MSA — Master Service Agreement Checklist

# MSA — Pre-Sign Checklist

**Parties:** [Your company] and [Customer/Vendor]
**Effective date:** [DATE]
**Initial term:** [Years]
**Document version:** [Your template v[N] / Their template]

---

## 1. Payment terms

- [ ] **Net days clearly stated** (Net 30 is standard for SMB; Net 45-60 is common for enterprise).
- [ ] **Late-payment interest** specified (typically 1-1.5% per month).
- [ ] **Disputed invoice mechanic** — what happens if customer disputes part of an invoice? Standard: dispute in good faith within 15 days, pay undisputed portion, work to resolve.
- [ ] **No "pay if paid"** clauses if you're the vendor — those let the customer delay indefinitely if their downstream customer is slow.
- [ ] **Auto-renewal language** — annual rolling, opt-out window (typically 30-60 days before renewal).

## 2. IP ownership — the most-fought clause

- [ ] **Pre-existing IP** — each party retains its own pre-existing IP. Non-negotiable from your side.
- [ ] **Work product / deliverables** — by default, **your platform IP stays yours**. Customer gets a license to use it. Custom configuration / customer-specific code that's only useful to them might be assigned to them, but **never the underlying platform**.
- [ ] **Feedback license** — you can use customer feedback / suggestions in your product without owing them anything. Important.
- [ ] **No "work for hire"** language unless this is a custom-build engagement (and even then, only on the custom output, not your tools).

## 3. Liability cap

- [ ] **Liability cap stated** — typically 12 months of fees paid, sometimes 24 months, never unlimited.
- [ ] **Exceptions to cap** — gross negligence, willful misconduct, IP indemnification, breach of confidentiality are usually carved out (uncapped). Standard.
- [ ] **Mutual cap** — the cap should apply to both parties. Customer caps to you usually match.
- [ ] **No "uncapped indemnification for any claim"** — that's a back door to unlimited liability.

## 4. Indemnification

- [ ] **IP indemnification** — you indemnify customer if your product infringes a third-party's IP. Standard. Cap is usually uncapped or set very high.
- [ ] **Customer indemnification** — customer indemnifies you for their use that violates law (their data, their use cases). Standard.
- [ ] **Procedure** — sole control of defense, settlement consent requirements, prompt notification. Standard language.

## 5. Termination

- [ ] **Termination for convenience** — typically 30-60 days notice, fees paid up to termination date. Don't accept "termination for convenience at any time with no fees" if you've invested significant onboarding effort.
- [ ] **Termination for cause** — material breach + 30-day cure period.
- [ ] **Effect of termination** — customer's right to retrieve their data (typically 30-90 day window post-termination), survival of certain clauses (confidentiality, IP, liability, indemnity).

## 6. Warranty + disclaimers

- [ ] **Limited warranty** — service substantially conforms to documentation for [period]. Standard.
- [ ] **Disclaimer of implied warranties** — "AS IS" except for the limited warranty. Standard.
- [ ] **No warranty of merchantability or fitness for particular purpose** beyond what's expressly stated.

## 7. Confidentiality + data

- [ ] **Confidentiality clause** — see [NDA Checklist](/templates/nda-checklist). MSAs usually incorporate full NDA language.
- [ ] **DPA (Data Processing Agreement)** — required if customer provides personal data of EU/UK individuals; must be a separate or attached document.
- [ ] **Security obligations** — incident notification window (usually 24-72 hours), SOC 2 or equivalent attestation if relevant.

## 8. Governing law + dispute resolution

- [ ] **Governing law** — your home jurisdiction by default; enterprise customers often push for theirs. Standard compromise: New York or Delaware for US.
- [ ] **Venue + forum** — courts of the governing law jurisdiction.
- [ ] **Arbitration?** Some enterprises prefer JAMS or AAA arbitration over litigation. Usually neutral; agree if it's mutual.

## 9. Common founder mistakes

- Signing the customer's MSA without diffing it against your standard — silently accepts their template's biases
- Accepting liability caps below 12 months of fees — limits your downside but signals you're inexperienced
- Letting "work product" or "deliverables" language transfer ownership of your platform code
- Skipping the DPA for EU/UK customers — GDPR violation by default
- Not tracking which MSA was signed by whom — diligence nightmares
- Allowing "termination for convenience" without notice + fees-to-date — encourages churn

## 10. Before you sign

- [ ] Reviewed by commercial counsel (especially the other side's MSA)
- [ ] Compared against your standard template; deviations documented and justified
- [ ] DPA executed if applicable
- [ ] Filed in your contract registry with key dates (renewal, termination, etc.)
- [ ] Customer payment terms aligned with your finance workflow

---

**Educational only — not legal advice.** MSAs typically govern relationships worth $50k-$5M+ in revenue. Always involve an experienced commercial lawyer before signing.