Salesforce’s Master Subscription Agreement is a 30-page document written by Salesforce’s lawyers to protect Salesforce’s interests. Every default clause favours the vendor: fees are non-cancellable, quantities cannot be decreased, liability is capped at what you paid, and there is no contractual uptime guarantee. The CIO who signs without negotiating these terms is not accepting a partnership—they are accepting a set of rules written entirely by the other side.
This article deconstructs the twelve contract terms that carry the greatest commercial and operational risk for enterprise Salesforce customers. For each term, we explain what Salesforce’s default position is, why it matters, and exactly what you should negotiate instead. These are not theoretical suggestions—every counter-position described below has been successfully negotiated in real enterprise Salesforce agreements across engagements managed by Redress Compliance.
Understanding the Contract Architecture
Before examining individual terms, CIOs must understand how a Salesforce contract is structured. It is not a single document—it is a hierarchy of interlocking agreements, each layer constraining or overriding the layers above it.
Master Subscription Agreement (MSA) Foundation
What it is: The overarching legal framework governing the entire Salesforce relationship. Covers definitions, usage rights, fees and payment obligations, intellectual property, confidentiality, liability, indemnification, termination, and governing law. The MSA is a click-through agreement for most customers, meaning your legal team may never have reviewed it. Last updated September 2025.
Negotiability: Moderately negotiable for enterprise customers spending $500K+ annually. Salesforce will resist MSA-level changes but will grant them for strategic accounts or when pushed with specificity.
Order Form Commercial
What it is: The product-specific document that specifies which Salesforce products you are purchasing, the number of licences, the per-unit price, the subscription term, and any product-specific terms. Order forms are executed under the MSA and incorporate its terms by reference. Order form terms override MSA terms where they conflict.
Negotiability: Highly negotiable. This is where the majority of pricing, uplift, flexibility, and renewal terms are established. Every commercial concession Salesforce grants appears here.
Data Processing Addendum (DPA) Privacy
What it is: The GDPR/CCPA compliance framework governing how Salesforce processes your personal data, including sub-processor lists, data transfer mechanisms (Standard Contractual Clauses), and breach notification obligations. Essential for organisations with European or Californian data subjects.
Negotiability: Limited. The DPA is largely standardised, but you can negotiate specific data residency requirements, sub-processor notification timelines, and breach notification windows.
SLA Addendum Performance
What it is: The service level commitment specifying uptime guarantees, support response times, and service credit remedies. Critically, this addendum does not exist by default. If you do not negotiate an SLA addendum, you have no contractual uptime guarantee and no financial remedy for downtime.
Negotiability: Available for enterprise customers, particularly those on Premier or Signature support plans. Must be explicitly requested and negotiated.
Term 1: Non-Cancellable Fees and Non-Refundable Payments
Salesforce’s default (MSA §5.1): “Payment obligations are non-cancelable and fees paid are non-refundable, and quantities purchased cannot be decreased during the relevant subscription term.”
This single clause is the foundation of Salesforce’s commercial model. Once you execute an order form, you owe the full contract value regardless of whether you use the service, regardless of whether your business needs change, and regardless of whether Salesforce delivers the functionality you expected. There is no early termination right. There is no partial cancellation. There is no refund.
⚠ The Real-World Impact
A 1,500-user enterprise that signs a three-year contract at $175/user/month is committing to $9.45 million in non-cancellable fees. If an M&A event reduces the organisation to 800 users in year two, the remaining 700 licences continue to be billed at full rate for the duration. Without negotiated flexibility, the organisation pays for 22 months of unused licences—approximately $2.7 million in pure waste.
What to negotiate: You will not eliminate this clause entirely—it is fundamental to Salesforce’s revenue recognition model. However, you can materially limit its impact by negotiating annual downgrade rights of 10–15% (allowing licence count reductions at each anniversary), termination for convenience with a defined penalty (typically 50–75% of remaining fees rather than 100%), and ramp-up schedules that align your commitment to projected adoption rather than day-one capacity. Each of these provisions is documented as an order form amendment that overrides the MSA default.
