The article originally appeared in LegalTech News on October 26, 2021. It is republished here with permission.
When it comes to addressing legal and privacy issues, to date there has been little distinction between PLG and traditional SaaS companies. But in fact, PLG companies will encounter unique legal and privacy hurdles that should be tackled early.
In the last few years, the way people and businesses purchase SaaS and other subscription-based products has shifted significantly towards the consumerization of these B2B products. Increasingly, end-users of the product are leading purchase decisions. This growth model has been called “product-led growth” (PLG) and has become a hot topic of discussion among founders, investors, and the broader tech community.
As counsel to many SaaS companies, I have witnessed this shift firsthand. Yet, when it comes to addressing legal and privacy issues, to date there has been little distinction between PLG and traditional SaaS companies. PLG companies are seen as SaaS companies for legal purposes, when, in fact, PLG companies will encounter unique legal and privacy hurdles from a traditional SaaS company. Below I am going to share some best practices (hacks) to navigating PLG-specific legal and privacy issues.
Product-led growth is defined as a go-to-market strategy that relies on a company’s product as the main vehicle to acquire, activate, and retain customers. In contrast to traditional sales-led SaaS companies, product-led companies subverts this sales model by leading with product access for the buyer; thereafter the product drives purchases. Some highly successful examples of PLG models are Slack, Calendly and Dropbox.
A hallmark of PLG is to efficiently drive customer acquisition, conversion, and expansion. In a traditional SaaS company, each of these checkpoints will require legal and compliance approval. In many cases, the process for getting deals through legal and compliance will be very lengthy and involve numerous stakeholders.
For PLG companies, lengthy legal reviews or compliance diligence can easily hamstring product-led growth. In order to achieve “viral” growth and customer acquisition, PLG companies must find a way to significantly accelerate the process of meeting legal and compliance requirements.
Unlike traditional SaaS companies, where standard practice may be to negotiate through a Word document legal contract, PLG companies as a default should endeavor to use click-through agreements embedded in their product platform and account sign-up process. When properly configured, these click-through agreements will have the same legal effect as signing a Word legal contract but avoid much legal back and forth.
In many cases, PLG companies will make their customer-facing agreements accessible digitally at a link in the platform or available on their web app. Doing so will allow the PLG company to easily push through updates to their contract terms. In contrast, a traditional SaaS company may need to manually execute amended agreements with every customer if they want to make a general update.
Typically during legal review, the customer’s legal counsel will ask questions about legal and compliance concerns specific to the company’s product. PLG companies can circumvent this process by providing copious informative resources, such as a FAQ or other customer education materials, and make this easily accessible to customers.
Doing so can also help PLG companies meet their notice and disclosure obligations under prevailing privacy laws, which require companies to make certain disclosures about their privacy practices.
Many PLG companies will offer a free trial to new customers, which convert to a paid subscription at the end of the free trial term. This type of automatically renewing subscription is now regulated under many US state consumer protection laws, which include requirements for companies to make certain disclosures to their users.
Additionally, many states are passing privacy laws banning the use of “dark patterns”. Dark patterns are manipulative or deceptive practices built into user interfaces by developers that have the effect, intentionally or unintentionally, of obscuring, subverting, or impairing consumer autonomy, decision-making, or choice. In trying to achieve “viral” customer growth, PLG companies should be careful not to utilize dark patterns, which are increasingly unlawful, in their user interface and product.
SaaS companies these days are facing increasing amounts of data risk exposure and liability. Not only are regulatory consequences for data breaches increasing, there has been a proliferation of bad actors attempting to exploit data vulnerabilities. For PLG companies, this risk is exponentially greater if the company achieves growth at the desired scale.
When designing their systems, processes, and products, PLG companies should consider implementing privacy by design through each stage. Doing so can significantly mitigate data liability faced by the company. PLG companies who achieve privacy by design can also market this as a product differentiator to accelerate customer acquisition and increase retention.
For PLG companies, any operational gaps will be felt more acutely especially if the goal is to achieve viral customer acquisition and growth. As such, in addition to the legal documentation and design best practices noted above, PLG companies should pay special attention to their underlying legal operations and processes.
A disciplined approach to legal operations and process will help PLG companies accelerate customer acquisition while mitigating legal risk. PLG companies who do not have robust legal operations and processes will often find that, if they are able to achieve viral growth, their legal and compliance gaps will multiply exponentially and may later require significant effort to correct. In some cases, accumulated legal and compliance oversights could put the company at risk and impact fundraising and exit prospects.