From GTM Skills
Vendor contract templates and negotiation playbooks for B2B SaaS enterprises. Covers MSA, SLA, DPA, order forms, and procurement.
How this skill is triggered — by the user, by Claude, or both
Slash command
/gtm-skills:vendor-contractsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Contracts are the skeleton of enterprise sales. A clean MSA + Order Form +
Contracts are the skeleton of enterprise sales. A clean MSA + Order Form + DPA + SLA package closes deals in weeks. A messy, non-standard contract gets stuck in legal review for months. The mistake: letting every enterprise customer dictate terms from scratch. You need standard templates that cover 80% of deals, with red-line boundaries for the remaining 20%. This skill covers the complete contract stack: MSA, Order Form, SLA, DPA — for both selling to customers (inbound) and buying from vendors (outbound).
Trigger phrases: "MSA template", "master service agreement", "order form", "SLA agreement", "data processing agreement template", "enterprise contract", "vendor contract", "procurement process", "contract negotiation", "commercial terms for SaaS", "standard contract"
The standard contract stack:
CONTRACT STACK (4 documents):
1. MSA (Master Services Agreement)
- The "umbrella" contract. Signed once. Governs the entire relationship.
- Covers: service description, payment terms, term/termination, IP,
confidentiality, limitation of liability, warranties, indemnification,
governing law, dispute resolution
2. Order Form
- Each purchase gets its own Order Form.
- Covers: products purchased, quantity (seats/volume), price, term length,
billing frequency, renewal terms, special terms
- References the MSA
3. SLA (Service Level Agreement)
- Can be part of MSA or separate.
- Covers: uptime commitment, response times, credits for downtime,
support hours, escalation paths
4. DPA (Data Processing Agreement)
- Required for GDPR compliance and enterprise deals.
- Covers: data processed, purpose, sub-processors, security measures,
breach notification, data subject rights, SCCs
MSA — Key clauses and negotiation positions:
| Clause | Standard Position | Fallback | Non-Negotiable |
|---|---|---|---|
| Limitation of Liability | 12 months of fees paid | 24 months | Never unlimited |
| Indemnification | Mutual for IP claims. Customer indemnifies for their data. | Customer indemnifies for their use only | Never indemnify for customer's data misuse |
| Warranty Disclaimer | "AS IS" — no warranties beyond what's explicitly stated | Accept limited warranties (performance, security) | Never warranty "error-free" or "uninterrupted" |
| Termination for Convenience | 30 days written notice | 60 days | Must include — don't lock into perpetual |
| Governing Law | Your state (or Delaware) | Their state | Not international (costly to litigate) |
| Payment Terms | Net 30, annual upfront | Net 45, quarterly | Never Net 90+ (cash flow killer) |
Order Form — standard fields:
SLA — standard commitments:
DPA — key elements:
data-privacy-compliance skill for full DPA detailsThe enterprise legal review gauntlet:
Your goal: Get from MSA sent → signed in under 4 weeks. Every week of delay is a week your revenue isn't starting.
Negotiation rules:
When to bring in your lawyer:
Vendor evaluation framework:
Vendor contract red flags (when YOU are the buyer):
Vendor procurement process:
gtm-spend-management → spend-approval-matrix ($2K / $10K / $50K tiers)Store contracts somewhere you can find them:
Contract tools:
CONTRACT STACK — [Company]
STANDARD DOCUMENTS:
- [ ] MSA — [template ready / needs lawyer review / pending]
- [ ] Order Form — [template ready]
- [ ] SLA — [template ready. Uptime: X%]
- [ ] DPA — [template ready. SCCs: Yes/No]
CONTRACT PROCESS:
- Sales → Legal handoff: [when does legal get involved? $X threshold?]
- Average cycle time: [weeks from MSA sent → signed]
- Non-standard terms log: [what we've accepted and why]
VENDOR PROCUREMENT:
- [ ] Vendor security review checklist
- [ ] Procurement approval thresholds: $X / $Y / $Z
- Contract repository: [tool / folder]
Before delivering, verify:
No standard MSA. Every enterprise customer sends you THEIR contract. You're negotiating from their paper. Every time. Every deal takes months. Fix: Have your own MSA template. "We use our standard MSA. Our customers find it fair."
Unlimited liability. You signed a contract with no liability cap. A customer sues for $5M in damages from your $10K/year SaaS product. Your company is dead. Fix: Liability cap = 12 months of fees. Non-negotiable for early-stage companies.
Custom contracts for every deal. "This customer wants their own MSA." Now you're managing 50 unique contracts with different terms. Legal risk per contract. Fix: 80/20 rule. 80% of deals use standard contract. 20% negotiate minor terms. 0% get fully custom.
No auto-renewal tracking. Contract auto-renews at 3x the price. You didn't notice. Customer is furious. Fix: Calendar reminders 90 days before every renewal. Review terms before auto-renewal triggers.
Ignoring vendor security review. You bought a tool without checking its security. It gets breached. Your customer data is exposed. Your customer sues YOU — not the vendor. Fix: Security review every vendor that touches customer data. DPA + SOC2 minimum.
This skill provides general informational guidance based on publicly available frameworks and operator experience. It is NOT legal advice, accounting advice, tax advice, financial advice, insurance advice, or professional services advice.
Consult qualified professionals for your specific situation — attorneys for legal/equity matters, CPAs for tax and accounting, licensed brokers for insurance, and certified security assessors for compliance. This skill does not create a professional-client relationship. Use it as a starting point for research and preparation.
references/framework-notes.md — Named frameworks and reference tablestemplates/output-template.md — Deliverable shell for agent outputscripts/check-output.py — Lightweight deliverable validatorlegal-for-founders — Foundational contracts, ToS, Privacy Policydata-privacy-compliance — DPA details, SCCs, GDPR requirementssecurity-assessments — Vendor security questionnaires, pen testingsoc2-compliance — SOC2 that every enterprise vendor review asks fordeal-desk — Deal structuring, pricing, proposalsnpx claudepluginhub leadmagic/gtm-skills --plugin gtm-skillsDrafts a customized Customer Agreement from the Y Combinator SaaS template. Guides users through structured intake questions and produces a clean .docx with a lawyer-facing memo of changes.
Systematically reviews SaaS vendor or customer contracts for legal, commercial, and operational risk. Covers SLA uptime, data ownership, DPAs, liability caps, IP indemnification, and termination provisions.
Generates customized business agreements for 10 relationship types (freelancer, partnership, NDA, licensing, consulting, SOW, MSA, joint venture, distribution, referral) using an information-gathering wizard approach.