Term 2: Auto-Renewal and Notice Periods
Salesforce’s default (MSA §11.2): “Subscriptions will automatically renew for additional periods equal to the expiring subscription term or one year (whichever is shorter), unless either party gives the other written notice at least 30 days before the end of the relevant subscription term.”
The auto-renewal clause is designed to eliminate your negotiation window. If you miss the 30-day notice deadline—which, for a large enterprise managing hundreds of vendor contracts, is extremely easy to do—your contract renews automatically at the current rate plus any embedded uplift. You have no opportunity to renegotiate pricing, reduce licence counts, or adjust product mix. You are locked in for another full term.
What to negotiate: Extend the notice period to 90–120 days. Add a provision requiring Salesforce to send written notification to your designated procurement contact at least 150 days before the auto-renewal trigger date. Specify that auto-renewal pricing is capped at your current per-unit rate with no uplift applied (or at a maximum of the negotiated uplift cap). And most importantly: submit a written non-renewal notice regardless of whether you intend to renew. This preserves your right to negotiate freely without the auto-renewal constraint. You can always sign a new order form if negotiations conclude successfully.
Term 3: Price Escalation and Annual Uplift
Salesforce’s default: Most enterprise order forms include a 7% annual price escalator that increases per-unit pricing at each contract anniversary or renewal. This is not in the MSA—it appears in the order form, often in language that is easy to miss during review.
At 7% compounding, a three-year contract experiences a 22.5% cumulative price increase by term end. Over five years, the increase reaches 40.3%. For a 1,000-user Enterprise deployment starting at $175/user/month, the 7% default adds approximately $441,000 in cumulative excess cost over three years compared to flat pricing.
| Annual Uplift | Year 1 | Year 2 | Year 3 | 3-Year Cumulative Excess vs Flat |
|---|---|---|---|---|
| 0% (flat) | $175 | $175 | $175 | $0 |
| 3% | $175 | $180 | $186 | $201K |
| 5% | $175 | $184 | $193 | $339K |
| 7% (default) | $175 | $187 | $200 | $441K |
What to negotiate: Target 0% (flat pricing) for multi-year commitments of three or more years. If flat pricing is unachievable, cap at 3% maximum and tie the escalation to an external benchmark such as CPI. Additionally, ensure the order form uses locked multi-year per-unit pricing rather than “one-time pricing” language that allows Salesforce to reset to current list price at renewal. For detailed negotiation strategies on uplift reduction, see our Salesforce Negotiation Tips guide.
Term 4: Contractual Usage Limits and the “Circumvention” Clause
Salesforce’s default (MSA §3.2): “If Customer is unable or unwilling to abide by a contractual usage limit, Customer will execute an Order Form for additional quantities of the applicable Services promptly upon SFDC’s request, and/or pay any invoice for excess usage.”
This clause gives Salesforce the right to force you to purchase additional licences if it determines you have exceeded your contractual entitlements. The companion prohibition against any use that “circumvents a contractual usage limit” is broad enough to cover scenarios you may not anticipate—for example, using a Platform licence to access standard CRM objects through a custom workaround, or using API integrations in ways that exceed your licenced scope.
What to negotiate: Add a 90-day cure period before any mandatory purchase obligation takes effect. Require Salesforce to provide written notice specifying the exact usage limit exceeded and the evidence supporting the determination. Negotiate that any required purchases are priced at your existing contracted rate, not current list price. And include a dispute resolution mechanism that allows you to challenge Salesforce’s determination before being obligated to pay.
Term 5: True-Up and True-Forward Provisions
Salesforce’s default: Enterprise agreements and SELAs often include True-Up clauses that adjust your costs upward if usage exceeds contracted quantities at any measurement point, and True-Forward provisions that carry overage-level pricing into subsequent periods.
The danger is that a temporary usage spike—during a data migration, a seasonal peak, or a pilot programme that is later discontinued—can trigger a permanent cost increase. Salesforce measures usage at specific points; if your user count exceeds contracted levels during a measurement window, the True-Up clause allows Salesforce to bill for the excess and may set a new, higher baseline for subsequent periods.
