the customer of all control. It is to establish a clear, balanced framework that respects the interests of both parties. For an overview of the key provisions in a SaaS agreement, see the SaaS contracting guide.

Why this is a real contractual issue in SaaS

Data is a sensitive topic. A poorly drafted clause on usage data can become a barrier to signature. The customer needs assurance. The vendor needs flexibility. The right legal balance addresses both. A well-constructed clause prevents unnecessary friction, secures the vendor’s legal basis for collecting and processing usage data, protects the vendor’s reputation and strengthens customer trust. The vendor’s technical documentation can play a key role in demonstrating this transparency.

Conclusion

Beyond the question of ownership, it is transparency regarding the collection and use of this data that secures the commercial relationship. An agreement that clearly distinguishes customer data from usage data avoids friction precisely when the issue becomes most sensitive — in the event of an incident or termination. If you need to review your provisions on this point, book a call.

Other posts


Blog image
SaaS Exit Fees Under the Data Act: What You Can Challenge

The Data Act limits what SaaS vendors can charge when you switch providers. Permitted fees, prohibited charges, and the 2027 deadline explained.

Lire Plus
Blog image
How to Terminate a SaaS Agreement Under the Data Act: Practical Guide

Stuck in a SaaS contract your company no longer needs? The EU Data Act gives you a legal right to switch providers. Eligibility, process, and pitfalls.

Lire Plus

Let's build together to grow your business

Book a Call
Contact Me

I have been supporting software and SaaS companies for over 10 years, helping them structure their business, protect their intellectual property and strengthen their contracts.

Pacaud Avocat - Accueil
Pages
HomeServicesThe FirmPricesResourcesSaaS Contracting GuideTrademark Filing GuideContact Me
Services
IT AgreementsIntellectual PropertyE-CommerceFractional CLOTerminate my SaaS
Legal
Legal NoticePrivacy Policy
Consent Banner

Ourama - Website creation for lawyers