Legal · Legal agreements

Are software source code escrow agreements practical?

Richard Pridham Investor, President & CEO at Retina Labs

October 21st, 2016

We are in negotiations for a large provincial deployment of our telehealth solution. Since we're still a small company and as an additional level of assurance, I'm wondering if it's a good idea to offer them the possibility of a source code software escrow agreement. I've heard that these arrangements exist whereby the vendor agrees to put its source code in escrow with a 3rd party (i.e. lawyer of the client's choosing) to assure them that if you go out of business, they can take ownership of your code so far as it pertains to their instance and data. We might offer this only if it makes practical sense and they assume all the legal costs. 

Comments? 

Simon Bain CEO SearchYourCloud Inc.

October 21st, 2016

Hi, I would never give a copy of the code to a customer, purely because you do not know what will happen to it. The code is your business. Most hacks are internal, not web based. Meaning that a disgruntled employee got a bit pissed with their boss and stole a lot of data. This could be your code, then your business would suffer. This is where ESCRO works well, as nobody but you has access to the code unless an event happens that allows it to be opened. Simon

Joe Valof Independent General Counsel [IGC]

October 30th, 2016

Hi, just wanted to supplement the above discussions with my 4 cents, I have drafted and negotiated many, many ESCRO arrangements, and the 2 most critical business/legal issues are: the trigger events, and the customer does not take title to the source code, but gets a license to use for their internal purposes only. The source code is a very valuable asset and when the company goes bankrupt that asset can then be sold to pay off creditors. So never give up title to the source code to anyone. 

Lee Mangold Helping Secure Businesses w/ Practical Cybersecurity Solutions | CEO - GoldSky Security | Cybersecurity Professional

October 21st, 2016

It's not necessarily a BAD idea, but I've personally never heard of it. You may find issue with licensing, though. For example: If they use an open-source library, can they really escrow that? I'm not sure it matters, but there are likely some lawyers who would disagree... I would also make sure that any developer documentation is a part of the escrow.

(On a side note: We work with healthcare companies, law firms, software development startups, etc... on cybersecurity. If you're interested in the conversation around HIPAA and software engineering, shoot me a message).

Alex Alanson Corporate, Small Business and Business Affairs/Legal Advisor

October 21st, 2016

You're very welcome! Its a strange business with lots of ridiculous acronyms.
http://www.indestry.com/blog/2016/10/20/9-essential-terms-you-need-to-know-in-augmented-and-virtual-reality

Ren FRSA CEO - Zymge

October 23rd, 2016

I've consulted for a number of large organisation / government clients and software ESCRO has been a standard and necessary part of the deal with small providers. There has been co-payment for it, though the buyer knows they are paying 100% as the costs are passed on, which is always worth it as it's a tiny cost compared to grief if the small companies goes under. The trigger for the ESCRO being that the small company either goes out of business or, more tricky to define in law, is basically non-functioning from any practical point of view. I think I've always used NCC, they seem to be brand leader in this space. 

Nathalie Salami Founder and Chief Legal Officer at HitFin

October 23rd, 2016

Hello, I have Hitfin's source code in escrow. A potential customer asked for the source code and stated that they have a strong preference for open source solutions. The compromise was for us to put our source code in escrow in case my startup goes out of business or gets acquired. The cost to us was minimal ($1,000) and the client covered it. Feel free to PM me if you want more information. Best, Nathalie Salami, Attorney At Law NAGLAW 660 4th street #216 San Francisco, CA 94107 (415) 475-9465 ----------- This message and its attachments are sent from a law firm and may contain information that is confidential and protected by privilege from disclosure. If you are not the intended recipient, you are prohibited from printing, copying, forwarding or saving them. Please delete the message and attachments and notify the sender immediately.

Richard Pridham Investor, President & CEO at Retina Labs

October 21st, 2016

Thanks.

Alex, I'll look into NCC. BTW what's an "AR-based solution"?

Lester de Souza Building community for entrepreneurs

October 22nd, 2016

Richard, from your initial language it would seem you are not in the US.  Possibly Canada.  If you are in Canada, there are some relevant distinctions from the US.   This would be pertinent to the RFP and subsequent obligations.  It would seem that you could include a lawyer on your own team.  The lawyer could be tasked with holding the code in trust.   There are compensation options that could be designed in to the arrangement which could be mutually beneficial and serve the purposes you have.  

Richard Pridham Investor, President & CEO at Retina Labs

October 21st, 2016

Thanks Alex. I should have know that!

Richard Pridham Investor, President & CEO at Retina Labs

October 21st, 2016

Thanks Simon. We'd make this an option for the client but it would be at their expense. The RFP did not require any escrow provisions. As a practical matter, I'm wondering if we even need an escrow agent. We could simply give them a copy of our code (at contract start and after major updates) with an agreement that they will be the custodians of said code and could only use it for their own use in the event the company went out of business. In our case, the client is the provincial government.