What to negotiate: Establish a materiality threshold of 5–10% above contracted quantities below which no True-Up is triggered. Require that True-Up calculations use normalised average usage over a 90-day rolling period rather than peak or point-in-time measurement. Separate True-Up from True-Forward—an overage in one period should not automatically inflate your baseline for the next. And negotiate that any True-Up purchases are priced at your existing discount level, not at list price.
Term 6: Uptime Guarantee (or Lack Thereof)
Salesforce’s default: The MSA promises only “commercially reasonable efforts” to maintain service availability. There is no contractual uptime percentage. There are no automatic service credits. There is no financial remedy for downtime.
This means that if Salesforce experiences a major outage that takes your CRM offline for 48 hours during your busiest sales period, your contractual remedy is nothing. Salesforce publishes actual availability metrics on its Trust site (trust.salesforce.com), and its real-world uptime is typically around 99.9%. But “typically” and “contractually guaranteed” are entirely different things. Some analysts have noted that Salesforce’s contractual uptime commitment may be as low as 98%, which equates to more than seven days of permissible downtime per year.
What to negotiate: Request a formal SLA addendum specifying a minimum monthly uptime of 99.9% (8 hours 46 minutes of maximum permissible downtime per year). Define “uptime” as availability of core platform functions on a 24/7 basis, not averaged across maintenance windows. Establish tiered service credits: 10% of monthly fees if uptime falls below 99.9%, 25% if it falls below 99.5%, and termination rights if uptime falls below 99% in any consecutive three-month period. Require Salesforce to provide monthly availability reports and include SLA performance in quarterly business reviews. Organisations on Premier or Signature support have the strongest position to negotiate SLA addenda.
Term 7: Limitation of Liability
Salesforce’s default (MSA §10): Liability is capped at the fees paid in the 12 months preceding the claim. Consequential, indirect, incidental, and punitive damages are excluded entirely. Lost profits, lost revenue, lost data, and business interruption damages are all excluded.
For an enterprise paying $2 million per year in Salesforce licence fees, Salesforce’s maximum exposure for any failure—including a catastrophic data breach or prolonged outage—is $2 million. If that failure causes your organisation $20 million in operational impact, the remaining $18 million is unrecoverable.
What to negotiate: You will not eliminate the liability cap—it is standard across the SaaS industry. However, you can negotiate carve-outs that place certain obligations outside the cap: specifically, data breach/security incident obligations, indemnification obligations, and intellectual property claims. Push for a 2× or 3× multiplier on the standard cap (e.g., liability capped at 24 or 36 months of fees rather than 12). And require Salesforce to maintain cybersecurity insurance at specified minimums, with your organisation named as an additional insured or loss payee for data-related claims.
Term 8: Data Ownership, Portability, and Post-Termination Access
Salesforce’s default (MSA §11): Upon request made within 30 days after termination, Salesforce will make customer data available for export. After 30 days, Salesforce has no obligation to maintain or provide any customer data and will delete or destroy all copies.
Thirty days is an extraordinarily short window for a large enterprise to export years of CRM data, including custom objects, attachments, files, historical records, and metadata. If your data extraction process encounters delays—and for complex Salesforce orgs with millions of records, delays are almost certain—you risk permanent data loss after the 30-day window closes.
What to negotiate: Extend the post-termination data access period to 180 days minimum. Require Salesforce to provide data in standard, machine-readable formats (CSV, JSON, or XML) without incremental charges. Add a provision that Salesforce will provide reasonable technical assistance during the data export process. Include a commitment that Salesforce will certify in writing that all customer data has been deleted or destroyed within 90 days of your written request following the access period. For organisations with GDPR obligations, ensure the data retrieval provisions align with your data processing records and right-of-access requirements.
