Insights

One thing I've learned redlining enterprise SaaS agreements: the security addendum is where deals go to die.

Not because the terms are unreasonable — but because legal and security aren't talking to each other. Legal sends back aggressive positions. The customer's security team flags controls that don't match. And suddenly a deal that was "almost done" is in its third month.

The fix isn't more redlines. It's aligning your security addendum with what your team actually does. Map your contractual commitments to your real controls. Remove aspirational language. Be specific.

I did this for a client recently and it cut their contract cycle time by about 30%. Not because we gave away positions — because we stopped fighting over things that didn't reflect reality.

If your SaaS deals keep stalling at the security addendum stage, the problem probably isn't your counterparty.

A question I get from founders: "We're spending too much on outside counsel for routine contracts. What do we do?"

Usually the answer isn't "hire an in-house lawyer." It's "build the right templates first."

I worked with a cloud services company that was sending every MSA, SOW, and order form to outside counsel for drafting. Each one was a mini-project. Costs added up fast.

We built a template suite — MSA, SOW, order form — with a negotiation playbook that mapped out standard positions and pre-approved fallbacks. Their team could handle routine deals themselves and only escalate the unusual ones.

Result: external legal spend dropped by about 40% over six months. And deals moved faster because nobody was waiting on outside counsel availability.

You don't need a massive CLM system to do this. You need good templates, clear guidance on what's negotiable, and a process that lets your business team say "yes" without calling a lawyer every time.

Your team wants to use a new AI tool. The vendor says "don't worry, we don't train on your data."

Cool. But is that in the contract?

I recently evaluated an LLM vendor for a client. The marketing said all the right things. The terms of service told a different story.

Here's what we negotiated before approving it for even a limited rollout: explicit "no training on client data" language (not just a FAQ — in the agreement), defined deletion SLAs with actual timelines, audit rights scoped to data handling practices, and narrow telemetry permissions — only what's needed for service delivery.

None of this was unreasonable. The vendor agreed to all of it. But none of it was in the default terms.

If your team is adopting AI tools based on marketing promises rather than contractual commitments, that's a gap worth closing — especially before your own customers start asking about it in their due diligence.

People ask me what a fractional GC actually does day-to-day. Here's the honest answer: it depends entirely on what the company needs.

Some weeks I'm deep in redlines — MSAs, SOWs, DPAs, vendor agreements. Other weeks I'm building a contract playbook from scratch so the sales team can close deals without waiting on legal. Sometimes I'm reviewing an AI vendor's terms, or updating privacy policies for a customer security review.

The common thread: I'm doing the work a full-time GC would do, but right-sized for companies that aren't ready for (or don't need) a full-time hire.

What I've found is that most scaling companies don't have a "legal problem." They have a "no one is connecting legal to the business" problem. Contracts pile up. Templates are outdated. The CEO is signing things that haven't been reviewed. And by the time they realize they need help, they're already behind.

A fractional GC isn't a stopgap. For a lot of companies in the 20-200 employee range, it's the right model — period.

If you're a founder wondering whether you need a full-time GC or just need someone who can get your legal house in order, I'm happy to chat.