Free Word download β’ Edit online β’ Save & share with Drive β’ Export to PDF
A White Label SaaS Agreement is a legally binding contract between a software-as-a-service provider (the licensor) and a reseller or partner (the licensee) that grants the reseller the right to rebrand the provider's platform and offer it to end customers as their own product. Unlike a standard SaaS subscription, this agreement governs a three-party commercial relationship β it sets the rules for how the platform may be presented, priced, supported, and ultimately terminated across the entire distribution chain. Core provisions cover the scope of the license grant, permitted branding customizations, IP ownership, SLA commitments, data processing responsibilities, fee structures, and what happens to end-customer data if the relationship ends.
Operating a white-label SaaS arrangement without a signed agreement exposes both the licensor and reseller to serious commercial and legal risk. The licensor loses control over how its platform is represented in the market β a reseller making unsupported claims to end customers can create warranty and fraud liability that flows back to the licensor. The reseller, meanwhile, has no contractual guarantee of uptime, no right to export end-customer data on termination, and no IP indemnification if the platform turns out to infringe a third-party patent. Regulators in the EU, UK, and Canada treat an unsigned data processing arrangement as a per-se GDPR violation, regardless of whether any breach occurred. This template closes all four gaps in a single structured document, giving both parties a clear record of their obligations before a single end customer is onboarded.
| If your situation is⦠| Use this template |
|---|---|
| Granting a reseller the right to sell but not rebrand the software | SaaS Reseller Agreement |
| Licensing software for a single end-user deployment, no resale | Software License Agreement |
| Engaging a development firm to build a custom SaaS product | Software Development Agreement |
| Allowing API access and integration without full white-labeling | API License Agreement |
| Partnering with a distributor across multiple territories | Master Distribution Agreement |
| White-labeling a SaaS tool as part of a broader franchise system | Franchise Agreement |
| Licensing SaaS to a single enterprise under a negotiated custom deal | Enterprise SaaS Agreement |
Why it matters: Without defined limits, the reseller may use the licensor's UI in ways that damage the brand, confuse end customers, or violate the licensor's own trademark registrations.
Fix: Attach a Schedule A at signing that specifies permitted logo placements, required disclaimers, restricted color changes, and any features that must retain the licensor's name.
Why it matters: Ambiguity about whether net revenue is calculated before or after refunds, chargebacks, taxes, and payment processor fees creates recurring fee disputes that are expensive to resolve.
Fix: Define 'Net Revenue' in the definitions section with a precise formula, and require the reseller to provide itemized monthly statements showing each deduction.
Why it matters: If the agreement is terminated β for any reason β and the reseller cannot retrieve end-customer data, it cannot migrate those customers and may face breach claims from them.
Fix: Include a minimum 30-day data export window after termination, specify the export format (CSV, JSON, or API), and state that the licensor will not delete data until the window closes.
Why it matters: Under GDPR, UK GDPR, and most US state privacy laws, operating without a signed DPA between the data controller and processor exposes both parties to regulatory penalties β even if there is no breach.
Fix: Attach the DPA as Schedule C at the time of execution, not as a follow-up. If either party's end customers are in the EU or UK, this is non-negotiable.
Why it matters: If the licensor's platform infringes a third-party patent or trademark, the resulting litigation cost can far exceed the total contract value β a symmetric cap leaves the reseller unprotected.
Fix: Carve out IP infringement indemnification from the overall liability cap, and require the licensor to carry commercial general liability and E&O insurance with minimum coverage limits.
Why it matters: A reseller with access to the platform's architecture, API documentation, and customer use-case data is well positioned to build a competing product β without an explicit prohibition, there is no contractual barrier.
Fix: Include a clause prohibiting the reseller from using knowledge gained through the agreement to develop or fund a substantially similar competing SaaS product during the term and for 12β24 months after termination.
In plain language: Defines precisely what the reseller is permitted to do with the software β rebrand it, deploy it to end customers, and customize the interface β and what requires prior written approval.
Licensor hereby grants to Licensee a non-exclusive, non-transferable, revocable license to access and use the Platform solely to offer white-labeled services to End Customers under Licensee's brand, subject to the Branding Guidelines attached as Schedule A.
Common mistake: Granting a license without attaching a branding guidelines schedule. Without defined limits on logo placement, color changes, and feature renaming, the licensor loses control over how its product appears in the market.
In plain language: Lists what the reseller may and may not do β prohibiting reverse engineering, sublicensing beyond end customers, or using the platform for competing services.
Licensee shall not: (a) reverse engineer or decompile the Platform; (b) sublicense the Platform to any party other than End Customers; (c) use the Platform to develop a competing product; or (d) remove or alter any proprietary notices embedded in the software.
Common mistake: Omitting a prohibition on using the platform to build a competing product. Without this restriction, a reseller can study the platform's architecture and use the relationship to launch a competing service.
