Contract review and signature authority policy

Effective and last modified April 21, 2022

The purpose of this policy is to help you direct your contracts to the right team or teammate to review, approve, and sign.

This policy covers the following types of contracts:

  1. NDAs
  2. Customer contracts
  3. Vendor contracts
  4. Partner contracts

If you are not sure where to direct a contract for review, approval, or signature, you can reach out to the legal team.

How to submit requests for review

Legal:

  • legal@sourcegraph.com
  • For general legal requests or questions, please use the #legal slack channel.
  • For Customer contracts, please submit request via the #deal-desk slack channel.
  • For Vendor contracts, please submit requests via the #vendor-requests slack channel.

Give us about 1 business day to acknowledge receipt and give you an estimated turnaround time. If you don’t hear back from us in about 1 business day, follow up to make sure we saw your request. If your request is time-sensitive, let us know the ideal turnaround time.

Deal Desk:

  • dealdesk@sourcegraph.com
  • For Customer Contracts (OF, MSA and other approvals), please submit requests via the #deal-desk slack channel.
  • For process guidance or deal structuring information, please use the #deal-desk channel or contact us through email.

Finance:

If you submit a request via #legal or #finance slack channels, no need to duplicate your request in each channel. You can just post your request in one channel and tag the other team.

What to include in your requests

NDAs

Send Sourcegraph’s form NDA whenever possible.

  1. Nature of business opportunity (prospective customer, vendor, partner)
  2. Approximate contract value

SLAs—Turnaround time for legal review:

  • Sourcegraph Form: 2 business days
  • Third-party Form: 3 business days

Customer contracts

Order forms

  1. Link to document in GDrive
  2. Customer Name
  3. Product Sold (Search, batch changes, etc.)
  4. Deployment Method (On Prem, Cloud, Offline, M.Inst.)
  5. Contract Type (New deal, Renewal, Expansion)
  6. Approximate contract value
  7. Required timing for review
  8. Other helpful context

SLAs—Turnaround for Deal Desk review:

  • Sourcegraph Form: 1 business days
  • Customer Form: not accepted, requires a legal-to-legal call if customer pushes back
  • EOQ: Deal Desk will attempt to expedite reviews in the last week of the quarter

MSAs

  1. Deployment method: On Prem, Cloud, Managed instance, or Offline
  2. Deal value: annual contract value
  3. Logo rights: are you negotiating for logo rights?
  4. Timeline: flag any special timing needs

SLAs—Turnaround for Legal review:

  • Sourcegraph Form: 3 business days
  • Customer Form: not accepted, requires a legal-to-legal call if customer pushes back
  • EOQ: Legal will expedite reviews at end of quarter. Priority to higher ACV deals.

Vendor contracts

Please see our Vendor Request Process page for more details on how to raise a vendor request.

Partner contracts

  1. Purpose of the contract (1–2 sentences)
  2. Data: Confirm whether the vendor will access customer data, teammate data, or other sensitive data
  3. Fees: If the contract includes fees payable by or to Sourcegraph, include written approval from the VP Budget Owner
  4. Marketing rights: Propose any changes to the marketing, publicity, and logo terms or confirm that you have no changes
  5. Responsibilities and Restrictions on Sourcegraph (for product integrations): Propose any changes or confirm that you have no changes
  6. Any other relevant context

SLAs—Turnaround time for legal review:

  • 7 business days
  • EOQ: expect delays during the last two weeks of each sales quarter

What to do when the contract is fully signed

Save a copy of the fully signed contract in (1) the appropriate Google Drive folder and (2) Salesforce (for customer contracts):

For example, save customer contracts as Customer-OF and MSA. Save NDAs as Customer-NDA-.

For click-through agreements, forward confirmation emails to legal@sourcegraph.com. If none, then email legal@sourcegraph.com confirming that you accepted the click-through terms.

For Salesforce, complete the opportunity with the following steps: 1) go to the opportunity and click on the “Files” link near the top of the page. On the far right of the “Files” page is “Add Files”. 2) Go back to the opportunity and at the top right click the “Add Products” link. Fill out the info in the link and pay attention to the monthly/yearly period options so that they are consistent. 3) Go back to the opportunity and complete the other fields in the opportunity as follows: switch the Stage to “7 - Closed Won”; next scroll down to the “Financial Details” and “Opportunity Close Out” sections and add the appropriate “ACV”, “Closed Won Reason”, “Start of Contract” and “End of Contract”. Save and you should be done.

