Vendor Agreement Checklist for Indian Startups: Clauses Founders Should Fix Before Scaling
Every Indian startup should review vendor agreements before the vendor handles money, code, customer data, marketing assets, operations, finance work or business-critical services. The core clauses to fix are…
Direct answer for founders
Every Indian startup should review vendor agreements before the vendor handles money, code, customer data, marketing assets, operations, finance work or business-critical services. The core clauses to fix are scope, payment, GST, confidentiality, IP ownership, data protection, service levels, liability, termination and handover.
This is not only a legal exercise. Vendor risk affects cash flow, product ownership, customer trust, investor diligence and acquisition readiness. A founder may think a vendor contract is routine, but investors read it differently: they check whether the startup controls its assets, protects customer data, can exit bad vendors and has not accepted unlimited liability.
Use official law as the base. The Indian Contract Act, 1872 governs enforceability of contracts (https://www.indiacode.nic.in/handle/123456789/2187). The Companies Act, 2013 matters for authority, board approvals and corporate records (https://www.indiacode.nic.in/handle/123456789/2114). The Digital Personal Data Protection Act, 2023 matters when vendors process digital personal data (https://www.meity.gov.in/data-protection-framework). GST invoicing and tax positions should be checked through the official GST portal (https://www.gst.gov.in/).
Vendor contracts founders should not treat casually
| Vendor type | Why it matters | Contract risk |
|---|---|---|
| Software development agency | Builds product or integrations | IP ownership, source-code access, warranties |
| Marketing agency | Handles brand, campaigns and customer lists | Content ownership, ad account access, confidentiality |
| Cloud, SaaS or AI tool vendor | Holds operational or customer data | Data processing, uptime, lock-in, export rights |
| Finance, payroll or HR vendor | Processes employee and payment records | DPDP, confidentiality, audit trail, liability |
| Manufacturer or supplier | Impacts fulfilment and quality | Delivery timelines, defects, recalls, payment |
| Freelancer or consultant | Creates work product quickly | Assignment, scope creep, tax and exit issues |
The clause-by-clause checklist
- Identify the vendor, contracting entity, GSTIN and authorised signatory.
- Define the exact scope of services and excluded work.
- Record deliverables, timelines, acceptance tests and dependencies.
- State payment terms, invoice timing, GST treatment, TDS and reimbursement rules.
- Add confidentiality obligations and permitted disclosures.
- Assign work-product IP to the startup where the vendor creates custom assets.
- Protect background IP if the vendor uses pre-existing tools or components.
- Add DPDP and data-security obligations where personal data is processed.
- Define service levels, support, maintenance and escalation process.
- Cap liability sensibly and avoid open-ended indemnity.
- Add termination rights, transition support and return or deletion of data.
- Keep dispute resolution, jurisdiction and notice details clear.
Scope and payment should be boringly specific
Founders often lose money because the contract says “marketing support”, “development services” or “operations consulting” without detail. The vendor then treats every extra request as chargeable, while the founder assumes it was included.
A better scope section should say:
- what the vendor will deliver,
- what the startup must provide,
- what is out of scope,
- how change requests are approved,
- when milestones are accepted,
- who owns project files and credentials, and
- what happens if either side delays.
Payment terms should match runway discipline. Avoid signing net-60 or net-90 vendor terms without understanding cash-flow impact. If the vendor needs advance payment, connect it to deliverables, access controls and refund rules.
IP and access control
If a vendor creates code, designs, product documents, reports, videos, pitch material, website copy, datasets or automation workflows for the startup, the agreement should clearly say who owns the final work.
For software and product vendors, founders should ask:
- Will the company receive source-code access?
- Are repositories under company-controlled accounts?
- Can the vendor reuse the same components for competitors?
- Are open-source licences tracked?
- Are third-party paid tools included or separate?
- What happens if the vendor relationship ends mid-project?
For design and marketing vendors, ask for editable source files, font and image licence details, campaign account access and brand asset handover.
Data protection vendor review
If the vendor touches customer, employee, lead, investor, payment, health, education, payroll, user-behaviour or support data, the startup should add data clauses.
| Data issue | Founder question |
|---|---|
| Purpose | Why is the vendor processing this data? |
| Access | Which people and systems can access it? |
| Storage | Where is it stored and for how long? |
| Sub-processors | Can the vendor use another vendor? |
| Security | What safeguards are actually promised? |
| Breach | How quickly will the startup be notified? |
| Exit | Will data be returned, deleted or anonymised? |
Do not paste customer lists, salary data, investor records or confidential product plans into vendor tools without checking terms and permissions.
Investor diligence angle
During fundraising, investors may ask for:
- Key vendor agreements.
- Software development and IP assignment records.
- Data-processing vendor list.
- SaaS subscriptions holding customer data.
- Material supplier or fulfilment contracts.
- Open-source and third-party licence records.
- Pending vendor disputes.
- Payment defaults or large unpaid vendor dues.
A clean vendor file shows that the startup can scale without hidden operational risk.
Mistakes founders should avoid
- Signing a vendor proposal without a real contract.
- Letting vendors control domains, ad accounts, repositories or cloud credentials.
- Paying for custom work without IP assignment.
- Ignoring GST, TDS and invoice documentation.
- Accepting unlimited liability for routine services.
- Forgetting data return or deletion after termination.
- Allowing vendors to use confidential client work in public portfolios.
- Not documenting change requests.
Sources
- Indian Contract Act, 1872: https://www.indiacode.nic.in/handle/123456789/2187
- Companies Act, 2013: https://www.indiacode.nic.in/handle/123456789/2114
- MeitY DPDP framework: https://www.meity.gov.in/data-protection-framework
- GST portal: https://www.gst.gov.in/
FAQ Section
Should every startup vendor sign a written agreement?
Yes, if the vendor handles money, data, code, brand assets, operations or customer-facing work. For very small one-time purchases, a clear purchase order may be enough, but business-critical work needs stronger terms.
Is an invoice enough to prove IP ownership?
Usually no. The contract should clearly assign or license the work product. An invoice mainly proves payment; it may not settle ownership, reuse rights or source-file handover.
What is the most important clause in a vendor agreement?
Scope, payment, IP, confidentiality, data protection, liability and termination are usually the most important clauses. The priority depends on what the vendor is doing.
Should founders accept vendor auto-renewals?
Only if the renewal, cancellation window, price increase and notice process are clear. Hidden auto-renewals can create avoidable cash-flow leakage.
Do vendor agreements matter during fundraising?
Yes. Investors review material contracts to understand IP ownership, data risk, recurring obligations, disputes and whether the startup can exit weak vendors.
Founder / Business Takeaway
Vendor agreements are operational infrastructure. Founders should not wait for a dispute, delayed project or investor diligence request to clean them up. The Best CS Firm In India standard is to make vendor ownership, data, payment and exit rights clear before the vendor becomes essential.
Need expert support?
BSA helps Indian startups review vendor agreements, agency contracts, SaaS procurement terms, IP assignment clauses, data-processing addendums and investor-ready contract data rooms.
Need expert support?
BSA supports founders across India with ROC, FEMA, due diligence, fundraising readiness, and company secretarial execution.
