Get to know OutSystems Master Subscription Agreement

You can purchase (i) a license to use the OutSystems platform to develop applications, (ii) professional services to help you develop those applications, or (iii) both a license and services. We ensure that our solutions are secure, resilient, cloud-ready, and built to scale. OutSystems is a modern platform that makes it fast and easy to develop applications that transform customer experiences, deliver workplace innovation, automate processes, and modernize mission-critical systems. The applications are developed by you, and all of the content and data in the applications come from you. You decide what applications you want to build and, therefore, you are the owner and responsible legally for the applications and their operation.

If you would like to know more about us, please visit our website here.

Most of our customers’ templates are drafted for the provision of general services or for the provision of tangible goods that are different from what OutSystems provides. These templates often require extensive redlining as they are drafted for all kinds of purchases, such as computer hardware or off-the-shelf software. Our experience is that negotiating a customer’s template agreement takes over 90 days longer than using our MSA, because there are often extensive terms and conditions that need to be added or removed for the customer’s template to accurately reflect OutSystems’ specific products and services.

OutSystems’ MSA is a customer-friendly and fairly-written agreement that reflects extensive research into market-standard contracting terms for our type of software. It has been carefully tailored for what OutSystems provides, covering all terms and conditions necessary for the correct usage of both our software and professional services. It also proactively reflects the most common requests we have received from our customers over time.

Yes. OutSystems’ products are constantly improving, and new upgrades are likely to be released after you have purchased a subscription. As per section 2.3 of the MSA, if a new upgrade is released during your subscription term and you are up to date with payments terms, all upgrades will be made available to you free of any additional cost. If you deploy our software on your premises and the software version is an old one, the upgrades might be necessary for you to keep using the subscription without any bugs. If your subscription is hosted on our cloud, we can upgrade the software on your behalf.

Yes, OutSystems provides different levels of support and service level agreements. You can purchase the level that fits your needs, depending on the availability and service credits you would like to have during your subscription term. Support terms are not negotiable because they reflect the standard operating principles we use to service all of our customers, according to the support levels purchased.

OutSystems is the exclusive owner of the software and the methodologies and assets used to provide professional services. On the other hand, the applications you build – or that we build specifically for you as deliverables - are your intellectual property.

Although you own the intellectual property rights in the applications and all the content and data which you provide in the applications remain yours, while those are running on OutSystems software we have a license to access, host and process your applications and your content to properly provide support and updates, and to operate, manage and improve the software. Once you detach your applications, you can do whatever you want with them. For more information on the detachment, please refer to item 11.

All web and mobile applications built using OutSystems are protected by default from top security threats. OutSystems’ platform is designed to secure applications as it (i) automatically incorporates the latest security features into all your applications; (ii) encrypts data at rest or integrating with identity management systems; and (iii) includes role-based access to ensure only the right team members have access to change and deploy applications. We provide a dedicated computer security incident response team for managing security threats 24/7 and proactively monitor reputable industry sources for newly-discovered security vulnerabilities.

Regarding personal data, OutSystems acts as the data processor of your personal data if your subscription is hosted on our cloud. We only have access to and process the personal data that you provide to us. This means that you are in control of what personal data is processed by OutSystems, since you have the power to decide which personal data (if any) your applications will collect. We have a very standard Data Processing Agreement (DPA) that establishes the rules under which OutSystems processes personal data. It deals with the product and services provided by OutSystems and is part of the MSA. We use appropriate technical, organizational, and administrative security measures to protect the personal data we process on your behalf against accidental or unlawful loss, misuse, unauthorized access, disclosure, alteration, and destruction.

OutSystems’ security measures are continually improved in line with technological developments. If you are interested, please click on the links to find more information about OutSystems’ security.

Our security controls and privacy standards are drafted and implemented by design to best protect our platform and your applications. We implement security industry standard best practices and manage security to allow you to focus primarily on your business while we protect your information and applications from threats. Security controls are applied in every layer to ensure that customer applications and data are isolated from those of other customers. Additionally, our data centers have multiple layers of operational and physical security to ensure the integrity and safety of our customers’ data. The data centers are managed and supported 24 hours a day, 7 days a week, 365 days a year.