Who reviews, approves, and signs each contract type

NDAs (for customers, vendors, partners)

  • Sourcegraph Form - Standard Terms (watch this 3-min Powerform NDA Tutorial) or share our pre-signed NDA (no redlines)

    • Review: None
    • Approve: None
    • Sign: Director of Legal, VP, or Director

  • Sourcegraph Form - Non-standard Terms (redlined)

    • Review: Legal
    • Approve: Legal
    • Sign: Director of Legal, VP, or Director

  • Third-party Form

    • Review: Legal
    • Approve: Legal
    • Sign: Director of Legal, VP, or Director

Do we already have a signed NDA in effect? Check the NDAs folder.

Customer contracts (master agreements, order forms, SOWs)

  • Sourcegraph Form - Standard Terms (no redlines)

    • Review: None
    • Approve: None
    • Sign: Financial Controller (Back-Up Signers: Director of Legal and VP Operations)
    • Stamp: Deal Desk

  • Sourcegraph Form - Non-standard Terms (redlined)

    • Review: (a) Deal Desk who may escalate to Legal, Finance and Customer Engineer for review as required.
    • Approve: (a) Deal Desk who may escalate to Legal and Finance for approval as required.
    • Sign: Financial Controller (Back-Up Signers: Director of Legal and VP Operations)
    • Stamp: Deal Desk

  • Customer Form

    • Review: (a) Legal (b) Deal Desk and (c) Customer Engineer (CE) for security addenda or questionnaires
    • Approve: (a) Legal (b) Deal Desk and (c) Finance for any non-standard terms
    • Sign: Financial Controller (Back-Up Signers: Director of Legal and VP Operations)
    • Stamp: Deal Desk

Templates:

Vendor contracts (Sourcegraph pays a third party for products or services)

  • Sourcegraph Form - Standard Terms (no redlines)

    • Review: None
    • Approve: (a) VP Budget Owner and (b) Finance for any purchases outside of the team budget and contracts requiring Finance approval per Paying Bills
    • Sign: VP Budget Owner or VP Finance/Operations

  • Sourcegraph Form - Non-standard Terms (redlined)

    • Review: (a) Finance for changes to fees, termination, or tax terms and (b) Legal for any other changes
    • Approve: (a) VP Budget Owner and (b) Finance for any purchases outside of the team budget and any contracts requiring Finance approval per Paying Bills
    • Sign: VP Budget Owner or VP Finance/Operations

  • Vendor Form (including online click-through agreements):

    • Review: (a) Legal (if necessary, based on the below Legal Review Workflow) and (b) Finance for payment terms such as fees, termination, and tax terms
    • Approve: (a) VP Budget Owner and (b) Finance for any purchases outside of the team budget and any contracts requiring Finance approval per Paying Bills
    • Sign: VP Budget Owner or VP Finance/Operations

Templates:

  • Is legal review necessary?
    • If (1) no personal data or sensitive data and (2) annual contract spend is projected to be <$100,000 per year, no legal review.
  • Does the vendor access, collect, or receive any customer data (including customer code, repo names, pings or personal data of customer personnel)?
    • Get a DPA
    • Flag to legal@sourcegraph.com or the #legal Slack channel to update the subprocessor list and notify customers who have signed up for updates of new subprocessor
  • Does the vendor access, collect, or receive any personal data of Sourcegraph personnel (for example, will our teammates create an account to log in)?
    • Personal data typically includes usernames or email addresses, but can also include any other information that can be used to identify an individual: name, title, personal address, location data, physical characteristics, etc.
    • Get a DPA
  • Does the vendor access one of the following types of sensitive data?
    • Sensitive security information (e.g. incident data, security logs, authentication)
    • Core IT infrastructure (e.g. GCP, AWS, customer data storage)
  • IF ANY OF THE ABOVE, legal to review and negotiate
    • Indemnification for data breach/confidentiality breach
    • Uncapped liability for indemnification
    • Sample language is available in our Vendor Review Playbook
  • Examples of contract types that generally do not require legal review
    • One-off team trainings that do not involve the provision of personal data
    • Events and conferences
    • Hotels

Partner contracts (for product integrations, joint-marketing, and other partnerships with third parties)

  • We don’t have Sourcegraph forms for partner contracts yet
  • Partner Form (including online click-through agreements)
    • Review: Legal
    • Approve: VP and Finance
    • Sign: Director or VP

Changes and delegation authority

Changes to the signing authorities above require written approval by the CEO.

Exception: for vendor and partner contracts, authorized signers may delegate such authority to teammates in manager-level roles or above, in writing with a copy to legal@sourcegraph.com.