Term 9: Audit Rights and Compliance Verification
Salesforce’s default: The MSA grants Salesforce the right to audit customer usage to verify licence compliance. Unlike Oracle or SAP, Salesforce does not typically deploy third-party audit firms, but it enforces compliance commercially through platform telemetry, True-Up provisions, and renewal-time usage reviews.
What to negotiate: Limit formal audits to no more than once per 12-month period. Require 30 days’ advance written notice before any audit. Restrict audit scope to the specific products and entitlements under review, not your entire Salesforce estate. Ensure any disputed findings are subject to an independent third-party arbitration process rather than Salesforce’s unilateral determination. And add a provision that audit costs are borne by Salesforce unless the audit reveals non-compliance exceeding 5% of contracted quantities.
Term 10: Intellectual Property Indemnification
Salesforce’s default: Salesforce indemnifies the customer against third-party claims that the Salesforce service infringes their intellectual property rights. The customer indemnifies Salesforce for claims arising from the customer’s data, content, or use of the service.
The standard IP indemnity is generally favourable to customers, but contains limitations that are worth understanding. If Salesforce cannot resolve an IP infringement claim, it reserves the right to modify the service (potentially removing functionality you depend on) or, as a last resort, terminate your contract and refund prepaid, unused fees. The customer-to-Salesforce indemnity is broader than it appears—it covers not just illegal content but also how you configure, integrate, and deploy the platform.
What to negotiate: Ensure Salesforce’s indemnification obligations are outside the general liability cap—if Salesforce’s product infringes a patent and you are sued for $10 million, you do not want Salesforce’s defence obligation capped at your annual licence fee. Narrow your indemnity to Salesforce by limiting it to knowing and intentional misuse rather than any use that happens to trigger a third-party claim. And add a provision requiring Salesforce to give you 12 months’ notice before any termination-as-remedy for IP issues, providing adequate time to migrate.
Term 11: M&A, Divestiture, and Entity Change Provisions
Salesforce’s default: The MSA’s definition of “Affiliate” covers entities you control (>50% ownership). When you acquire a new entity, that entity is not automatically covered by your existing contract. When you divest an entity, its Salesforce users cannot take their licences with them without Salesforce’s agreement.
For M&A-active organisations, this creates significant commercial exposure. An acquisition may require you to purchase entirely new licences for the acquired entity at whatever Salesforce’s current list price is, rather than extending your existing discounted rates. A divestiture may leave you paying for licences you no longer need because the divested entity’s users were counted in your minimum commitment.
What to negotiate: Add explicit M&A protection clauses that permit acquired entities to be added to your agreement at your existing per-unit rate. Include divestiture provisions allowing proportional licence count reductions when business units are sold or spun off. Establish a 12-month transition period following any material corporate transaction during which licence adjustments can be made without penalty. And ensure change-of-control provisions do not give Salesforce the right to terminate or renegotiate pricing simply because your organisation’s ownership structure changes.
Term 12: Governing Law, Dispute Resolution, and Jurisdiction
Salesforce’s default: For US customers, the MSA is typically governed by California law with disputes resolved in San Francisco courts. For international customers, governing law varies by contracting entity (e.g., English law for EMEA contracts with Salesforce UK Limited).
Governing law and jurisdiction provisions are often overlooked but carry real consequences if a dispute arises. Litigating against Salesforce in San Francisco, where Salesforce is headquartered and employs a substantial number of local legal professionals, is not the same as litigating in your home jurisdiction.
What to negotiate: If your organisation is large enough to have leverage, request governing law aligned with your principal place of business. Add a mandatory mediation step before any litigation, which reduces cost and often produces faster resolution. For international organisations, ensure the governing law and dispute resolution venue are consistent across all order forms and addenda, preventing a situation where different parts of your Salesforce relationship are governed by different legal frameworks. And for regulated industries, ensure the contract terms are compatible with your regulatory obligations for vendor oversight, data handling, and operational resilience.
The terms of your Salesforce contract determine your cost trajectory, your operational risk exposure, and your negotiation leverage at every future renewal. Every hour invested in contract term negotiation before you sign pays back over the full life of the agreement.