OutSystems software is an off-the-shelf platform, so we provide the same security service to all our customers and it is not possible to tailor specific features or include additional requirements in our software for a particular customer. As such, we cannot contractually commit to an individual customer’s security and privacy requirements, as those may not be consistent with our documented and tested operational procedures. We provide full transparency and visibility regarding our security and privacy standards and you can request access in our Security Portal to all relevant certifications showing compliance with, among others, ISO 27001, ISO 22301, ISO 27017, ISO 27018, ISO 9001, and SOC 2 standards.

As stated above, OutSystems is audited on a regular basis by independent highly reputable audit companies worldwide, and all our customers are able to access our relevant certifications showing compliance with applicable legislation and the industry standards.

If you are a financial or insurance institution or a governmental entity, OutSystems allows audit rights under certain conditions. If you are not any of these companies, OutSystems does not allow audit rights unless such an audit request comes from your supervisory authority or a regulatory or judicial body. All audits must show compliance with OutSystems’ security standards to ensure we do not compromise the confidential information of OutSystems and of our customers.

OutSystems provides warranties to our customers covering the operation of our software in accordance with its documentation, the provision of support services in accordance with our Service Level Agreements, the correction of defects for professional services, and compliance with our security protocols.

We provide unlimited liability and will indemnify you for third party claims that our products or services infringes a copyright or patent. We also provide unlimited liability for any direct damages due to OutSystems’ fraud, gross negligence, or willful misconduct.

For other types of liability, it is a fundamental principle for OutSystems’ business operations that liability be capped in proportion to the amount of fees paid. Our liability cap is in line with standard market practice and reflects a fair risk/investment allocation to guarantee fair and proportionate liability for both parties. Although some customers want to remove this fundamental principle in order to have unlimited liability, this is not commercially viable for OutSystems given the scale of our operations. OutSystems has thousands of customers, and we are committed to supporting all of them for decades, as evidenced by the fact that we have been in business for over twenty years. Our company strives for long-term relationships and having unlimited liability with one customer could put our business at stake and jeopardize the relationship we have with all the remaining ones.

Yes. OutSystems incorporates features powered by AI models designed exclusively to streamline the development and maintenance of customer applications (“AI Features”). For models licensed from third parties, OutSystems maintains enterprise agreements that strictly prohibit the use of OutSystems or customer data for model training or validation.

We prioritize the privacy and security of customer data. Our AI features do not access customer databases or process personal data contained within their applications. Any information analyzed to provide development suggestions is meticulously de-identified to ensure personal data is never exposed.

Our AI ecosystem utilizes a combination of proprietary OutSystems-developed models and third-party providers. All third-party integrations undergo rigorous evaluation by our IT, Legal, and Security teams to mitigate AI-specific risks and ensure robust contractual and security protections are upheld.

OutSystems warrants that it maintains commercially reasonable safeguards to monitor, evaluate, and mitigate risks associated with its AI Features. As these features are strictly intended to support the software development lifecycle, they do not qualify as “high-risk” under the EU AI Act or other applicable regulations. Furthermore, because these features do not require the processing of personal information, they do not adversely impact the rights of any individuals.

You can purchase either one-year or multi-year subscriptions; your decision is our commitment. Once you purchase a subscription, it is non-cancelable and non-refundable. This is because once you buy our product or services, we engage and allocate all the necessary resources to provide the computing, cloud, and operational resources needed to support you over the agreed term. We make those commitments upfront in reliance on your commitment to us for the full subscription term. Additionally, if you purchase a multi-year subscription, we will provide you with predictable and committed pricing.

You can of course oppose the subscription auto renewal at any time by simply sending us an email informing us. Such notice must be sent at least 30 (thirty) days before the end date of your subscription.

You can terminate the subscription prior to its end date if we breach any warranty, material term, or covenant of the MSA and we fail to cure it, or if we become insolvent. We do not permit termination for convenience due to the reasons articulated above.

If you are up to date with the payment terms regarding your current subscription and you inform us in writing before the termination date, you will be able to detach your applications from the OutSystems 11 platform. Detachment consists of the extraction of your application code and your content as detailed in the Documentation. You can learn more about the detachment of your applications here.