Help me fix this contract
November 21, 2010 9:15 AM Subscribe
I know YANML but help me say this in lawyer speak.
I'm writing a contract for a simple HTML5 website, but there is one part where I'm stuck. This is a very small project with a super low budget, almost pro-bono.
I want a clause that says something like this: "We are not responsible/make no warranties for the security of the website / scripts. It is the clients obligation to keep the their site/ client data / host protected. The client will hold us indemnified to 3rd parties on whatever that might arise".
If you think Im missing something fell free to add to it. If you ara a web designer with a similar clause to this in your contracts I wanna hear from you too.
Yes, I know you are not my lawyer and I intent to send the contract to lawyer in my state for revision. If it helps, client is in NY.
Thanks a lot in advance.
I'm writing a contract for a simple HTML5 website, but there is one part where I'm stuck. This is a very small project with a super low budget, almost pro-bono.
I want a clause that says something like this: "We are not responsible/make no warranties for the security of the website / scripts. It is the clients obligation to keep the their site/ client data / host protected. The client will hold us indemnified to 3rd parties on whatever that might arise".
If you think Im missing something fell free to add to it. If you ara a web designer with a similar clause to this in your contracts I wanna hear from you too.
Yes, I know you are not my lawyer and I intent to send the contract to lawyer in my state for revision. If it helps, client is in NY.
Thanks a lot in advance.
I intent to send the contract to lawyer in my state for revision.
Let the lawyer help you with this then.
posted by amro at 9:33 AM on November 21, 2010 [1 favorite]
Let the lawyer help you with this then.
posted by amro at 9:33 AM on November 21, 2010 [1 favorite]
If your lawyer is going to do this, then you don't need us to.
Also, it's not clear what you're asking. You've written X, and it already says X, and it doesn't need help saying X; if you want it to say Y, we can't help you do that because we don't know what Y is.
posted by J. Wilson at 9:54 AM on November 21, 2010
Also, it's not clear what you're asking. You've written X, and it already says X, and it doesn't need help saying X; if you want it to say Y, we can't help you do that because we don't know what Y is.
posted by J. Wilson at 9:54 AM on November 21, 2010
So wait, you're making a website that uses some sort of interpreted/scripted language (php/ruby/cgi/whatever) and you're saying that it's not secure? Why are they hiring you?
On a side note, why don't you just lift the language from the GPL? It has a section just for this:
On a side note, why don't you just lift the language from the GPL? It has a section just for this:
NO WARRANTYposted by Brian Puccio at 10:46 AM on November 21, 2010
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
IANAL, but I do web design, including e-commerce where the privacy statements and user agreements for some of my sites have been vetted by my client's council.
If the users of the web site are paying you to store data or do transactions for them, you can't hand-wave your responsibilities associated with that. There are a ton of EULAs out there you can look at, and it's true that you can at least assert that your liability to your client is limited in the event of data loss (users have an obligation to make backups of their own data, for example) and the like. But YOU ARE RESPONSIBLE for the security of that data. If I used salesforce.com to store my contacts, and found that salesforce got breeched and now my competitors have that data, I could sue salesforce.com and win.
OTOH, if this is a statement aimed at casual users of your site, i.e. like my use of (reading) a blog site, it comes across as paranoid. A simple privacy statement is all that's needed in that case, and that's to reassure the users, not really to protect you. It's pretty commonly accepted that individual web site users are responsible for THEIR security, i.e. firewalls and other perimeter defence, and if your site gets infected, it's beyond unlikely you'd be sued because some user stumbled into your site and got infected as well.
And good luck asserting that your clients will indemnify you in the event of something that you did or failed to do. Indemnification is, for example, where I agree as a user of a system to defend the owner of a system for MY actions. Ex - you run a video hosting site, I sign your agreement, and I upload videos that are alleged to violate copyright. If the copyright holder sues you, I have agreed to defend you in court. It's a high standard that is only appropriate in certain relationships, it's hard to enforce, and I don't sign them lightly, myself.
TL;DR - if you really need all these provisions you've thrown out your client needs to get counsel, stat.
posted by randomkeystrike at 10:58 AM on November 21, 2010
If the users of the web site are paying you to store data or do transactions for them, you can't hand-wave your responsibilities associated with that. There are a ton of EULAs out there you can look at, and it's true that you can at least assert that your liability to your client is limited in the event of data loss (users have an obligation to make backups of their own data, for example) and the like. But YOU ARE RESPONSIBLE for the security of that data. If I used salesforce.com to store my contacts, and found that salesforce got breeched and now my competitors have that data, I could sue salesforce.com and win.