In plain language: States the pricing model β flat monthly fee, per-seat fee, or revenue share percentage β payment due dates, invoicing terms, and late-payment consequences.
Licensee shall pay Licensor a monthly platform fee of $[AMOUNT] plus [X]% of Net Revenue collected from End Customers, due within [15] days after month-end. Overdue amounts accrue interest at [1.5]% per month.
Common mistake: Failing to define 'Net Revenue' precisely. Ambiguity about whether net revenue is calculated before or after chargebacks, refunds, taxes, and payment-processing fees routinely triggers fee disputes.
In plain language: Commits the licensor to a minimum uptime percentage, defines response and resolution time targets by severity, and assigns support responsibilities between the licensor and reseller.
Licensor guarantees Platform availability of [99.9]% per calendar month, excluding scheduled maintenance. Licensor shall respond to Severity-1 incidents within [1] hour. Licensee is solely responsible for first-level support to End Customers.
Common mistake: Leaving the support split undefined. If the agreement does not specify that the reseller handles first-level support and the licensor handles second-level, end customers contact both parties simultaneously, creating confusion and doubling incident load.
In plain language: Confirms that all rights in the underlying software, algorithms, and infrastructure remain with the licensor. Any customizations or derivative works are addressed explicitly.
All right, title, and interest in the Platform, including all modifications, updates, and derivative works β except Licensee's trademarks applied as permitted herein β are and shall remain the exclusive property of Licensor.
Common mistake: No clause addressing who owns customizations the licensor builds at the reseller's request. Without this, the reseller may claim joint ownership of features they paid to have developed.
In plain language: Requires both parties to protect each other's non-public information β pricing, roadmaps, end-customer data, and technical architecture β during and after the agreement.
Each party agrees to keep the other's Confidential Information strictly confidential and not to disclose it to any third party without prior written consent. This obligation survives termination for a period of [3] years.
Common mistake: Using a confidentiality clause that expires on termination. Pricing structures, customer lists, and platform architecture remain sensitive long after the relationship ends β a post-termination survival period of 2β5 years is standard.
In plain language: Defines how personal data collected through the platform is processed, who is the data controller versus processor, required security standards, and breach notification obligations.
To the extent the Platform processes Personal Data of End Customers, Licensor acts as a data processor on behalf of Licensee as data controller. Licensor shall implement [SOC 2 Type II / ISO 27001] controls and notify Licensee of any confirmed breach within [72] hours of discovery.
Common mistake: Treating the DPA as optional or deferring it to a later addendum. Under GDPR and many US state privacy laws, operating without a signed DPA exposes the reseller to regulatory fines regardless of which party experienced the breach.
In plain language: Sets the initial contract term, renewal mechanism, grounds for early termination (with and without cause), and what happens to end-customer accounts and data at termination.
This Agreement commences on [START DATE] and continues for [12] months, renewing automatically for successive [12]-month terms unless either party provides [60] days' written notice of non-renewal. Upon termination, Licensor shall provide Licensee with a [30]-day data export window before permanently deleting End Customer data.
Common mistake: No data export or transition period on termination. Without a contractual right to retrieve end-customer data, the reseller cannot migrate customers to an alternative platform β exposing the reseller to breach claims from those customers.
In plain language: Caps each party's financial exposure, excludes consequential and indirect damages, and defines who indemnifies whom for IP infringement, data breaches, and end-customer claims.
Licensor's total cumulative liability under this Agreement shall not exceed the fees paid by Licensee in the [12] months preceding the claim. Licensor shall indemnify Licensee against third-party claims that the Platform infringes any third-party IP. Licensee shall indemnify Licensor against claims arising from Licensee's marketing representations to End Customers.
Common mistake: Symmetric liability caps that fail to account for the risk asymmetry. A data breach affecting thousands of end customers can exceed the total contract value β licensor IP indemnification and uncapped data-breach liability are frequently carved out of the overall cap in negotiated agreements.
Enter the licensor's and licensee's full legal entity names, states or countries of incorporation, and registered addresses. Write a precise one-paragraph description of the platform being licensed β name, core function, and any excluded modules.
π‘ Attach a Schedule B listing excluded features or modules to prevent disputes about what was actually licensed.
Specify whether the license is exclusive or non-exclusive, the territories covered, and the exact branding customizations permitted β logo replacement, color palette, custom domain, and feature renaming. Attach branding guidelines as Schedule A.
π‘ Exclusive territory licenses command higher fees but restrict the licensor from signing competing partners in the same market β price accordingly.
Choose a fee model β flat monthly fee, per-seat pricing, or revenue share β and define all terms precisely: gross vs. net revenue, payment due date, invoicing cycle, and late-fee rate.
