Legal · Legal agreements

Are software source code escrow agreements practical?

Richard Pridham Investor, President & CEO at Retina Labs

October 21st, 2016

We are in negotiations for a large provincial deployment of our telehealth solution. Since we're still a small company and as an additional level of assurance, I'm wondering if it's a good idea to offer them the possibility of a source code software escrow agreement. I've heard that these arrangements exist whereby the vendor agrees to put its source code in escrow with a 3rd party (i.e. lawyer of the client's choosing) to assure them that if you go out of business, they can take ownership of your code so far as it pertains to their instance and data. We might offer this only if it makes practical sense and they assume all the legal costs. 

Comments? 

Joe Valof Independent General Counsel [IGC]

October 30th, 2016

Hi, just wanted to supplement the above discussions with my 4 cents, I have drafted and negotiated many, many ESCRO arrangements, and the 2 most critical business/legal issues are: the trigger events, and the customer does not take title to the source code, but gets a license to use for their internal purposes only. The source code is a very valuable asset and when the company goes bankrupt that asset can then be sold to pay off creditors. So never give up title to the source code to anyone. 

Lee Mangold Helping Secure Businesses w/ Practical Cybersecurity Solutions | CEO - GoldSky Security | Cybersecurity Professional

October 21st, 2016

It's not necessarily a BAD idea, but I've personally never heard of it. You may find issue with licensing, though. For example: If they use an open-source library, can they really escrow that? I'm not sure it matters, but there are likely some lawyers who would disagree... I would also make sure that any developer documentation is a part of the escrow.

(On a side note: We work with healthcare companies, law firms, software development startups, etc... on cybersecurity. If you're interested in the conversation around HIPAA and software engineering, shoot me a message).

Alex Alanson Corporate, Small Business and Business Affairs/Legal Advisor

October 21st, 2016

Don't bother using a lawyer (and I speak as one/a recovering one). Use an escrow agent if you're going to do this, such as NCC. The process is simple, the docs are straightforward, and I don't think its too expensive.
I have done this a couple of times with large corporates who get a bit touchy about dealing with start-ups.
You have a great site and product offering BTW. If you ever want to take the next step into an AR-based solution then let me know!

Richard Pridham Investor, President & CEO at Retina Labs

October 21st, 2016

Thanks.

Alex, I'll look into NCC. BTW what's an "AR-based solution"?

Alex Alanson Corporate, Small Business and Business Affairs/Legal Advisor

October 21st, 2016

Augmented reality. 

Richard Pridham Investor, President & CEO at Retina Labs

October 21st, 2016

Thanks Alex. I should have know that!

Alex Alanson Corporate, Small Business and Business Affairs/Legal Advisor

October 21st, 2016

You're very welcome! Its a strange business with lots of ridiculous acronyms.
http://www.indestry.com/blog/2016/10/20/9-essential-terms-you-need-to-know-in-augmented-and-virtual-reality

Simon Bain CEO SearchYourCloud Inc.

October 21st, 2016

Richard hi. I run a small software company and have placed the code in to ESCROW many years ago for a customer. At the time we made the cost part of the deal structure. So we paid part and the customer paid part. Since then I have been able to use the ESROW as part of my sales negotiations. There are some things to look out for. Cost (I have decided to come back in my next life as either a patent attorney or an ESCRO agent), these can be ongoing or at least every software update. Also you have to ask is it worth it. In my case with this customer it was a requirement, but most of my customers do not care, as long as they know they are able to have access to the dev team in the future they are happy. Simon

Richard Pridham Investor, President & CEO at Retina Labs

October 21st, 2016

Thanks Simon. We'd make this an option for the client but it would be at their expense. The RFP did not require any escrow provisions. As a practical matter, I'm wondering if we even need an escrow agent. We could simply give them a copy of our code (at contract start and after major updates) with an agreement that they will be the custodians of said code and could only use it for their own use in the event the company went out of business. In our case, the client is the provincial government.

Simon Bain CEO SearchYourCloud Inc.

October 21st, 2016

Hi, I would never give a copy of the code to a customer, purely because you do not know what will happen to it. The code is your business. Most hacks are internal, not web based. Meaning that a disgruntled employee got a bit pissed with their boss and stole a lot of data. This could be your code, then your business would suffer. This is where ESCRO works well, as nobody but you has access to the code unless an event happens that allows it to be opened. Simon