Drafting of General Terms and Conditions of Sale (GTC)
Drafting of GTC adapted to your activity.
Drafting of General Terms of Use (GTU)
Drafting of the GTU adapted to your activity.
Privacy policy
Drafting of privacy policies adapted and in accordance with the GDPR.
Service contracts
Drafting and negotiating service contracts.
E-Commerce Consulting
I answer your questions specific to your online business.
Audit of your e-commerce site
Audit to verify the legal compliance of your e-commerce site.
Drafting and negotiating contracts
I assist you in drafting and negotiating contracts with your service providers.
Selling a SaaS product online means putting a full legal framework in place: terms and conditions, terms of use, a privacy policy, a cookie policy and legal notices. These documents are not mere formalities. They structure your relationship with your users, define your liabilities and determine whether your sales are legally valid.
The distinction between terms and conditions of sale and terms of use is often misunderstood by SaaS vendors. Put simply: terms of sale govern the commercial relationship (pricing, payment, duration, termination), while terms of use govern how the service may be used (access rights, restrictions, intellectual property, data).
For a SaaS product, these two documents need to work together — and in many cases can be combined. More importantly, they must reflect your actual sales process. A self-service SaaS, where clients sign up online and accept terms with a click, calls for different conditions than a SaaS sold through a signed proposal. Using the same document for both models is a common mistake that creates legal inconsistencies.
If your clients include individuals (B2C), the requirements become more demanding: a fourteen-day cooling-off period (Articles L.221-18 ff. of the French Consumer Code), a statutory conformity guarantee and mandatory mediation. In B2B, these rules do not apply — but clear terms remain essential to protect your revenue and limit disputes.
Every SaaS vendor that processes personal data on behalf of its clients acts as a data processor within the meaning of the GDPR. Article 28 of the regulation requires a data processing agreement (DPA) between the data controller (your client) and the processor (you). The DPA must specify the nature of the processing, the categories of data involved, the security measures in place and the conditions under which you engage sub-processors.
Your website’s privacy policy serves a different purpose: it informs your own users about how you collect and process their data. It must comply with Articles 13 and 14 GDPR and cover the identity of the controller, the purposes and legal bases for processing, retention periods and data-subject rights. The cookie policy — governed by the ePrivacy Directive and the CNIL’s guidelines — completes the picture by regulating the use of trackers on user devices.
In practice, the issues I flag most frequently in the SaaS products I audit are these. The legal notices required under Article 6 of the French Digital Economy Act (LCEN) are often incomplete or missing entirely on sites without a dedicated page. Payment-flow compliance — order confirmations, invoices, receipts — is seldom verified. And when a vendor sells its SaaS across multiple EU countries, the terms are almost never adapted to the local consumer-protection rules of each market.
I draft and audit these documents for SaaS vendors of all sizes, making sure they are both compliant and practical — readable by your users, not just by a lawyer. To discuss your needs, book a call.
Let's build together to grow your business
I have been supporting software and SaaS companies for over 10 years, helping them structure their business, protect their intellectual property and strengthen their contracts.