π‘ For revenue-share models, require monthly self-reported revenue statements from the reseller with an annual audit right to verify accuracy.
Enter the guaranteed uptime percentage, scheduled maintenance window (e.g., Sundays 2β4 AM UTC), incident severity tiers, and response/resolution times. Assign first-, second-, and third-level support responsibilities explicitly.
π‘ SLA credits β e.g., 10% of monthly fee for each hour of Severity-1 downtime β give the reseller meaningful contractual leverage without exposing the licensor to unlimited liability.
Confirm that all core platform IP remains with the licensor. If the licensor will build custom features at the reseller's request, specify in a development addendum whether those features are exclusive, jointly owned, or licensor-owned with a royalty-free license back.
π‘ Custom features built for one reseller often benefit the whole product roadmap β licensor-owned with a perpetual license back is the most commercially efficient arrangement.
Identify who is the data controller and who is the data processor for end-customer personal data. Specify the security standard the licensor must maintain, the breach notification timeline, and whether a separate DPA is attached as Schedule C.
π‘ If any end customers are in the EU or UK, a GDPR-compliant DPA is not optional β attach it at execution, not after the relationship is live.
Set the initial term, auto-renewal notice period, and both for-cause and no-cause termination rights. Include the end-customer data export window and any post-termination restrictions on the reseller soliciting licensor's direct customers.
π‘ A 60-day non-renewal notice is standard; shorter windows favor the reseller, longer windows favor the licensor. Consider which party has more leverage in the negotiation.
Both parties must sign before the reseller onboards any end customers. Post-launch execution creates fresh-consideration risk and leaves early customers without contractual protection.
π‘ Use a timestamped e-signature tool and store the fully executed copy in a secure document repository accessible to both parties' legal teams.
A white label SaaS agreement is a contract between a software provider and a reseller that grants the reseller the right to rebrand the provider's platform and sell it to end customers as their own product. It governs the license scope, branding permissions, fees, SLA commitments, IP ownership, data handling, and termination rights. It is distinct from a standard SaaS subscription agreement because it explicitly addresses rebranding rights and the three-party relationship among licensor, reseller, and end customer.
Any SaaS company that allows partners, agencies, or resellers to deploy its platform under a different brand needs one β and so does the reseller. Agencies that bundle a white-labeled tool into their service offering, managed service providers who resell rebranded software, and enterprises that license a platform to offer internally under a custom name all require a signed white label SaaS agreement before going live with end users.
A SaaS reseller agreement allows a partner to sell the software to end customers but typically under the licensor's own brand and name. A white label SaaS agreement goes further β it grants the right to remove the licensor's branding entirely and replace it with the reseller's own. White label agreements carry more IP, trademark, and quality-control provisions because the licensor's product is being presented to end customers as someone else's.
Yes, in most cases. If the platform processes any personal data belonging to end customers β and virtually all SaaS platforms do β a Data Processing Agreement is required under GDPR for EU-based users, UK GDPR for UK users, and increasingly under US state privacy laws such as the CCPA and VCDPA. The DPA defines who is the data controller, who is the processor, and the security and breach-notification obligations of each party. Operating without one exposes both parties to regulatory fines.
Yes β a reseller can negotiate an exclusive territory or customer segment, meaning the licensor agrees not to license the platform to competing partners in that area. Exclusivity typically commands a higher flat fee or minimum revenue commitment. Non-exclusive agreements give the licensor more commercial flexibility. The agreement should specify whether exclusivity applies by geography, industry vertical, or customer size, and whether it survives auto-renewal.
99.9% monthly uptime is the industry standard for SaaS platforms, which equates to approximately 43 minutes of allowable downtime per month. Agreements for mission-critical applications often require 99.95% or higher. The SLA should define what counts as downtime (excluding scheduled maintenance), how it is measured, and what SLA credits the reseller receives for breaches β typically 10β25% of the monthly fee per hour of excess downtime, capped at one month's fees.
The agreement should require the licensor to provide a data export window β typically 30 to 60 days after termination β during which the reseller can download all end-customer data in a usable format. After that window, the licensor should be contractually required to delete the data and confirm deletion in writing. Without this provision, the reseller risks losing end-customer data and facing breach claims from those customers.
They are generally enforceable when properly drafted, but enforcement depends heavily on the governing law clause and the jurisdictions where the reseller and end customers are located. EU, UK, and Canadian parties face mandatory data protection requirements that override contractual terms. In the US, state-level privacy laws and UCC Article 2B or UCITA principles vary by state. Specifying a governing law and a dispute-resolution mechanism β arbitration or a specific court β is essential for cross-border agreements.
For straightforward domestic agreements between two established companies, a well-structured template is a solid starting point. Engage a lawyer when the deal involves significant revenue share, exclusive territory rights, cross-border data flows, custom feature development, or a licensor whose platform processes sensitive personal or financial data. A 2β3 hour attorney review typically costs $600β$1,500 and is worthwhile for any arrangement where the annual contract value exceeds $50,000.
