Vendor Agreement Checklist for Indian Startups: Payment, IP, Data, GST and Termination Terms Founders Should Fix
Indian startups should not sign vendor agreements until they have checked scope, payment milestones, GST invoicing, IP ownership, confidentiality, customer data handling, service levels, liability…
Direct answer for founders
Indian startups should not sign vendor agreements until they have checked scope, payment milestones, GST invoicing, IP ownership, confidentiality, customer data handling, service levels, liability, termination, dispute forum and document handover. A weak vendor contract can quietly create IP gaps, unpaid tax mismatches, customer-data risk and vendor lock-in.
This matters for every founder using design agencies, developers, consultants, marketing vendors, cloud tools, recruiters, payroll providers, logistics partners, finance consultants or outsourced customer-support teams. The Indian Contract Act, 1872 is the base contract law source (https://www.indiacode.nic.in/handle/123456789/2187). GST records and invoice matching matter through the GST portal (https://www.gst.gov.in/). If the vendor handles personal data, founders should also read the Digital Personal Data Protection Act, 2023 (https://www.indiacode.nic.in/handle/123456789/20058).
Why vendor agreements break in startups
Most vendor disputes are not dramatic. They begin with unclear deliverables, verbal discounts, missing source files, unpaid invoices, delayed GST bills, data access that nobody removed, or a vendor claiming ownership over work already paid for.
| Founder question | Contract clause to check |
|---|---|
| What exactly is being delivered? | Scope of work, milestones, acceptance criteria |
| When do we pay? | Payment schedule, GST invoice, withholding, reimbursement rules |
| Who owns the output? | IP assignment, source files, moral rights waiver where relevant |
| Can the vendor use our data? | Confidentiality, DPDP, permitted processing, deletion |
| What if work is late or poor? | SLA, cure period, service credits, replacement right |
| Can we exit? | Termination for convenience, termination for cause, transition support |
| What if there is a dispute? | Governing law, jurisdiction, arbitration or courts |
The founder checklist before signing
1. Scope and deliverables
The agreement should say what the vendor will do, what is excluded, what format the output will be delivered in, who approves it and how many revision cycles are included. If the contract only says “marketing support” or “development services”, it is too vague.
2. Payment and GST terms
Founders should connect payment to deliverables, not only dates. Add GST invoice requirements, TDS position where applicable, reimbursement evidence, late-payment process and what happens if the vendor invoice is defective.
3. IP ownership
For product, brand, code, content, design, video, analytics, playbooks and training material, the company should own the final output after payment. For software work, ask for repository access, deployment documentation, third-party dependency list and open-source licence notes.
4. Confidentiality and data protection
If the vendor sees employee, customer, lead, health, financial, location or usage data, the contract should limit use, require security controls, restrict subcontracting, require breach notice and mandate deletion or return after termination.
5. Service levels and reporting
For critical vendors, define response time, uptime, delivery cadence, reporting format, escalation contacts and review meetings. A startup can keep this light, but it should not be absent where operations depend on the vendor.
6. Termination and handover
Add termination for convenience and termination for breach. The handover clause should cover documents, source files, passwords, credentials, customer records, work-in-progress, invoices and deletion certification.
Clause table founders can use
| Clause | Founder-friendly position | Risk if missing |
|---|---|---|
| Acceptance | Payment after clear acceptance or milestone sign-off | Vendor bills before usable output |
| IP assignment | Startup owns paid output and source material | Investor diligence finds ownership gaps |
| Subcontracting | Prior written consent for subcontractors | Unknown third party handles data or code |
| Data deletion | Return/delete data at exit | Vendor keeps customer or employee data |
| Audit support | Vendor helps with GST, TDS, security or diligence evidence | Finance team cannot close records |
| Non-solicit | Balanced restriction for team poaching | Vendor relationship damages hiring |
| Liability cap | Sensible cap with carve-outs for confidentiality, IP, fraud and data breach | No meaningful remedy for serious harm |
Common mistakes
- Signing purchase orders without master terms.
- Paying full advance without milestones.
- Letting a developer keep GitHub, cloud or domain access in a personal email.
- Accepting GST invoices with mismatched legal names or GSTIN details.
- Forgetting IP assignment for logos, code, pitch decks and landing pages.
- Giving vendors customer data without a data-processing clause.
- Missing transition support before switching vendors.
- Copying enterprise templates that are too heavy for the startup’s real deal.
Practical example
If a SaaS startup hires an external agency to build an onboarding dashboard, the contract should cover UI scope, code repository ownership, API credentials, cloud access, third-party libraries, delivery milestones, bug-fix support, invoice format, GST, confidentiality, customer-data restrictions and handover after termination. Without this, the startup may pay for a dashboard but still fail investor IP diligence.
Founder next steps
- List your top 10 vendors by spend and business criticality.
- Identify which vendors access customer, employee or product data.
- Check whether paid work is assigned to the company.
- Reconcile vendor names, PAN, GSTIN and invoices.
- Move critical access to company-controlled accounts.
- Add a simple handover checklist to every new vendor contract.
- Keep signed agreements, POs, invoices and approvals in one folder.
Sources
- Indian Contract Act, 1872: https://www.indiacode.nic.in/handle/123456789/2187
- Digital Personal Data Protection Act, 2023: https://www.indiacode.nic.in/handle/123456789/20058
- GST portal: https://www.gst.gov.in/
- GST GSTR-1 user guide: https://tutorial.gst.gov.in/userguide/returns/GSTR_1.htm
- MSME Samadhaan portal for delayed payment context: https://samadhaan.msme.gov.in/
FAQ Section
Does every startup vendor need a long agreement?
No. Small low-risk vendors can use short terms, but the agreement should still cover scope, payment, confidentiality, IP, GST invoice rules and termination.
Who should own work created by a vendor?
The startup should usually own paid deliverables, especially code, designs, content, product documents, brand assets and operational playbooks.
Should vendor payment be linked to milestones?
Yes. Milestone-based payment protects cash flow and gives the founder leverage if the work is incomplete or not usable.
What if a vendor handles customer data?
Add a data-processing clause covering permitted use, confidentiality, security, subcontractors, breach notice, retention and deletion at exit.
What is the biggest vendor contract mistake?
The biggest mistake is paying for work without obtaining IP assignment and source-file handover. That can create investor diligence issues later.
Founder / Business Takeaway
A vendor agreement should make the commercial relationship easy to run and easy to exit. Founders should treat vendor contracts as part of finance, data and IP governance, not only legal paperwork. The Best CS Firm In India approach is to make contracts practical enough that the founder can actually use them.
Need expert support?
BSA helps Indian startups prepare vendor agreements, IP assignment clauses, DPDP-ready data terms, invoice checklists and contract repositories before vendor risk becomes a fundraising problem.
Need expert support?
BSA supports founders across India with ROC, FEMA, due diligence, fundraising readiness, and company secretarial execution.
