The questions to ask before you sign any software contract — covering pricing, security, data, integrations, GDPR compliance, and exit clauses. Use in-browser, mark off as you go, and print when done.
| Question | Status | Notes / Answer |
|---|---|---|
What is the total cost of ownership, including all users, modules, and add-ons you'll actually use? Quoted pricing is often the base tier. Implementation, training, premium integrations and additional user seats can double the real cost. |
||
Is pricing billed in GBP? If not, who bears the currency risk? Many SaaS tools price in USD. A 15% exchange rate shift can materially change the cost of a multi-year contract. |
||
What is the minimum contract term? Is there a monthly option? Annual contracts often offer a discount but lock you in. Monthly gives flexibility during implementation and if the tool doesn't deliver. |
||
What are the price escalation terms on renewal? Some vendors cap annual increases; others reprice at will. Understand what you're agreeing to in year two and beyond. |
||
Are there usage limits (API calls, storage, automations) that could trigger overage charges? Automation-heavy platforms in particular can hit limits at scale. Confirm what "unlimited" actually means in the contract. |
| Question | Status | Notes / Answer |
|---|---|---|
Where is data stored? Is it held within the UK or EEA? Under UK GDPR, transfers outside the UK/EEA require additional legal safeguards. Many US vendors store data in the US by default. |
||
Is the vendor willing to sign a Data Processing Agreement (DPA) naming you as data controller? Required under UK GDPR if the vendor processes personal data on your behalf (e.g. employee data, shift records, contact details). |
||
What security certifications does the vendor hold? (ISO 27001, SOC 2 Type II, Cyber Essentials Plus) Certifications demonstrate an independently verified security posture. Absence of any certification should prompt further questions. |
||
Does the vendor have a published SLA for uptime? What is the remediation process for downtime? 99.9% uptime = ~8.7 hours downtime per year. For 24/7 warehouse operations, planned maintenance windows and incident response matter. |
||
What does the vendor do with your data in the event of a breach? What is their notification timeline? UK GDPR requires you to notify the ICO within 72 hours. You need to know the vendor's process to meet that obligation. |
||
Does the vendor use your data to train AI models? Can this be opted out of? Increasingly relevant as SaaS tools incorporate AI features. Worth clarifying in writing, especially if your data is commercially sensitive. |
| Question | Status | Notes / Answer |
|---|---|---|
Is there an implementation or onboarding fee, and what does it include? Some vendors charge for onboarding that consists of a few Zoom calls. Understand exactly what resource you're getting. |
||
What is the support model and response time for your tier? Is there UK-hours support? 24/7 support for a US-based team may mean limited UK-hours coverage. Critical for operations that run early/late or night shifts. |
||
How long does a typical implementation take for an operation like ours? Ask for customer examples similar to your size and sector. "A few days" often becomes weeks when you factor in data migration and change management. |
||
Is training included? How is it delivered, and for how many users? Training caps or limits often appear in small print. For frontline operations with high staff turnover, ongoing training access matters. |
||
Can you speak to two or three existing customers in a similar sector before signing? Vendor-provided references are always positive. Ask to speak to a customer who had implementation challenges to understand how the vendor responded. |
| Question | Status | Notes / Answer |
|---|---|---|
Does the tool integrate natively with your existing systems? (WMS, payroll, ERP, TMS) Integrations listed on a marketing page may be via Zapier or third-party middleware, not native. Confirm what "integration" means in practice and who maintains it. |
||
Is there a public API? What are the rate limits and authentication methods? Important if you have an in-house technical team or want to build custom automations. Rate limits affect what's feasible at volume. |
||
How is data migration handled? Can you import existing data (employees, historical records, open actions)? Starting from scratch is a significant burden. Understand what migration support is provided and in what format data needs to be supplied. |
||
What mobile device requirements are there? Is the app available on both iOS and Android? Frontline warehouse and logistics teams use a mix of devices. An iOS-only solution creates an immediate barrier for Android users. |
| Question | Status | Notes / Answer |
|---|---|---|
Is the vendor profitable or well-funded? Are there any signals of financial instability? VC-backed SaaS companies can shut down or be acquired with little notice. For critical operational tools, vendor stability matters. |
||
What features are on the product roadmap in the next 12 months? Useful for understanding whether the platform is moving towards or away from your use case. Ask what has shipped in the last 12 months as a credibility check. |
||
How does the vendor handle sunset or deprecation of features you depend on? Features get retired. Understanding the advance notice and migration path prevents nasty surprises mid-contract. |
| Question | Status | Notes / Answer |
|---|---|---|
Can you export all your data? In what format, and how long does it take? Data portability is a UK GDPR right. Some vendors make export genuinely difficult or time-limited. Clarify before you start importing data. |
||
What happens to your data after contract termination? When is it deleted? GDPR requires you to know how long data is retained after offboarding. Indefinite retention of employee data is a compliance risk. |
||
What are the early termination clauses? Is there a penalty for ending the contract before renewal? Annual contracts often include early exit penalties or require full-year payment on termination. Read this before signing. |
How to use this checklist: Work through each question with your vendor before signing. Mark items as Confirmed (you have a satisfactory written answer), Outstanding (still to be resolved), Concern (answer raises a red flag), or N/A. Print the completed checklist as a record of due diligence.
Looking for specific tool comparisons? See our comparison guides for head-to-head breakdowns of the leading operations platforms, or browse our reviews for in-depth individual assessments.