A SaaS subscription agreement governs a direct relationship between the software provider and a single end customer or business. A white label SaaS agreement introduces a three-party structure β provider, reseller, and end customer β and adds branding rights, resale permissions, and sub-license mechanics that a standard subscription agreement does not cover. Use a subscription agreement for direct sales; use a white label agreement for channel or partner distribution.
A software license agreement grants the right to use software for internal purposes without any right to resell or rebrand. A white label SaaS agreement explicitly grants sublicensing and rebranding rights to the licensee. If the partner needs to deploy and sell the product to third parties under a different brand, a software license agreement is insufficient.
An independent contractor agreement governs a services relationship β the contractor performs work for the client. A white label SaaS agreement governs a product-licensing relationship β the licensor provides software access the reseller commercializes independently. Mischaracterizing a white-label arrangement as a contractor relationship creates tax, IP ownership, and liability classification errors.
A master services agreement sets overarching terms for an ongoing services relationship, typically paired with statements of work. A white label SaaS agreement is self-contained and product-specific, governing platform access, branding rights, and SLA obligations rather than deliverable-based services. Enterprises sometimes use an MSA as the umbrella and attach the white label terms as a schedule, but the white label provisions must still appear in full.
Core use case β SaaS vendors structuring channel programs where agency or MSP partners deploy the platform under their own brand to SMB or mid-market clients.
Agencies white-label SEO, CRM, or analytics platforms to present proprietary tooling to clients, requiring clear SLA accountability and branding control provisions.
White-labeled payment, lending, or compliance platforms require enhanced data security clauses, regulatory licensing representations, and PCI-DSS and SOC 2 compliance warranties.
HIPAA Business Associate Agreement must be attached as a schedule; data residency requirements and breach notification timelines must comply with 45 CFR Part 164.
No single federal law governs SaaS agreements; contract law is primarily state-based. California, Delaware, and New York are common governing law choices. State privacy laws β CCPA, VCDPA, and others β impose data processing obligations that should be reflected in an attached DPA. Non-compete restrictions on the reseller vary in enforceability by state; California and Minnesota are highly restrictive.
PIPEDA (and provincial equivalents in Quebec, BC, and Alberta) governs personal data processing and requires a DPA between data controllers and processors. Quebec's Law 25 imposes stricter consent and data residency requirements than PIPEDA, effective since September 2023. Agreements should specify whether data is stored in Canadian data centers if the reseller's end customers are in regulated sectors such as financial services or healthcare.
UK GDPR and the Data Protection Act 2018 require a signed DPA for any data processing arrangement. Post-Brexit, UK businesses transferring data to non-adequate countries must use UK International Data Transfer Agreements (IDTAs) rather than EU Standard Contractual Clauses. The UK ICO actively enforces data processor agreements, and fines of up to Β£17.5M or 4% of global turnover apply for serious breaches.
GDPR Article 28 mandates a written DPA for all controller-processor relationships β it is not optional. Standard Contractual Clauses (SCCs) are required for data transfers to non-adequate third countries, including the US. Non-compete clauses restricting the reseller may require financial compensation to be enforceable in countries such as Germany and France. VAT on cross-border SaaS transactions varies by member state and must be addressed in the fee clause.
| Path | Best for | Cost | Time |
|---|---|---|---|
| Use the template | Domestic SaaS vendors and agencies entering straightforward white-label partnerships with clear pricing and no cross-border data flows | Free | 30β60 minutes |
| Template + legal review | Agreements involving revenue share, exclusive territories, EU/UK data flows, or annual contract values above $25,000 | $600β$1,500 for a 2β3 hour attorney review | 2β5 business days |
| Custom drafted | Complex multi-territory channel programs, fintech or healthcare platforms with regulatory requirements, or deals with large enterprise resellers requiring heavily negotiated terms | $2,500β$8,000+ | 2β4 weeks |
This document is one of 3,000+ business & legal templates included in Business in a Box.
Access over 3,000+ business and legal templates for any business task, project or initiative.
Customize your ready-made business document template and save it in the cloud.
Share your files and folders with your team. Create a space of seamless collaboration.
"Fantastic value! I'm not sure how I'd do without it. It's worth its weight in gold and paid back for itself many times."
"I have been using Business in a Box for years. It has been the most useful source of templates I have encountered. I recommend it to anyone."
"It has been a life saver so many times I have lost count. Business in a Box has saved me so much time and as you know, time is money."
Stop downloading documents. Start operating with clarity. Business in a Box gives you the Business Operating System used by over 250,000 companies worldwide to structure, run, and grow their business.
Start freeΒ Β·Β No credit card required