OTOH, if this is a statement aimed at casual users of your site, i.e. like my use of (reading) a blog site, it comes across as paranoid. A simple privacy statement is all that's needed in that case, and that's to reassure the users, not really to protect you. It's pretty commonly accepted that individual web site users are responsible for THEIR security, i.e. firewalls and other perimeter defence, and if your site gets infected, it's beyond unlikely you'd be sued because some user stumbled into your site and got infected as well.
And good luck asserting that your clients will indemnify you in the event of something that you did or failed to do. Indemnification is, for example, where I agree as a user of a system to defend the owner of a system for MY actions. Ex - you run a video hosting site, I sign your agreement, and I upload videos that are alleged to violate copyright. If the copyright holder sues you, I have agreed to defend you in court. It's a high standard that is only appropriate in certain relationships, it's hard to enforce, and I don't sign them lightly, myself.
TL;DR - if you really need all these provisions you've thrown out your client needs to get counsel, stat.
posted by randomkeystrike at 10:58 AM on November 21, 2010
If you're already paying a lawyer to review it, you really would be better off just telling that person, in layman's terms, what it is you want the contract to say. By trying to "legalize" it yourself, you're just going to obscure the intended meaning, and the lawyer will take twice as long to produce a finished product.
It's far easier for a solicitor to take the basic terms and make them an enforceable contract, than it is to read a confusingly written draft, interpret it, and then change everything around anyway.
posted by Pomo at 11:31 AM on November 21, 2010
It's far easier for a solicitor to take the basic terms and make them an enforceable contract, than it is to read a confusingly written draft, interpret it, and then change everything around anyway.
posted by Pomo at 11:31 AM on November 21, 2010
It's far easier for a solicitor to take the basic terms and make them an enforceable contract, than it is to read a confusingly written draft, interpret it, and then change everything around anyway.
Agreed - just tell your solicitor what you need, in plain english. They can handle the drafting.
In any case, contracts are about clarity of expression and enforcability - it doesn't have to 'sound' legal, providing that the meaning is clear.
posted by His thoughts were red thoughts at 2:55 PM on November 21, 2010
Agreed - just tell your solicitor what you need, in plain english. They can handle the drafting.
In any case, contracts are about clarity of expression and enforcability - it doesn't have to 'sound' legal, providing that the meaning is clear.
posted by His thoughts were red thoughts at 2:55 PM on November 21, 2010
His thoughts were red thoughts: "In any case, contracts are about clarity of expression and enforcability"
this. don't try to make it sound lawyerly, just say what you're after. this is true whether or not you're actually going to have an attorney take a look at the contract.
randomkeystrike: "YOU ARE RESPONSIBLE for the security of that data. If I used salesforce.com to store my contacts, and found that salesforce got breeched and now my competitors have that data, I could sue salesforce.com and win."
whether or not this is true, it's not really relevant to the OP's question. if you use salesforce.com then you, presumably, have a contract with salesforce.com and can sue on the contract. OP's question seems to be something more like: can you sue the contractor hired by salesforce.com to produce the service you used, and with whom you have no relationship at all? maybe yes, maybe no, but in any event a very different circumstance than the hypothetical you've described.
posted by lex mercatoria at 4:33 PM on November 21, 2010
this. don't try to make it sound lawyerly, just say what you're after. this is true whether or not you're actually going to have an attorney take a look at the contract.
randomkeystrike: "YOU ARE RESPONSIBLE for the security of that data. If I used salesforce.com to store my contacts, and found that salesforce got breeched and now my competitors have that data, I could sue salesforce.com and win."
whether or not this is true, it's not really relevant to the OP's question. if you use salesforce.com then you, presumably, have a contract with salesforce.com and can sue on the contract. OP's question seems to be something more like: can you sue the contractor hired by salesforce.com to produce the service you used, and with whom you have no relationship at all? maybe yes, maybe no, but in any event a very different circumstance than the hypothetical you've described.
posted by lex mercatoria at 4:33 PM on November 21, 2010
« Older Is a Big Box good price a Bad Thing? | You know all those recipes that use that gross... Newer »
This thread is closed to new comments.
I would take what you've written above (which makes sense to this non-lawyer) and present it to your lawyer and ask him to review it.
posted by dfriedman at 9:33 AM on November 21, 2010